Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: BKA Ucash Trojaner ?, abgesicherter Modus geht, OTL LogIns erstellt

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML

Antwort
Alt 11.06.2012, 14:59   #1
Tan Ya
 
BKA Ucash Trojaner ?, abgesicherter Modus geht, OTL LogIns erstellt - Standard

BKA Ucash Trojaner ?, abgesicherter Modus geht, OTL LogIns erstellt



BKA Ucash Trojaner ?, abgesicherter Modus geht, OTL LogIns erstellt

Hilfe. User mit kaum Ahnung. Dazu Betriebssystem auf spanisch...
Habe wohl den BKA Trojaner erwischt. Lt eurer Hilfeanleitung mit Zweitgerät OTl downgeloaded und dann die 2 LogIns erstellt und nach eurem Tipp überall meinen Namen mit XXX ersetzt. Mehr traue ich mich alleine nicht.

(Mein PC hat auch noch diverse andere Macken - Fehlermeldungen wg Programmen, die nicht mehr drauf sind etc. Das sollte alles mein Besuch machen, wenn er demnächst kommt. Aber das nervt nur und stört nicht so richtig, weil trotzdem alles geht (Fehlermeldungen babylon, incredimail, etc. - bitte einfach ignorieren).

Hier jetzt die beiden LogIn-Dateien:OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 11.06.2012 14:19:32 - Run 1
OTL by OldTimer - Version 3.2.48.0     Folder = C:\Users\xxx\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Alemania | Language: DEU | Date Format: dd.MM.yyyy
 
2,75 Gb Total Physical Memory | 2,30 Gb Available Physical Memory | 83,85% Memory free
5,70 Gb Paging File | 5,45 Gb Available in Paging File | 95,64% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144,30 Gb Total Space | 29,21 Gb Free Space | 20,24% Space Free | Partition Type: NTFS
Drive D: | 144,03 Gb Total Space | 125,73 Gb Free Space | 87,29% Space Free | Partition Type: NTFS
Drive F: | 3,72 Gb Total Space | 3,72 Gb Free Space | 99,96% Space Free | Partition Type: FAT32
 
Computer Name: XXX | User Name: XXX | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\xxx\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Archivos de programa\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Archivos de programa\WinRAR\RarExt.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (AntiVirSchedulerService) -- C:\Archivos de programa\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirWebService) -- C:\Archivos de programa\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Archivos de programa\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (SkypeUpdate) -- C:\Archivos de programa\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (sesvc) -- C:\Archivos de programa\ShadowExplorer\sesvc.exe (www.shadowexplorer.com)
SRV - (Symantec Core LC) -- C:\Archivos de programa\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe ()
SRV - (LiveUpdate Notice Service) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
SRV - (WinDefend) -- C:\Archivos de programa\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WMPNetworkSvc) -- C:\Archivos de programa\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (LiveUpdate) -- C:\Archivos de programa\Symantec\LiveUpdate\LuComServer_3_2.EXE (Symantec Corporation)
SRV - (Programador de LiveUpdate automático) -- C:\Archivos de programa\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation)
SRV - (eDataSecurity Service) -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe (HiTRSUT)
SRV - (eRecoveryService) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.)
SRV - (CLCapSvc) CyberLink Background Capture Service (CBCS) -- C:\Acer\Empowering Technology\eMode\PCM\Kernel\TV\CLCapSvc.exe ()
SRV - (CLSched) CyberLink Task Scheduler (CTS) -- C:\Acer\Empowering Technology\eMode\PCM\Kernel\TV\CLSched.exe ()
SRV - (AcerMemUsageCheckService) -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe ()
SRV - (ISPwdSvc) -- c:\Archivos de programa\Norton Internet Security\isPwdSvc.exe (Symantec Corporation)
SRV - (odserv) -- C:\Archivos de programa\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose) -- C:\Archivos de programa\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (LiveUpdate Notice Ex) -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (CLTNetCnService) -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (ccSetMgr) -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (ccEvtMgr) -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (comHost) -- c:\Archivos de programa\Common Files\Symantec Shared\VAScanner\comHost.exe (Symantec Corporation)
SRV - (SymAppCore) -- c:\Archivos de programa\Common Files\Symantec Shared\AppCore\AppSvc32.exe (Symantec Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (NAVEX15) -- C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20080823.004\NAVEX15.SYS File not found
DRV - (NAVENG) -- C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20080823.004\NAVENG.SYS File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (SYMNDISV) -- C:\Windows\System32\drivers\symndisv.sys (Symantec Corporation)
DRV - (SYMTDI) -- C:\Windows\System32\drivers\symtdi.sys (Symantec Corporation)
DRV - (SYMFW) -- C:\Windows\System32\drivers\symfw.sys (Symantec Corporation)
DRV - (SYMIDS) -- C:\Windows\System32\drivers\symids.sys (Symantec Corporation)
DRV - (SYMREDRV) -- C:\Windows\System32\drivers\symredrv.sys (Symantec Corporation)
DRV - (SYMDNS) -- C:\Windows\System32\drivers\symdns.sys (Symantec Corporation)
DRV - (eeCtrl) -- C:\Archivos de programa\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Archivos de programa\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (IDSvix86) -- C:\ProgramData\Symantec\Definitions\SymcData\idsdefs\20080813.001\IDSvix86.sys (Symantec Corporation)
DRV - (SRTSPL) -- C:\Windows\System32\drivers\srtspl.sys (Symantec Corporation)
DRV - (SRTSP) -- C:\Windows\System32\drivers\srtsp.sys (Symantec Corporation)
DRV - (SRTSPX) -- C:\Windows\System32\drivers\srtspx.sys (Symantec Corporation)
DRV - (motmodem) -- C:\Windows\System32\drivers\motmodem.sys (Motorola)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (int15) -- C:\Acer\Empowering Technology\eRecovery\int15.sys ()
DRV - (AtiPcie) ATI PCI Express (3GIO) -- C:\Windows\System32\drivers\AtiPcie.sys (ATI Technologies Inc.)
DRV - (SPBBCDrv) -- C:\Archivos de programa\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.intl.acer.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.intl.acer.yahoo.com
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SEARCH PAGE = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.fuerteventura-live.de/forum/index.php?page=Portal
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - No CLSID value found
IE - HKCU\..\URLSearchHook: {990af1c2-5a27-4460-8149-ecc6bc122af3} - No CLSID value found
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Archivos de programa\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{043C5167-00BB-4324-AF7E-62013FAEDACF}: "URL" = hxxp://vshare.toolbarhome.com/search.aspx?q={searchTerms}&srch=dsp
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=15627
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGIE_es
IE - HKCU\..\SearchScopes\{C58ADC0E-B2F8-44CD-B30D-26AAAAD4C535}: "URL" = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = hxxp://mystart.incredimail.com//?search={searchTerms}&loc=search_box&a=19em3Mi3IF0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = gussander wireless
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=15627"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.startup.homepage: "hxxp://search.avira.com/?l=dis&o=APN10401&gct=hp&dc=EU&locale=de_ES"
FF - prefs.js..extensions.enabledItems: ffxtlbr@babylon.com:1.1.2
FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.6.0.8442
FF - prefs.js..extensions.enabledItems: {990af1c2-5a27-4460-8149-ecc6bc122af3}:3.8.1.0
FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-3&o=APN10401&locale=de_ES&apn_uid=7b878d1a-56fe-44df-a154-4742cb37438b&apn_ptnrs=%5EABZ&apn_sauid=C05B9C42-F1E4-4C0B-B7C1-B8D980BA02ED&apn_dtid=%5EYYYYYY%5EYY%5EES&&q=" 
FF - prefs.js..network.proxy.autoconfig_url: "gussander wireless"
FF - prefs.js..network.proxy.type: 2
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Program Files\TVUPlayer\npTVUAx.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.10.25 18:54:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.28\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.03.15 13:16:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.28\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.03.15 13:16:39 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.10.25 18:54:05 | 000,000,000 | ---D | M]
 
[2009.01.28 20:52:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tanja Kaiser\AppData\Roaming\mozilla\Extensions
[2012.06.10 15:12:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tanja Kaiser\AppData\Roaming\mozilla\Firefox\Profiles\lki1hxt3.default\extensions
[2009.08.16 23:16:03 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\lki1hxt3.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.12.23 13:36:56 | 000,000,000 | ---D | M] (IncrediMail MediaBar Deutsch 2 Community Toolbar) -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\lki1hxt3.default\extensions\{990af1c2-5a27-4460-8149-ecc6bc122af3}
[2011.02.13 00:06:02 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\lki1hxt3.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.01.28 20:23:16 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\lki1hxt3.default\extensions\ffxtlbr@babylon.com
[2011.12.23 13:34:19 | 000,002,187 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\lki1hxt3.default\searchplugins\MyStart Search.xml
[2011.11.04 20:00:44 | 000,000,000 | ---D | M] (No name found) -- C:\Archivos de programa\Mozilla Firefox\extensions
[2011.11.04 20:00:47 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Archivos de programa\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2010.05.22 09:44:06 | 000,000,000 | ---D | M] (Java Console) -- C:\Archivos de programa\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.10.25 18:54:05 | 000,000,000 | ---D | M] (HP Smart Web Printing) -- C:\PROGRAM FILES\HP\DIGITAL IMAGING\SMART WEB PRINTING\MOZILLAADDON3
[2011.11.04 20:00:47 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2009.05.14 18:43:18 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009.08.31 09:47:25 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
[2010.01.08 11:11:28 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
[2010.05.22 09:44:06 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.04.12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011.03.08 12:29:09 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.01.28 20:26:56 | 000,002,226 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2011.03.08 12:29:09 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.03.08 12:29:09 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.03.08 12:29:09 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.03.08 12:29:09 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.52\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.52\gears.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.52\gcswf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.200.2 (Enabled) = C:\PROGRAM FILES\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\PROGRAM FILES\Mozilla Firefox\plugins\nppdf32.dll
CHR - plugin: Java(TM) Platform SE 6 U20 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: TVU Web Player for FireFox (Enabled) = C:\Program Files\TVUPlayer\npTVUAx.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Avira Toolbar = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaangaohdajkgeopjhpbnlpkehbhmbj\7.15.1.0_0\
CHR - Extension: Skype Click to Call = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Archivos de programa\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Archivos de programa\vShare\vshare_toolbar.dll ()
O2 - BHO: (Reg Error: Value error.) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Archivos de programa\Common Files\Symantec Shared\coShared\Browser\1.0\NppBHO.dll (Symantec Corporation)
O2 - BHO: (CescrtHlpr Object) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.15.10\bh\BabylonToolbar.dll File not found
O2 - BHO: (Babylon IE plugin) - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll File not found
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Archivos de programa\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Archivos de programa\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Archivos de programa\vShare\vshare_toolbar.dll ()
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Archivos de programa\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.15.10\BabylonToolbarTlbr.dll File not found
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Archivos de programa\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar mit Pop-Up-Blocker) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Archivos de programa\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O3 - HKCU\..\Toolbar\WebBrowser: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Archivos de programa\vShare\vshare_toolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Archivos de programa\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe ()
O4 - HKLM..\Run: [Acer Tour]  File not found
O4 - HKLM..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (Acer Inc.)
O4 - HKLM..\Run: [Apanel] C:\ACERSW\config\NewSetApanel.cmd File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Babylon Client] C:\Program Files\Babylon\Babylon-Pro\Babylon.exe (Babylon Ltd.)
O4 - HKLM..\Run: [BabylonToolbar] "C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.15.10\BabylonToolbarsrv.exe" /md I File not found
O4 - HKLM..\Run: [ccApp] c:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe (HiTRUST)
O4 - HKLM..\Run: [eRecoveryService]  File not found
O4 - HKLM..\Run: [Google Updater] C:\Program Files\Google\Google Updater\GoogleUpdater.exe (Google)
O4 - HKLM..\Run: [osCheck] c:\Program Files\Norton Internet Security\osCheck.exe (Symantec Corporation)
O4 - HKLM..\Run: [PCMService] C:\Acer\Empowering Technology\eMode\PCM\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
O4 - HKLM..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Acer Tour Reminder]  File not found
O4 - HKCU..\Run: [dwyjifuyohdqees] C:\ProgramData\dwyjifuy.exe ()
O4 - HKCU..\Run: [WMPNSCFG] C:\Archivos de programa\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Tanja Kaiser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Interaktive Sprachreise - Español Newsfeed.lnk = C:\Archivos de programa\digital publishing\FEEDS_12_999999\dpFeeds.exe (digital publishing AG)
O8 - Extra context menu item: E&xportar a Microsoft Excel - C:\Archivos de programa\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Free YouTube Download - C:\Users\Tanja Kaiser\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Archivos de programa\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Translate this web page with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm File not found
O8 - Extra context menu item: Translate with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm File not found
O9 - Extra Button: Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Archivos de programa\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Archivos de programa\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Archivos de programa\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Archivos de programa\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Archivos de programa\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm File not found
O9 - Extra 'Tools' menuitem : Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O13 - gopher Prefix: missing
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Java Plug-in 1.6.0_04)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 80.58.61.250 80.58.61.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A6A73DA6-1DB2-44E6-B93F-59146DE071B8}: DhcpNameServer = 80.58.61.250 80.58.61.254
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Archivos de programa\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Archivos de programa\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Archivos de programa\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Archivos de programa\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Archivos de programa\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Archivos de programa\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\vsharechrome {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Archivos de programa\vShare\vshare_toolbar.dll ()
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Archivos de programa\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\xxx\AppData\Roaming\Microsoft\Windows Photo Gallery\Papel tapiz de Galería fotográfica de Windows.jpg
O24 - Desktop BackupWallPaper: C:\Users\xxx\AppData\Roaming\Microsoft\Windows Photo Gallery\Papel tapiz de Galería fotográfica de Windows.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{17409aa1-3d7b-11dd-87c3-001c2531cfc5}\Shell\AutoRun\command - "" = F:\wyskq6lt.exe
O33 - MountPoints2\{17409aa1-3d7b-11dd-87c3-001c2531cfc5}\Shell\open\Command - "" = F:\wyskq6lt.exe
O33 - MountPoints2\{aca242fc-5db9-11df-a329-001c2531cfc5}\Shell - "" = AutoRun
O33 - MountPoints2\{aca242fc-5db9-11df-a329-001c2531cfc5}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.06.11 14:18:31 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\xxx\Desktop\OTL.exe
[2012.06.11 14:12:35 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\www.shadowexplorer.com
[2012.06.11 14:12:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShadowExplorer
[2012.06.11 14:12:24 | 000,000,000 | ---D | C] -- C:\Program Files\ShadowExplorer
[2012.06.11 01:53:36 | 000,000,000 | ---D | C] -- C:\ProgramData\odurojddncaxkjo
[2012.05.28 14:00:18 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Avira
[2012.05.28 13:58:37 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\AskToolbar
[2012.05.28 13:54:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012.05.28 13:54:14 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com
[2012.05.28 13:53:58 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\APN
[2012.05.28 13:53:46 | 000,137,928 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2012.05.28 13:53:46 | 000,083,392 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2012.05.28 13:53:46 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys
[2012.05.28 13:53:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012.05.28 13:53:41 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[11 C:\Users\Tanja Kaiser\Desktop\*.tmp files -> C:\Users\xxx\Desktop\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.06.11 14:15:41 | 000,662,734 | ---- | M] () -- C:\Windows\System32\perfh00A.dat
[2012.06.11 14:15:41 | 000,595,386 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.06.11 14:15:41 | 000,130,586 | ---- | M] () -- C:\Windows\System32\perfc00A.dat
[2012.06.11 14:15:41 | 000,103,460 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.06.11 14:12:28 | 000,001,686 | ---- | M] () -- C:\Users\xxx\Desktop\ShadowExplorer.lnk
[2012.06.11 14:11:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.06.11 13:46:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.06.11 13:42:08 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.06.11 13:42:04 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.06.11 13:42:04 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.06.11 13:34:56 | 000,007,944 | ---- | M] () -- C:\Users\xxx\AppData\Local\d3d9caps.dat
[2012.06.11 01:54:33 | 000,000,052 | ---- | M] () -- C:\ProgramData\utucpjauvqmcwtg
[2012.06.11 01:53:32 | 000,053,248 | ---- | M] () -- C:\ProgramData\ydeaneri.exe
[2012.06.11 01:53:32 | 000,053,248 | ---- | M] () -- C:\ProgramData\rsivjdvt.exe
[2012.06.11 01:53:32 | 000,053,248 | ---- | M] () -- C:\ProgramData\dwyjifuy.exe
[2012.06.11 01:53:32 | 000,053,248 | ---- | M] () -- C:\Users\xxx\0.8990687729177202.exe
[2012.06.10 14:19:04 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\xxx\Desktop\OTL.exe
[2012.06.10 13:32:01 | 000,000,998 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2012.06.08 20:34:11 | 000,000,522 | ---- | M] () -- C:\Windows\tasks\Norton Internet Security - Análisis de todo el sistema - xxx.job
[2012.05.29 13:31:15 | 000,059,392 | ---- | M] () -- C:\Users\xxx\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.05.13 02:18:49 | 000,166,400 | --S- | M] () -- C:\ProgramData\dvje51x3.dat
[11 C:\Users\Tanja Kaiser\Desktop\*.tmp files -> C:\Users\xxx\Desktop\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.06.11 14:12:28 | 000,001,686 | ---- | C] () -- C:\Users\xxx\Desktop\ShadowExplorer.lnk
[2012.06.11 01:54:33 | 000,053,248 | ---- | C] () -- C:\ProgramData\rsivjdvt.exe
[2012.06.11 01:54:33 | 000,053,248 | ---- | C] () -- C:\ProgramData\dwyjifuy.exe
[2012.06.11 01:53:32 | 000,053,248 | ---- | C] () -- C:\ProgramData\ydeaneri.exe
[2012.06.11 01:53:32 | 000,053,248 | ---- | C] () -- C:\Users\xxx\0.8990687729177202.exe
[2012.06.11 01:53:32 | 000,000,052 | ---- | C] () -- C:\ProgramData\utucpjauvqmcwtg
[2012.05.13 02:18:47 | 000,166,400 | --S- | C] () -- C:\ProgramData\dvje51x3.dat
[2012.04.01 01:08:44 | 000,000,000 | ---- | C] () -- C:\Windows\WinInit.ini
[2011.10.14 12:02:21 | 000,000,127 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2011.01.21 12:30:06 | 000,311,296 | ---- | C] () -- C:\Windows\System32\EMRegSys.dll
[2010.10.25 18:49:42 | 000,182,717 | ---- | C] () -- C:\Windows\hpoins36.dat.temp
[2010.10.25 18:49:41 | 000,000,652 | ---- | C] () -- C:\Windows\hpomdl36.dat.temp
[2010.10.25 18:38:35 | 000,182,835 | ---- | C] () -- C:\Windows\hpoins36.dat

< End of report >
         
--- --- ---
und der zweite teil:OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 11.06.2012 14:19:32 - Run 1
OTL by OldTimer - Version 3.2.48.0     Folder = C:\Users\xxx\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Alemania | Language: DEU | Date Format: dd.MM.yyyy
 
2,75 Gb Total Physical Memory | 2,30 Gb Available Physical Memory | 83,85% Memory free
5,70 Gb Paging File | 5,45 Gb Available in Paging File | 95,64% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144,30 Gb Total Space | 29,21 Gb Free Space | 20,24% Space Free | Partition Type: NTFS
Drive D: | 144,03 Gb Total Space | 125,73 Gb Free Space | 87,29% Space Free | Partition Type: NTFS
Drive F: | 3,72 Gb Total Space | 3,72 Gb Free Space | 99,96% Space Free | Partition Type: FAT32
 
Computer Name: XXX | User Name: XXX | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1"
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1"
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Acer\Empowering Technology\eDataSecurity\eDSfsu.exe" = C:\Acer\Empowering Technology\eDataSecurity\eDSfsu.exe:*:Enabled:eDSfsu -- (Acer Inc.)
"C:\Acer\Empowering Technology\eDataSecurity\encryption.exe" = C:\Acer\Empowering Technology\eDataSecurity\encryption.exe:*:Enabled:encryption -- (HiTRUST)
"C:\Acer\Empowering Technology\eDataSecurity\decryption.exe" = C:\Acer\Empowering Technology\eDataSecurity\decryption.exe:*:Enabled:decryption -- (HiTRUST)
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05BE1283-EDDD-4ACB-B015-C05E912CCD79}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe | 
"{0988FC72-1033-4649-AFE6-4289CA5748FE}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{14D4D984-3E89-4063-929D-EF22317C5F98}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe | 
"{24E6391C-50A1-46CE-A152-6CF0BA59B1A5}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe | 
"{3B9878A5-4421-4AD3-9279-0C0D35D0BF6A}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{470FB55F-1842-4A0F-8A5B-90A717EE7C5E}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe | 
"{53EA13E1-D1D7-42E0-8832-D46EE789BABB}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe | 
"{5DBDA725-38F0-4055-B403-40C0A7BC953D}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{8008DB18-522F-4586-9B3F-4E92812679E6}" = protocol=17 | dir=in | app=c:\acer\empowering technology\emode\pcm\pcmservice.exe | 
"{8458BDE3-CDF3-4973-80A8-4BE6D1C9C1FA}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe | 
"{A10DAAA9-A4CF-4CC8-9FD9-83B408313DB2}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe | 
"{A7B95F1F-8FA5-4149-B61B-E27AA8894896}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{B4B96964-3EB5-40B4-A61E-D498D3494729}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe | 
"{BEDD1ABA-1FFD-4C46-9AE2-198C0CE9D7BF}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{BF813773-44AD-43BB-B1E9-EDCDB21E01DD}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe | 
"{C3F2B0C8-329F-405B-B802-E883004CE7E8}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe | 
"{C8EC2962-E51C-40D0-8406-7E51C18329BD}" = protocol=6 | dir=in | app=c:\acer\empowering technology\emode\pcm\pcmservice.exe | 
"{C8F4EF3C-35CB-4D84-8193-0A787CD7D408}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe | 
"{E74B3A15-FC03-460D-BB5E-8936F0473769}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe | 
"{F6B5A8B4-1362-4CA5-82CA-814B5E8CAA2A}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe | 
"{F8017F41-2FAC-41A2-8DA5-CF8F2E43395E}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{FB3AA94D-AF8A-4D14-8212-C21C6786BB9B}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00405945-70C1-4B1D-9A3C-45A2883366AF}" = PS_AIO_05_C4600_Software_Min
"{021661E0-C377-C87B-9583-E0A69E61A489}" = Catalyst Control Center Localization Thai
"{023387B5-AF74-D690-D2C6-C8D474597284}" = CCC Help Polish
"{042B8532-E27C-C06E-A8F5-71F36B98B2DE}" = Catalyst Control Center Localization Portuguese
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{07AE9F43-360F-7412-577B-2B4B73E5EAB9}" = CCC Help Hungarian
"{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller
"{0878E100-C0BB-41E8-B4C6-C486B61FDA7B}" = Canon PhotoRecord
"{0C09E020-9996-4E1C-9839-97DA8F9C8D6B}" = CCC Help Danish
"{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{1861D449-590B-71F5-2C62-21730731FC4C}" = ccc-utility
"{21565317-7E58-CEED-E5BE-6916533442F4}" = Catalyst Control Center Localization Czech
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{2224B408-E7E4-15CF-0674-EC7C36D68741}" = Catalyst Control Center Localization Hungarian
"{236D1288-99DB-C3D6-D132-EDE6317BF619}" = CCC Help Japanese
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer eMode Management
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 20
"{26BDE7D8-93F0-4A07-AD47-1707DB417941}" = Camera Support Core Library
"{29205904-A7A8-4545-0001-697935602C90}" = SimplyGoodPictures
"{2AABA091-41DF-D0D3-83F8-0133F8C7AA97}" = Catalyst Control Center Localization Swedish
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2F81FBFC-9A37-431F-9050-14B55485DF5A}" = Internet Library
"{317DE552-B622-0DD2-4E7E-28400D64C100}" = Catalyst Control Center Localization Dutch
"{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java(TM) 6 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java(TM) 6 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}" = ccCommon
"{4160DC5B-4C56-D0C3-C5FD-F5BDAD3C882B}" = ATI Catalyst Install Manager
"{42DF661F-6351-B582-DE2C-B8C46B30303F}" = CCC Help Dutch
"{43721D86-16D1-46BF-8353-37CD82333BC3}" = OpenOffice.org 2.4
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{44C81D1A-0520-49BB-B510-98B8DD414EA1}" = HP Photosmart C4600 All-In-One Driver Software 13.0 Rel .5
"{48185814-A224-447A-81DA-71BD20580E1B}" = Norton Internet Security
"{4843B611-8FCB-4428-8C23-31D0A5EAE164}" = Norton Confidential Browser Component
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4F5641C5-409C-7E5A-A2F9-B6D00A190B55}" = Catalyst Control Center Graphics Previews Vista
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}" = Norton Internet Security
"{5EA96EEF-4E57-C1F0-6A06-088191FE110C}" = CCC Help Thai
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{67ADE9AF-5CD9-4089-8825-55DE4B366799}" = NTI Backup NOW! 4.7
"{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting
"{68E7E8BD-2233-49BE-81D6-1A1FAF1B5196}" = RAW Image Task 1.1
"{697CAA90-EB0D-4383-8AC4-D4A9D767C615}" = SymNet
"{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}" = Apple Application Support
"{6B73D186-ED5C-6EB1-96EE-8F866269243C}" = Catalyst Control Center Localization Danish
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{7007D9E6-F820-CFEA-EB87-9C9377A967F7}" = CCC Help Swedish
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{710EA46C-2A49-F39A-5EC7-3884DC5329D7}" = Catalyst Control Center Localization Spanish
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{74AF0F2A-A87D-B6B7-6671-61B53F98254B}" = Catalyst Control Center Localization Turkish
"{760F3E42-B1E4-5324-4C4A-0459C8938B6A}" = Catalyst Control Center Localization Italian
"{7760B7DD-C922-C286-AB6C-2E06B32C1D4F}" = Catalyst Control Center Graphics Full Existing
"{77772678-817F-4401-9301-ED1D01A8DA56}" = SPBBC 32bit
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7B63B2922B174135AFC0E1377DD81EC2}" = 
"{7CDD7C4C-5224-40E4-951F-51C12FEAB8AB}" = C4600
"{80DDC39C-8CB5-49de-9748-36C990922110}" = Microsoft Works
"{830D8CBD-C668-49e2-A969-C2C2106332E0}" = Norton AntiVirus
"{837F9742-DCC8-3FF4-5066-E11E48EE2391}" = Catalyst Control Center Localization Korean
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{86861408-CB40-247E-B851-608792116658}" = CCC Help Norwegian
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{86E71966-9EE0-9AD3-2C17-FC3A0B8BB810}" = Catalyst Control Center Localization Chinese Standard
"{8BCA7792-CF78-46C6-66A7-EB9A8F0FB0A2}" = Catalyst Control Center Localization Russian
"{8C42C789-B0EF-3226-9069-D1956B220B38}" = Catalyst Control Center Localization Greek
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0016-0C0A-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Spanish) 2007
"{90120000-0018-0C0A-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Spanish) 2007
"{90120000-001B-0C0A-0000-0000000FF1CE}" = Microsoft Office Word MUI (Spanish) 2007
"{90120000-001F-0403-0000-0000000FF1CE}" = Microsoft Office Proof (Catalan) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0416-0000-0000000FF1CE}" = Microsoft Office Proof (Portuguese (Brazil)) 2007
"{90120000-001F-042D-0000-0000000FF1CE}" = Microsoft Office Proof (Basque) 2007
"{90120000-001F-0456-0000-0000000FF1CE}" = Microsoft Office Proof (Galician) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0C0A-0000-0000000FF1CE}" = Microsoft Office Proofing (Spanish) 2007
"{90120000-006E-0C0A-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Spanish) 2007
"{90120000-00A1-0C0A-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Spanish) 2007
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{92E4A65F-7007-3357-A69A-167F71A337BD}" = Microsoft .NET Framework 3.5 Language Pack SP1 - esn
"{94389919-B0AA-4882-9BE8-9F0B004ECA35}" = Acer Tour
"{95B012AD-3A4A-31D7-9167-5D07D2A71F47}" = Microsoft .NET Framework 4 Client Profile ESN Language Pack
"{9A129ABC-A53A-4209-A21E-D5DEDFB7CCA8}" = Norton Protection Center
"{9BE1CAAF-31C0-6B2A-45EE-7761FDEFC806}" = ccc-core-static
"{9C353B52-07E4-07A7-B95F-392D8AA37210}" = Catalyst Control Center Localization Japanese
"{9DBB76DD-812B-26E9-C681-B7CD2DA27A78}" = CCC Help French
"{9F96AFEF-28F1-2479-1D6A-33F8D4A7BF11}" = CCC Help Chinese Standard
"{A10FCB8E-F4C3-0C5E-4FFC-8C9A560095A8}" = CCC Help Russian
"{A6038CD2-72AF-2C0A-C1A3-93D360F5A889}" = CCC Help Korean
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.7 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AE223864-BFA1-1F17-49B2-13C8971DACA2}" = Catalyst Control Center Localization German
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{AEEAE013-92F1-4515-B278-139F1A692A36}" = Acer eDataSecurity Management
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B22D8435-CB77-849A-B9AE-D1737A073914}" = Catalyst Control Center Localization Polish
"{B34BE30D-A759-4EC2-B58F-19FE2DEBF651}" = Camera Window
"{B3BA8D55-5397-6712-1B6C-5A8849AF19F5}" = Catalyst Control Center Core Implementation
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{B7C61755-DB48-4003-948F-3D34DB8EAF69}" = MSRedist
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C1722D10-8C05-B66D-A160-7C2CFF589176}" = Catalyst Control Center Graphics Light
"{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}" = Canon Utilities ZoomBrowser EX
"{C237CF8F-85CD-4208-8A29-67EDEBAB9EF6}" = Symantec Real Time Storage Protection Component
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C485A66D-3521-20E8-2A7B-F060B1773491}" = Catalyst Control Center Localization French
"{C75CDBA2-3C86-481e-BD10-BDDA758F9DFF}" = hpPrintProjects
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CD1C40A4-2836-1911-673E-18572FD2B62A}" = Catalyst Control Center Graphics Full New
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe  1.4.142.1
"{CF2C1A86-5A98-4862-A3AE-9992E3A6427D}" = RemoteCapture Task 1.0.3
"{CF6FE5A8-1338-188F-35B3-8372FA31D822}" = Skins
"{D353CC51-430D-4C6F-9B7E-52003DA1E05A}" = Norton Confidential Web Protection Component
"{D462BF9E-0C35-4705-BF9B-3DF9F3816643}" = Acer ePerformance Management
"{D5E905F1-7657-7B1E-E5BD-2C69C89C8ABE}" = CCC Help Italian
"{D6DB00A1-4BCC-AB1B-24C2-0999BDA43D85}" = CCC Help Greek
"{D7D4DB0F-9070-AED1-D2F4-D11BD42C7588}" = CCC Help Chinese Traditional
"{D7F01E28-9D36-F8EC-872F-9FD71792F858}" = CCC Help Finnish
"{DA6AB13B-4D72-6EBB-AA4D-656CE9C0E512}" = CCC Help English
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{DE286975-ACF1-45B8-9EF7-34E162B2C817}" = MovieEdit Task
"{DF59BA36-54DC-6BB4-FCED-C9B9F2BCB4AE}" = CCC Help Spanish
"{E0325EFE-9D02-0F1E-7306-F4D95979715A}" = Catalyst Control Center Localization Chinese Traditional
"{E3723A04-A894-4036-A78E-282E18F43C0A}_is1" = Tinypic 3.14
"{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}" = Norton Internet Security
"{E5EE9939-259F-4DE2-8023-5C49E16A4F43}" = Norton Internet Security
"{E63AA3F4-5647-0BC8-24FC-F40CFE56B579}" = Catalyst Control Center Localization Norwegian
"{E6541F6A-3D2D-30E5-57F9-4DD411C2E4F0}" = CCC Help German
"{E720B248-D9F5-5E20-8E72-3E419D45D703}" = Catalyst Control Center Localization Finnish
"{E8E32E53-18F7-095E-CC75-F77E412F1AD9}" = CCC Help Portuguese
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{EF4C7EB0-D71B-43A3-9552-8053DE4B0401}" = PhotoStitch
"{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}" = AppCore
"{F09030B7-7B8A-30DE-539B-607C9B1831DB}" = CCC Help Czech
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4DB525F-A986-4249-B98B-42A8066251CA}" = AV
"{F76D7388-A433-E572-4718-CD3421738166}" = CCC Help Turkish
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"ATI Uninstaller" = ATI Uninstaller
"Avira AntiVir Desktop" = Avira Free Antivirus
"AVS Audio Converter_is1" = AVS Audio Converter version 7
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"CHAMP Professional" = CHAMP Professional
"DivX Setup.divx.com" = DivX-Setup
"Free YouTube Download_is1" = Free YouTube Download version 2.10.31
"Google Chrome" = Google Chrome
"Google Updater" = Google Updater
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Print Projects" = HP Print Projects 1.0
"HP Smart Web Printing" = HP Smart Web Printing 4.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{26BDE7D8-93F0-4A07-AD47-1707DB417941}" = Canon Camera Support Core Library
"InstallShield_{2F81FBFC-9A37-431F-9050-14B55485DF5A}" = Canon Internet Library for ZoomBrowser EX
"InstallShield_{68E7E8BD-2233-49BE-81D6-1A1FAF1B5196}" = Canon RAW Image Task for ZoomBrowser EX
"InstallShield_{B34BE30D-A759-4EC2-B58F-19FE2DEBF651}" = Canon Camera Window for ZoomBrowser EX
"InstallShield_{CF2C1A86-5A98-4862-A3AE-9992E3A6427D}" = Canon RemoteCapture Task for ZoomBrowser EX
"InstallShield_{DE286975-ACF1-45B8-9EF7-34E162B2C817}" = Canon MovieEdit Task for ZoomBrowser EX
"InstallShield_{EF4C7EB0-D71B-43A3-9552-8053DE4B0401}" = Canon Utilities PhotoStitch 3.1
"LingoPad_is1" = LingoPad 2.5.1 (Build 325)
"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
"Microsoft .NET Framework 3.5 Language Pack SP1 - esn" = Paquete de idioma de Microsoft .NET Framework 3.5 SP1 - esn
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile ESN Language Pack" = Paquete de idioma de Microsoft .NET Framework 4 Client Profile ESN
"Mozilla Firefox (3.6.28)" = Mozilla Firefox (3.6.28)
"ShadowExplorer_is1" = ShadowExplorer 0.8
"SymSetup.{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}" = Norton Internet Security (Symantec Corporation)
"Trillian" = Trillian
"UseNeXT_is1" = UseNeXT
"VLC media player" = VLC media player 1.1.11
"vShare" = vShare Plugin
"Winamp" = Winamp
"WinRAR archiver" = WinRAR
"Yahoo! Companion" = Yahoo! Toolbar mit Pop-Up-Blocker
"Yahoo! Toolbar" = Yahoo! Toolbar
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Avira SearchFree Toolbar plus Web Protection Updater
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 03.06.2012 19:19:44 | Computer Name = xxx | Source = Application Error | ID = 1000
Description = Aplicación con errores iexplore.exe, versión 9.0.8112.16421, marca
 de hora 0x4d76255d, módulo con errores ntdll.dll, versión 6.0.6002.18541, marca
 de tiempo 0x4ec3e3d5, código de excepción 0xc0000374, desplazamiento con errores
 0x000b06b7,  Id. de proceso 0x1118, hora de inicio de la aplicación 0x01cd41ce8dfb93ae.
 
Error - 05.06.2012 20:52:27 | Computer Name = xxx | Source = EventSystem | ID = 4621
Description = 
 
Error - 08.06.2012 21:53:36 | Computer Name = xxx | Source = EventSystem | ID = 4621
Description = 
 
Error - 09.06.2012 21:17:39 | Computer Name = xxx | Source = EventSystem | ID = 4621
Description = 
 
Error - 10.06.2012 21:08:40 | Computer Name = xxx | Source = Application Hang | ID = 1002
Description = El programa dwyjifuy.exe, versión 0.0.0.0, dejó de interactuar con
 Windows y se cerró. Para ver si hay más información disponible acerca del problema,
 compruebe el historial de problemas en el panel de control de Informes de problemas
 y soluciones.  Id. de proceso: 5e4  Hora de inicio: 01cd476e7acf4ef4  Hora de finalización:
 30888
 
Error - 10.06.2012 21:26:34 | Computer Name = xxx | Source = Application Hang | ID = 1002
Description = El programa dwyjifuy.exe, versión 0.0.0.0, dejó de interactuar con
 Windows y se cerró. Para ver si hay más información disponible acerca del problema,
 compruebe el historial de problemas en el panel de control de Informes de problemas
 y soluciones.  Id. de proceso: 5ac  Hora de inicio: 01cd4770d355f58e  Hora de finalización:
 60000
 
Error - 10.06.2012 21:39:25 | Computer Name = xxx | Source = Application Hang | ID = 1002
Description = El programa dwyjifuy.exe, versión 0.0.0.0, dejó de interactuar con
 Windows y se cerró. Para ver si hay más información disponible acerca del problema,
 compruebe el historial de problemas en el panel de control de Informes de problemas
 y soluciones.  Id. de proceso: a58  Hora de inicio: 01cd477215f92bf7  Hora de finalización:
 45453
 
Error - 11.06.2012 08:05:57 | Computer Name = xxx | Source = Application Hang | ID = 1002
Description = El programa dwyjifuy.exe, versión 0.0.0.0, dejó de interactuar con
 Windows y se cerró. Para ver si hay más información disponible acerca del problema,
 compruebe el historial de problemas en el panel de control de Informes de problemas
 y soluciones.  Id. de proceso: 3b8  Hora de inicio: 01cd47c917731764  Hora de finalización:
 4
 
Error - 11.06.2012 08:22:00 | Computer Name = xxx | Source = EventSystem | ID = 4609
Description = 
 
Error - 11.06.2012 09:11:37 | Computer Name =  xxx| Source = EventSystem | ID = 4609
Description = 
 
Error - 11.06.2012 09:12:36 | Computer Name = xxx | Source = VSS | ID = 18
Description = 
 
[ System Events ]
Error - 11.06.2012 08:34:47 | Computer Name = xxx | Source = DCOM | ID = 10005
Description = 
 
Error - 11.06.2012 08:45:08 | Computer Name = xxx | Source = Service Control Manager | ID = 7024
Description = 
 
Error - 11.06.2012 09:11:22 | Computer Name = xxx | Source = EventLog | ID = 6008
Description = El cierre anterior del sistema a las 14:09:42 del 11.06.2012 resultó
 inesperado.
 
Error - 11.06.2012 09:11:31 | Computer Name = xxx | Source = DCOM | ID = 10005
Description = 
 
Error - 11.06.2012 09:11:37 | Computer Name = xxx | Source = DCOM | ID = 10005
Description = 
 
Error - 11.06.2012 09:11:55 | Computer Name = xxx | Source = DCOM | ID = 10005
Description = 
 
Error - 11.06.2012 09:12:36 | Computer Name = xxx | Source = DCOM | ID = 10005
Description = 
 
Error - 11.06.2012 09:12:49 | Computer Name = xxx | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 11.06.2012 09:12:49 | Computer Name = xxx | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 11.06.2012 09:31:49 | Computer Name = xxx | Source = DCOM | ID = 10005
Description = 
 
 
< End of report >
         
--- --- ---

Geändert von Tan Ya (11.06.2012 um 15:07 Uhr)

Alt 13.06.2012, 13:19   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
BKA Ucash Trojaner ?, abgesicherter Modus geht, OTL LogIns erstellt - Standard

BKA Ucash Trojaner ?, abgesicherter Modus geht, OTL LogIns erstellt



Zitat:
Das sollte alles mein Besuch machen, wenn er demnächst kommt.
Was soll das konkret heißen?
Dein Besucher macht genau was?
__________________

__________________

Alt 13.06.2012, 17:16   #3
Tan Ya
 
BKA Ucash Trojaner ?, abgesicherter Modus geht, OTL LogIns erstellt - Standard

BKA Ucash Trojaner ?, abgesicherter Modus geht, OTL LogIns erstellt



"Besuch macht das" soll einfach heissen, dass die zusätzlichen, kleinen Probleme bei euch unbeachtet bleiben können!!!

Da ich nicht genau verstehe, was denn alles in der otl-datei steht, dachte ich mir, ich schreib dazu, dass mein Problem NUR der TRojaner ist, auch wenn der Rest ebenfalls "unordentlich" ist.

Ich wollte einfach niemanden zuviel Arbeit machen . Sorry, wenn es komplizierter klingt, als es ist.

Habe es übrigens gestern im abgesicherten Modus geschafft, den PC auf einen Stand von vor einigen Tagen zurück zu setzen. Jetzt läuft er wieder. Ist damit mein Trojaner-Problem schon beseitigt???
__________________

Alt 13.06.2012, 20:38   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
BKA Ucash Trojaner ?, abgesicherter Modus geht, OTL LogIns erstellt - Standard

BKA Ucash Trojaner ?, abgesicherter Modus geht, OTL LogIns erstellt



Bitte erstmal routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Die Funde mit Malwarebytes bitte alle entfernen, sodass sie in der Quarantäne von Malwarebytes aufgehoben werden! NICHTS voreilig aus der Quarantäne entfernen!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset





Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 15.06.2012, 15:42   #5
Tan Ya
 
BKA Ucash Trojaner ?, abgesicherter Modus geht, OTL LogIns erstellt - Standard

BKA Ucash Trojaner ?, abgesicherter Modus geht, OTL LogIns erstellt



hallo arne,

danke für die schnellen reaktionen.
mein nachbar hat alles hingekriegt.
super, weil ich schon bei "malwarebytes aktualisieren" wieder ausgestiegen war...

ich finds klasse, was ihr hier macht, auch wenn es für mich immer noch zu schwer ist. trotzdem ganz ernsthaft DANKE!!!

lg,
tan ya


Alt 15.06.2012, 17:13   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
BKA Ucash Trojaner ?, abgesicherter Modus geht, OTL LogIns erstellt - Standard

BKA Ucash Trojaner ?, abgesicherter Modus geht, OTL LogIns erstellt



Zitat:
super, weil ich schon bei "malwarebytes aktualisieren" wieder ausgestiegen war...
Deswegen haben wir ja Anleitungen und Malwarebytes aktualisieren ist nur ein Knopfdruck
__________________
--> BKA Ucash Trojaner ?, abgesicherter Modus geht, OTL LogIns erstellt

Alt 16.06.2012, 01:24   #7
Tan Ya
 
BKA Ucash Trojaner ?, abgesicherter Modus geht, OTL LogIns erstellt - Standard

BKA Ucash Trojaner ?, abgesicherter Modus geht, OTL LogIns erstellt



Ja.
Ist mir schon klar.
Aber, Arne, es ist so viel einfacher, einen netten Nachbarn zu bitten, wenn man eine Frau ist... einen tiefen Augenaufschlag, einen selbstgemachten Kuchen anbieten und schon wird dem kleinen Frauchen geholfen...
Ich lebe im Macholand Spanien und freu mich über das noch funktionierende Rollenverhalten!

Trotzdem - danke!

Wenn mein Nachbar das nächste Mal keine Zeit hat, nehm ich mir selbige und pfriemel mich durch alle Anleitungen, die mir jetzt böhmische Dörfer sind.
Versprochen!

Gruss, Tan Ya

Antwort

Themen zu BKA Ucash Trojaner ?, abgesicherter Modus geht, OTL LogIns erstellt
32 bit, autorun, avira, avira searchfree toolbar, babylon toolbar, babylontoolbar, bho, bka bundeskriminalamt virus, canon, defender, error, excel, explorer, firefox, flash player, format, google earth, helper, home, iexplore.exe, install.exe, logfile, microsoft office word, monitor, ntdll.dll, object, plug-in, pop-up-blocker, popup, realtek, registry, rundll, scan, searchscopes, software, symantec, trojaner, ucash 100 euro, usenext, vista



Ähnliche Themen: BKA Ucash Trojaner ?, abgesicherter Modus geht, OTL LogIns erstellt


  1. GVU-Trojaner abgesicherter Modus in Win 7 geht nicht
    Plagegeister aller Art und deren Bekämpfung - 01.05.2014 (13)
  2. GVU Trojaner WinXP Abgesicherter Modus geht nicht
    Log-Analyse und Auswertung - 26.11.2013 (7)
  3. gvu trojaner - abgesicherter modus geht nicht
    Plagegeister aller Art und deren Bekämpfung - 23.10.2013 (2)
  4. GVU Trojaner - Kein abgesicherter Modus geht nicht
    Plagegeister aller Art und deren Bekämpfung - 20.10.2013 (3)
  5. Windows 7, BKA- GVU-Trojaner, Sperrbildschirm, Abgesicherter Modus geht.
    Log-Analyse und Auswertung - 14.09.2013 (7)
  6. Windows XP: GVU Trojaner, abgesicherter Modus geht nicht
    Plagegeister aller Art und deren Bekämpfung - 06.09.2013 (3)
  7. GVU Trojaner - Abgesicherter Modus geht nicht
    Log-Analyse und Auswertung - 27.07.2013 (15)
  8. GVU Trojaner - Abgesicherter Modus geht nicht
    Plagegeister aller Art und deren Bekämpfung - 08.07.2013 (13)
  9. GVU Trojaner (abgesicherter modus geht nicht)
    Plagegeister aller Art und deren Bekämpfung - 21.06.2013 (38)
  10. GVU-Trojaner Win7 32Bit (Abgesicherter Modus geht nicht)
    Plagegeister aller Art und deren Bekämpfung - 17.06.2013 (49)
  11. BKA Virus Abgesicherter Modus mit Bluescreen otl.txt extras.txt erstellt
    Log-Analyse und Auswertung - 11.06.2013 (5)
  12. GVU Trojaner abgesicherter Modus geht nicht
    Log-Analyse und Auswertung - 30.05.2013 (5)
  13. GVU-Trojaner blockt PC - abgesicherter Modus geht nicht
    Plagegeister aller Art und deren Bekämpfung - 21.05.2013 (7)
  14. GVU Trojaner - F8 abgesicherter Modus geht nicht
    Plagegeister aller Art und deren Bekämpfung - 10.03.2013 (4)
  15. WinVista: GVU-Trojaner, Version 2.10, kein Abgesicherter Modus möglich gewesen, Logfiles bereits erstellt
    Log-Analyse und Auswertung - 29.12.2012 (35)
  16. Desktop mit BKA, 100€, Videos, ucash, nur noch abgesicherter Modus
    Plagegeister aller Art und deren Bekämpfung - 08.08.2012 (13)
  17. Suisa Trojaner - abgesicherter Modus geht noch
    Plagegeister aller Art und deren Bekämpfung - 25.05.2012 (1)

Zum Thema BKA Ucash Trojaner ?, abgesicherter Modus geht, OTL LogIns erstellt - BKA Ucash Trojaner ?, abgesicherter Modus geht, OTL LogIns erstellt Hilfe. User mit kaum Ahnung. Dazu Betriebssystem auf spanisch... Habe wohl den BKA Trojaner erwischt. Lt eurer Hilfeanleitung mit Zweitgerät - BKA Ucash Trojaner ?, abgesicherter Modus geht, OTL LogIns erstellt...
Archiv
Du betrachtest: BKA Ucash Trojaner ?, abgesicherter Modus geht, OTL LogIns erstellt auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.