Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Ukash 100€ Bundestrojaner Windows Vista sp 2

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 17.03.2012, 12:32   #1
Yuumura
 
Ukash 100€ Bundestrojaner Windows Vista sp 2 - Standard

Ukash 100€ Bundestrojaner Windows Vista sp 2



Hi,

Ich habe seit heute morgen diesen Virus/Trojaner auf meinem Notebook.

Ich besitze folgende Einschränkungen: Kein internetzugang mehr (konnte Malware trotzdem auf aktuelle Datenbank patchen)

und lediglich abgesicherter Modus funktioniert (bin an meinem Notebook zur Zeit mit zusätzlichen Netzwerktreibern und abgesicherten MOdus dran - online bin ich gerade über einen Computer)

Ich habe mich hier natürlich ein wenig informiert. Ich habe zunächst Malwarebytes installiert und ausgeführt (ohne aktualisierte Datenbank)

und den Trojaner entfernt. Er hiess sdvhalp.exe (oder so ähnlich..) und dachte damit wär das Problem erledigt. Malwarebyte wollte einen reboot nach dem entfernen der bösartigen software und ich wusste nicht, ob ich wieder in den abgesicherten Modus sollte oder ins normale WIndows.

Ich bin in das normale WIndows und hatte wieder das Problem mit der BKA Meldung etc...

Dann bin ich wieder in den ABgesicherten Modus (jetzt ging für eine kurze Zeit das Internet womit ich Malwarebyte aktualisiert habe, jetzt geht das Internet wieder nicht mehr...) und habe OBL gestartet mit den standart einstellungen. Allerdings hat OTL nichts gefunden...

Ich habe jetzt einen neuen DUrchlauf mit Malware und aktualisierter Datenbank gestartet der zur Zeit noch läuft...

Hier die Logs die ich bisher mit OTL bekommen habe (wäre nett wenn mir einer sagen könnte wo malwarebyte seine Logs speichert, würde ich auch gerne hier posten aber finde es nicht im installationordner von Malwarebyte):OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 17.03.2012 11:57:00 - Run 1
OTL by OldTimer - Version 3.2.38.0     Folder = F:\
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 2,13 Gb Available Physical Memory | 71,18% Memory free
6,18 Gb Paging File | 5,49 Gb Available in Paging File | 88,91% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222,79 Gb Total Space | 10,49 Gb Free Space | 4,71% Space Free | Partition Type: NTFS
Drive D: | 10,00 Gb Total Space | 1,75 Gb Free Space | 17,50% Space Free | Partition Type: NTFS
Drive F: | 1,89 Gb Total Space | 1,44 Gb Free Space | 76,32% Space Free | Partition Type: FAT
 
Computer Name: KAIZ-PC | User Name: kaiz | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.03.17 10:23:46 | 000,594,944 | ---- | M] (OldTimer Tools) -- F:\OTL.exe
PRC - [2012.03.14 14:43:26 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2012.01.13 14:53:16 | 000,981,680 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2011.05.28 07:09:21 | 000,638,232 | ---- | M] (Microsoft Corporation) -- C:\Programme\Internet Explorer\iexplore.exe
PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.03.16 17:29:59 | 000,181,656 | ---- | M] () -- C:\Users\kaiz\AppData\Roaming\01015\components\AcroFF015.dll
MOD - [2012.03.14 14:43:26 | 001,014,744 | ---- | M] () -- C:\Programme\Mozilla Firefox\js3250.dll
MOD - [2011.06.12 13:42:56 | 006,271,136 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012.01.13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.06.07 16:53:33 | 003,246,040 | ---- | M] (Acronis) [Auto | Stopped] -- C:\Programme\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
SRV - [2011.05.24 22:18:02 | 000,805,032 | ---- | M] (Acronis) [Auto | Stopped] -- C:\Programme\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2010.12.08 14:31:06 | 000,628,736 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010.04.16 16:10:58 | 000,036,864 | ---- | M] (Realtek) [Auto | Stopped] -- C:\Programme\Realtek\11n USB Wireless LAN Utility\RtlService.exe -- (Realtek11nSU)
SRV - [2008.11.04 00:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008.10.25 10:44:08 | 000,065,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2008.08.21 20:41:32 | 002,405,776 | ---- | M] (Check Point Software Technologies LTD) [Auto | Stopped] -- C:\Windows\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2008.07.29 09:11:00 | 000,071,512 | ---- | M] (O2Micro International) [Auto | Stopped] -- C:\Windows\System32\drivers\o2flash.exe -- (o2flash)
SRV - [2008.02.04 13:47:00 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) [Auto | Stopped] -- C:\Windows\System32\AERTSrv.exe -- (AERTFilters)
SRV - [2008.01.21 03:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2006.10.26 13:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\splitcam.sys -- (SPLITCAM)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2012.03.17 11:50:27 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2011.12.20 03:46:50 | 000,021,504 | ---- | M] (hxxp://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\libusb0.sys -- (libusb0)
DRV - [2011.12.10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011.06.07 16:53:35 | 000,167,968 | ---- | M] (Acronis) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\afcdp.sys -- (afcdp)
DRV - [2011.06.07 16:53:26 | 000,752,128 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tdrpm273.sys -- (tdrpman273) Acronis Try&Decide and Restore Points filter (build 273)
DRV - [2011.06.07 16:53:16 | 000,600,928 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\timntr.sys -- (timounter)
DRV - [2011.06.07 16:52:48 | 000,170,528 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\snapman.sys -- (snapman)
DRV - [2011.03.30 09:37:21 | 000,218,688 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2010.11.05 11:13:08 | 000,541,800 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rtl8192su.sys -- (RTL8192su)
DRV - [2009.01.20 14:36:12 | 000,018,424 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\bcm42rly.sys -- (BCM42RLY)
DRV - [2008.08.26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008.08.21 20:42:58 | 000,294,288 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\System32\drivers\vsdatant.sys -- (Vsdatant)
DRV - [2008.07.29 09:10:14 | 000,051,288 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\o2media.sys -- (O2MDRDR)
DRV - [2008.06.12 08:28:56 | 000,043,608 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\o2sd.sys -- (O2SDRDR)
DRV - [2008.02.14 17:44:00 | 000,106,496 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2007.05.11 09:40:42 | 000,329,728 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Dr71WU.sys -- (RT73)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.youtube.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {621002F0-960A-4379-979B-CAEAE1E83C77}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKCU\..\SearchScopes\{1316BFB3-DB15-4152-B90D-158711C178C4}: "URL" = hxxp://de.wikipedia.org/wiki/Spezial:Search?search={searchTerms}
IE - HKCU\..\SearchScopes\{621002F0-960A-4379-979B-CAEAE1E83C77}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "https://elearning.uni-bremen.de/"
FF - prefs.js..extensions.enabledItems: web2pdfextension@web2pdf.adobedotcom:1.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:3.0.0.2
FF - prefs.js..extensions.enabledItems: {75656794-AB59-4712-BFBC-5D816D56F3BC}:1.1.6
FF - prefs.js..extensions.enabledItems: {33e0daa6-3af3-d8b5-6752-10e949c61516}:1.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29
FF - prefs.js..extensions.enabledItems: {184AA5E6-741D-464a-820E-94B3ABC2F3B4}:1.0
FF - prefs.js..network.proxy.backup.ftp: "proxy.zfn.uni-bremen.de"
FF - prefs.js..network.proxy.backup.ftp_port: 3128
FF - prefs.js..network.proxy.backup.gopher: "proxy.zfn.uni-bremen.de"
FF - prefs.js..network.proxy.backup.gopher_port: 3128
FF - prefs.js..network.proxy.backup.socks: "proxy.zfn.uni-bremen.de"
FF - prefs.js..network.proxy.backup.socks_port: 3128
FF - prefs.js..network.proxy.backup.ssl: "proxy.zfn.uni-bremen.de"
FF - prefs.js..network.proxy.backup.ssl_port: 3128
FF - prefs.js..network.proxy.ftp: "proxy.zfn.uni-bremen.de"
FF - prefs.js..network.proxy.ftp_port: 3128
FF - prefs.js..network.proxy.gopher: "proxy.zfn.uni-bremen.de"
FF - prefs.js..network.proxy.gopher_port: 3128
FF - prefs.js..network.proxy.http: "proxy.zfn.uni-bremen.de"
FF - prefs.js..network.proxy.http_port: 3128
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "proxy.zfn.uni-bremen.de"
FF - prefs.js..network.proxy.socks_port: 3128
FF - prefs.js..network.proxy.ssl: "proxy.zfn.uni-bremen.de"
FF - prefs.js..network.proxy.ssl_port: 3128
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.3088: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.3146: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.11.3006: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2011.11.04 09:54:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2011.03.07 06:27:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.28\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.03.17 12:03:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.28\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.03.14 14:43:29 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\Users\kaiz\AppData\Roaming\01015 [2012.03.16 17:29:59 | 000,000,000 | ---D | M]
 
[2009.09.26 18:34:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\kaiz\AppData\Roaming\mozilla\Extensions
[2012.03.16 14:14:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\kaiz\AppData\Roaming\mozilla\Firefox\Profiles\vlk4svcp.default\extensions
[2011.03.11 18:18:41 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\kaiz\AppData\Roaming\mozilla\Firefox\Profiles\vlk4svcp.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.08.19 18:32:53 | 000,000,000 | ---D | M] (Complitly - Speed up your search with your personal search suggestions tool) -- C:\Users\kaiz\AppData\Roaming\mozilla\Firefox\Profiles\vlk4svcp.default\extensions\{33e0daa6-3af3-d8b5-6752-10e949c61516}
[2011.03.11 18:18:41 | 000,000,000 | ---D | M] (PDF Download) -- C:\Users\kaiz\AppData\Roaming\mozilla\Firefox\Profiles\vlk4svcp.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
[2011.08.19 18:01:58 | 000,000,000 | ---D | M] (Splitcam Toolbar) -- C:\Users\kaiz\AppData\Roaming\mozilla\Firefox\Profiles\vlk4svcp.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}
[2011.03.07 06:19:16 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\kaiz\AppData\Roaming\mozilla\Firefox\Profiles\vlk4svcp.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011.06.18 13:28:30 | 000,001,755 | ---- | M] () -- C:\Users\kaiz\AppData\Roaming\Mozilla\Firefox\Profiles\vlk4svcp.default\searchplugins\googlede-pws.xml
[2011.10.23 16:32:51 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010.05.21 15:56:02 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011.01.16 19:18:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.03.26 10:59:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.09.14 11:19:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011.10.23 16:32:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2011.11.04 09:54:04 | 000,000,000 | ---D | M] (Adobe Acrobat - Create PDF) -- C:\PROGRAM FILES\ADOBE\ACROBAT 10.0\ACROBAT\BROWSER\WCFIREFOXEXTN
[2009.12.02 09:10:43 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
[2010.05.21 15:56:02 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011.01.16 19:18:40 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.03.26 10:59:00 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.09.14 11:19:10 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011.10.23 16:32:51 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2012.03.16 17:29:59 | 000,000,000 | ---D | M] (Java String Helper) -- C:\USERS\KAIZ\APPDATA\ROAMING\01015
[2011.10.03 04:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2009.11.26 12:03:41 | 000,024,673 | ---- | M] (Check Point Software Technologies Ltd.) -- C:\Program Files\mozilla firefox\plugins\NPZoneSB.dll
[2011.08.24 08:02:05 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.08.24 08:02:05 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.08.24 08:02:05 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.08.24 08:02:05 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.08.24 08:02:05 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Programme\TechSmith\Snagit 9\SnagitBHO.dll (TechSmith Corporation)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Programme\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {CF070CB8-F02F-4af4-A7B7-8D45CAD4BB54} - No CLSID value found.
O2 - BHO: (Complitly) - {D27FC31C-6E3D-4305-8D53-ACDAEFA5F862} - C:\Users\kaiz\AppData\Roaming\Complitly\Complitly.dll (SimplyGen)
O2 - BHO: (ZoneAlarm Spy Blocker BHO) - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Programme\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL (ZoneAlarm)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SMTTB2009 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Programme\Splitcam Toolbar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (Splitcam Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Programme\Splitcam Toolbar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Programme\TechSmith\Snagit 9\SnagitIEAddin.dll (TechSmith Corporation)
O3 - HKLM\..\Toolbar: (ZoneAlarm Spy Blocker) - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Programme\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL (ZoneAlarm)
O3 - HKCU\..\Toolbar\WebBrowser: (Splitcam Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Programme\Splitcam Toolbar\tbcore3.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MPlayerForWindows_UpdateReminder] C:\Program Files\MPlayer für Windows\AutoUpdate.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SAOB Monitor] C:\Programme\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [Adobe Acrobat Synchronizer] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [Userinit] C:\Users\kaiz\AppData\Roaming\appconf32.exe File not found
O4 - HKCU..\Run: [VeohPlugin] C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (Veoh Networks)
O4 - Startup: C:\Users\kaiz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\kaiz\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
F3 - HKCU WinNT: Load - (C:\Users\kaiz\LOCALS~1\Temp\msierbu.com) - C:\Users\kaiz\LOCALS~1\Temp\msierbu.com ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Save Page As PDF ... - C:\Program Files\Nitro PDF\PDF Download\nitroweb.htm ()
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{13FD8F68-8067-4579-B2BB-FAE5C38C1CA6}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2290004B-F9A2-40B2-A3DF-8868823A9FB9}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DF0A3C12-0C5A-45B3-91D5-A314264D216E}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EB221257-DBDE-4DC8-9FB7-5C5DC793F78B}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F5DD2154-5D71-4021-BBE1-B3C134565235}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FF5A0625-21B9-468D-A62C-DB6341A859D4}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img36.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img36.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.03.17 11:43:28 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012.03.17 11:43:25 | 000,000,000 | ---D | C] -- C:\Users\kaiz\AppData\Roaming\Malwarebytes
[2012.03.17 11:35:01 | 000,192,512 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxres.dll
[2012.03.17 10:20:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.03.17 10:20:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.03.17 10:20:23 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.03.17 10:20:23 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.03.17 10:10:53 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%
[2012.03.17 08:03:14 | 000,000,000 | ---D | C] -- C:\Users\kaiz\AppData\Roaming\kodak
[2012.03.16 17:29:59 | 000,000,000 | ---D | C] -- C:\Users\kaiz\AppData\Roaming\01015
[2012.03.16 15:23:19 | 000,000,000 | ---D | C] -- C:\Users\kaiz\AppData\Roaming\UAs
[2012.03.16 14:44:51 | 000,000,000 | ---D | C] -- C:\Users\kaiz\AppData\Roaming\01014
[2012.03.16 14:37:00 | 000,000,000 | ---D | C] -- C:\Users\kaiz\Local Settings
[2012.03.16 14:36:59 | 000,000,000 | ---D | C] -- C:\Users\kaiz\AppData\Roaming\xmldm
[2012.03.16 14:36:59 | 000,000,000 | ---D | C] -- C:\Users\kaiz\AppData\Roaming\kock
[2012.03.04 09:40:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Blizzard Entertainment
[2012.03.03 23:37:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Battle.net
[2012.02.25 19:57:30 | 000,000,000 | ---D | C] -- C:\Users\kaiz\Documents\My Digital Editions
[2012.02.25 19:52:52 | 000,000,000 | ---D | C] -- C:\Users\kaiz\AppData\Local\Kobo
[2012.02.25 19:52:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kobo
[2012.02.25 19:49:05 | 000,000,000 | ---D | C] -- C:\Program Files\Kobo
[2012.02.23 10:50:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\REALTEK 11n USB Wireless LAN Utility
[2012.02.23 10:47:23 | 000,541,800 | ---- | C] (Realtek Semiconductor Corporation                           ) -- C:\Windows\System32\drivers\rtl8192su.sys
[2012.02.23 10:47:13 | 000,614,400 | ---- | C] (Realtek Semiconductor Corp. ) -- C:\Windows\System32\Rtlihvs.dll
[2012.02.23 10:47:13 | 000,380,928 | ---- | C] (Realtek) -- C:\Windows\RtlUI2.exe
[2012.02.23 10:47:13 | 000,188,416 | ---- | C] (Realtek Semiconductor Corp. ) -- C:\Windows\System32\RTLExtUI.dll
[1 C:\Users\kaiz\AppData\Roaming\*.tmp files -> C:\Users\kaiz\AppData\Roaming\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.03.17 11:51:56 | 000,617,456 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.03.17 11:51:56 | 000,586,568 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.03.17 11:51:56 | 000,122,258 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.03.17 11:51:56 | 000,100,640 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.03.17 11:50:27 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012.03.17 11:47:55 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2012.03.17 11:45:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.03.17 11:43:44 | 000,004,112 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.03.17 11:43:44 | 000,004,112 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.03.17 10:20:24 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.03.17 08:20:53 | 000,070,144 | ---- | M] () -- C:\Users\kaiz\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.03.17 08:03:10 | 000,000,016 | ---- | M] () -- C:\Users\kaiz\AppData\Roaming\blckdom.res
[2012.03.16 14:44:58 | 000,005,624 | ---- | M] () -- C:\Users\kaiz\AppData\Roaming\BAcroIEHelpe.dll
[2012.03.16 14:44:57 | 000,390,648 | ---- | M] () -- C:\Users\kaiz\AppData\Roaming\AcroIEHelpe.dll
[2012.03.16 12:31:16 | 001,756,160 | ---- | M] () -- C:\Users\kaiz\Documents\Biatch test.avi
[2012.03.15 16:36:56 | 000,000,152 | ---- | M] () -- C:\Users\kaiz\Mario.vcf
[2012.03.15 16:02:44 | 000,000,173 | ---- | M] () -- C:\Users\kaiz\Niko Finder.vcf
[2012.03.14 08:28:24 | 002,036,872 | ---- | M] () -- C:\Users\kaiz\Durchsicht.zip
[2012.03.14 00:28:04 | 002,036,722 | ---- | M] () -- C:\Users\kaiz\Betaversion Durchsicht.pdf
[2012.03.10 18:22:02 | 000,001,024 | ---- | M] () -- C:\Windows\System32\AutoPartNt.let
[2012.03.10 18:19:48 | 002,088,288 | ---- | M] (Acronis) -- C:\Windows\System32\AutoPartNt.exe
[2012.03.08 07:53:50 | 000,000,521 | ---- | M] () -- C:\Users\kaiz\Desktop\24 Di miri 12uhr.rtf
[2012.02.27 11:07:51 | 000,000,918 | ---- | M] () -- C:\Users\kaiz\Desktop\Dropbox.lnk
[2012.02.27 11:07:51 | 000,000,898 | ---- | M] () -- C:\Users\kaiz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012.02.26 19:38:48 | 000,000,198 | ---- | M] () -- C:\Users\kaiz\Desktop\games ab 3tem Semester...rtf
[2012.02.25 19:52:47 | 000,000,826 | ---- | M] () -- C:\Users\Public\Desktop\Kobo.lnk
[2012.02.23 10:50:07 | 000,001,943 | ---- | M] () -- C:\Users\Public\Desktop\REALTEK 11n USB Wireless LAN Utility.lnk
[2012.02.19 18:31:30 | 000,003,466 | ---- | M] () -- C:\Windows\System32\savedkey.reg
[2012.02.16 17:51:55 | 000,001,383 | ---- | M] () -- C:\Users\kaiz\Desktop\Essay Quellen.rtf
[1 C:\Users\kaiz\AppData\Roaming\*.tmp files -> C:\Users\kaiz\AppData\Roaming\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.03.17 10:20:24 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.03.16 14:44:58 | 000,005,624 | ---- | C] () -- C:\Users\kaiz\AppData\Roaming\BAcroIEHelpe.dll
[2012.03.16 14:44:57 | 000,390,648 | ---- | C] () -- C:\Users\kaiz\AppData\Roaming\AcroIEHelpe.dll
[2012.03.16 14:44:47 | 000,000,016 | ---- | C] () -- C:\Users\kaiz\AppData\Roaming\blckdom.res
[2012.03.16 12:30:51 | 001,756,160 | ---- | C] () -- C:\Users\kaiz\Documents\Biatch test.avi
[2012.03.15 16:36:53 | 000,000,152 | ---- | C] () -- C:\Users\kaiz\Mario.vcf
[2012.03.15 16:02:37 | 000,000,173 | ---- | C] () -- C:\Users\kaiz\Niko Finder.vcf
[2012.03.14 08:28:32 | 002,036,722 | ---- | C] () -- C:\Users\kaiz\Betaversion Durchsicht.pdf
[2012.03.14 08:28:20 | 002,036,872 | ---- | C] () -- C:\Users\kaiz\Durchsicht.zip
[2012.02.25 19:52:47 | 000,000,826 | ---- | C] () -- C:\Users\Public\Desktop\Kobo.lnk
[2012.02.23 10:50:07 | 000,001,943 | ---- | C] () -- C:\Users\Public\Desktop\REALTEK 11n USB Wireless LAN Utility.lnk
[2012.02.23 10:47:13 | 000,451,072 | ---- | C] () -- C:\Windows\System32\ISSRemoveSP.exe
[2012.02.19 18:31:30 | 000,003,466 | ---- | C] () -- C:\Windows\System32\savedkey.reg
[2011.12.13 20:46:10 | 002,523,136 | ---- | C] () -- C:\Windows\System32\svdhalp.exe.ini64
[2010.12.22 01:48:11 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2010.08.04 15:18:36 | 000,000,000 | ---- | C] () -- C:\Users\kaiz\AppData\Roaming\chrtmp

< End of report >
         
--- --- ---


Und jetzt ExtrasOTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 17.03.2012 11:57:00 - Run 1
OTL by OldTimer - Version 3.2.38.0     Folder = F:\
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 2,13 Gb Available Physical Memory | 71,18% Memory free
6,18 Gb Paging File | 5,49 Gb Available in Paging File | 88,91% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222,79 Gb Total Space | 10,49 Gb Free Space | 4,71% Space Free | Partition Type: NTFS
Drive D: | 10,00 Gb Total Space | 1,75 Gb Free Space | 17,50% Space Free | Partition Type: NTFS
Drive F: | 1,89 Gb Total Space | 1,44 Gb Free Space | 76,32% Space Free | Partition Type: FAT
 
Computer Name: KAIZ-PC | User Name: kaiz | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1B91A6FF-1F88-41FB-A21B-09B322B34574}" = lport=139 | protocol=6 | dir=in | app=system | 
"{1EED4826-72F3-4E85-B27C-2462B1071FF0}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | 
"{3BD4F2EC-1AD3-4BC1-A95D-845FDD0731C6}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{5FA6D5A1-99BD-411D-9B98-0E4AD60C88E4}" = lport=137 | protocol=17 | dir=in | app=system | 
"{63FC8562-F726-4F9C-9C42-6BDF65967335}" = lport=138 | protocol=17 | dir=in | app=system | 
"{71AF5A10-E3FA-4805-BF2B-8F2F8C1F183E}" = lport=1542 | protocol=6 | dir=in | name=realtek wps tcp prot | 
"{7A98A573-C016-4240-8478-043438AB0527}" = rport=137 | protocol=17 | dir=out | app=system | 
"{7A9FE9FA-AE4B-431C-A63F-007164587C29}" = lport=445 | protocol=6 | dir=in | app=system | 
"{87757F63-7545-4D5F-9300-45CF20B42F95}" = rport=139 | protocol=6 | dir=out | app=system | 
"{A3B2425C-0B97-42B7-A149-D135831E7296}" = lport=1542 | protocol=17 | dir=in | name=realtek wps udp prot | 
"{AAFF772F-717B-4383-BEB0-48C85073D13D}" = rport=138 | protocol=17 | dir=out | app=system | 
"{B3A18AF6-0047-4FD9-8002-2ECE16BCEFEB}" = rport=445 | protocol=6 | dir=out | app=system | 
"{C71CEB81-52EA-4CCD-87C8-D97F9373AB14}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{D69C868E-27D2-482F-90BB-D6BF83D271BC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{DEF5C67C-D2D6-4017-B30D-8666B214D849}" = lport=53 | protocol=17 | dir=in | name=realtek ap udp prot | 
"{FAC8A56F-C7A9-40BC-9BC7-64DE8C6B0CDE}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0DD4FD72-EAB9-4857-A8A5-FF01AB45A14B}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{0FEAAD2F-B523-4BAC-A392-C1AF8548FB9B}" = protocol=17 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe | 
"{150DF990-C5A0-41FE-8DA3-43F2445D151B}" = protocol=17 | dir=in | app=c:\program files\diablo iii beta\diablo iii.exe | 
"{1B949941-34A6-48E8-9BE5-F0C9AAA411CF}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{213353F8-CA9F-457E-BD89-334A442A4A11}" = protocol=6 | dir=in | app=c:\users\kaiz\appdata\roaming\dropbox\bin\dropbox.exe | 
"{2AA42179-727C-4481-B83C-E5CB22686882}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{3409BA34-E750-4FD0-B976-083672B94CCC}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{3590FFA2-A670-4DF4-811A-3AEA66CDA777}" = protocol=6 | dir=in | app=c:\program files\diablo iii beta\diablo iii.exe | 
"{504FF864-62B6-46C7-B4A8-F3051B8A5C18}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{5E90CA77-B5F2-41D0-B386-6C6579A859EB}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{6A27CBC7-C76F-4E1A-8164-7C90067CCC3C}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{8B359222-2378-410B-8E3E-22575366CA9E}" = protocol=6 | dir=in | app=c:\program files\realtek\11n usb wireless lan utility\rtwlan.exe | 
"{923BBAF1-0CF6-4B1E-8999-F751BEC283F2}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{977D0C1E-A161-4604-9B3B-00C77BDE44B4}" = protocol=17 | dir=in | app=c:\users\kaiz\appdata\roaming\dropbox\bin\dropbox.exe | 
"{C6426A90-B778-4650-B984-36D0A2C92BC8}" = protocol=6 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe | 
"{CFFF9AB8-45D6-4871-AC8F-439CC26DA27F}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{F6502F9E-973C-4EF6-8704-C0F87E0DE79D}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{F8DF007A-55E1-4CF7-9D6A-B66A0DC9323F}" = protocol=17 | dir=in | app=c:\program files\realtek\11n usb wireless lan utility\rtwlan.exe | 
"TCP Query User{6109D686-BEF9-4D9D-9812-E6C5C39AC7B6}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"TCP Query User{7CE20C06-E6A9-439E-B12E-87182BDEC066}C:\program files\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files\mirc\mirc.exe | 
"TCP Query User{FF2DAD41-4B3F-4DC7-83AF-3D94D7BFE2C3}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{51EF4548-2D46-41EE-9199-4AC9BE0D1FCA}C:\program files\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files\mirc\mirc.exe | 
"UDP Query User{C8B2E6A3-3615-4026-9045-8A80632D5E92}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"UDP Query User{FD5E49A0-0441-4DC2-AA7B-021D20B187AC}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{00718491-55BF-46C6-83EF-4B3B95AC807A}" = SplitCam
"{04A3A6B0-8E19-49BB-82FF-65C5A55F917D}" = Acronis*True*Image*Home 2011
"{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1" = Core Temp version 0.99.8
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 29
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2CAB55FA-A147-4215-81A6-E9A9038B7970}" = Plus Pack für Acronis True Image Home 2011
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B63B2922B174135AFC0E1377DD81EC2}" = 
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C049499-055C-4a0c-A916-1D8CA1FF45EB}" = REALTEK Wireless LAN Driver and Utility
"{A040AC77-C1AA-4CC9-8931-9F648AF178F6}" = VC 9.0 Runtime
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC76BA86-1033-F400-7760-000000000005}" = Adobe Acrobat X Pro - English, Français, Deutsch
"{AC76BA86-7AD7-1031-7B44-A91000000001}" = Adobe Reader 9.1 - Deutsch
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B43A3C5D-7F74-4493-840E-D7B74520BC19}" = PDF Download for Internet Explorer
"{B440D659-FECA-4BDD-A12B-5C9F05790FF3}" = Snagit 9.1.2
"{C9736F27-3CFC-4AF9-B2A7-5B1A54B1A84F}" = SFV Checker
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D4AEC53C-1720-41D9-B6D7-6A60DE62D444}" = PC Connectivity Solution
"{DB9E4EAB-2717-499F-8D56-4CC8A644AB60}" = MPlayer für Windows (Full Package)
"{E2867240-F889-4D76-9AAF-252D9A1A623E}" = O2Micro Flash Memory Card Reader Driver (x86)
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}" = Vista Codec Package
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Broadcom 802.11b Network Adapter" = Dienstprogramm für Dell Wireless WLAN Karte
"Complitly_is1" = Complitly
"DAEMON Tools Lite" = DAEMON Tools Lite
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX-Setup
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"EPSON SX218 Series" = Druckerdeinstallation für EPSON SX218 Series
"Everything" = Everything 1.2.1.371
"ffdshow_is1" = ffdshow v1.1.3562 [2010-09-07]
"Free FLV Converter_is1" = Free FLV Converter V 7.0.0
"Free PDF to Word Doc Converter_is1" = Free PDF to Word Doc Converter v1.1
"Free Video to MP3 Converter_is1" = Free Video to MP3 Converter version 3.2
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"IrfanView" = IrfanView (remove only)
"JDownloader" = JDownloader
"Kobo" = Kobo
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.1.1000
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"mIRC" = mIRC
"Mozilla Firefox (3.6.28)" = Mozilla Firefox (3.6.28)
"MP3 Recorder Studio_is1" = MP3 Recorder Studio 6.0
"Notepad++" = Notepad++
"RealPlayer 6.0" = RealPlayer
"Splitcam Toolbar" = Splitcam Toolbar
"Uninstall_is1" = Uninstall 1.0.0.1
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"XP Codec Pack" = XP Codec Pack
"ZoneAlarm" = ZoneAlarm
"ZoneAlarmSB Uninstall" = ZoneAlarm Spy Blocker
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"309a46b1dc89b774" = Dell Driver Download Manager
"Dropbox" = Dropbox
"Gnumeric" = Gnumeric Spreadsheet 1.10.16-20110616
"WinSetupFromUSB" = WinSetupFromUSB
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 17.03.2012 04:57:32 | Computer Name = kaiz-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung zlclient.exe, Version 8.0.20.0, Zeitstempel 
0x48ae34b9, fehlerhaftes Modul kernel32.dll, Version 6.0.6002.18005, Zeitstempel
 0x49e037dd, Ausnahmecode 0xc0000096, Fehleroffset 0x000c92a5,  Prozess-ID 0xd14, 
Anwendungsstartzeit 01cd041bd54541d3.
 
Error - 17.03.2012 05:09:55 | Computer Name = kaiz-PC | Source = Microsoft-Windows-CAPI2 | ID = 131329
Description = 
 
Error - 17.03.2012 05:10:04 | Computer Name = kaiz-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung svchost.exe_EapHost, Version 6.0.6001.18000,
 Zeitstempel 0x47918b89, fehlerhaftes Modul ole32.dll, Version 6.0.6002.18277, Zeitstempel
 0x4c28d53e, Ausnahmecode 0xc0000006, Fehleroffset 0x0003b7ee,  Prozess-ID 0x45c, 
Anwendungsstartzeit 01cd041d5d91dc5f.
 
Error - 17.03.2012 05:10:04 | Computer Name = kaiz-PC | Source = Application Error | ID = 1005
Description = Aus einem der folgenden Gründe kann nicht auf die Datei "C:\Windows\System32\ole32.dll"
 zugegriffen werden:   Es besteht ein Problem mit der Netzwerkverbindung, dem Datenträger
 mit der gespeicherten Datei bzw. den auf dem Computer installierten   Speichertreibern;
 oder der Datenträger fehlt.   Das Programm Hostprozess für Windows-Dienste wurde 
wegen dieses Fehlers geschlossen.    Programm: Hostprozess für Windows-Dienste  Datei:
 C:\Windows\System32\ole32.dll    Der Fehlerwert ist im Abschnitt "Zusätzliche Dateien"
 aufgelistet.  Benutzeraktion  1. Öffnen Sie die Datei erneut.   Diese Situation ist eventuell
 ein temporäres Problem, das selbstständig behoben wird, wenn das Programm erneut
 ausgeführt wird.  2.   Wenn Sie weiterhin nicht auf die Datei zugreifen können und   -
 diese sich im Netzwerk befindet,   dann sollte der Netzwerkadministrator überprüfen,
 dass kein Netzwerkproblem besteht und dass eine Verbindung mit dem Server hergestellt
 werden kann.   - diese sich auf einem Wechseldatenträger, wie z. B. einer Diskette
 oder einer CD, befindet, überprüfen Sie, ob der Datenträger richtig in der Computer
 eingelegt ist.  3. Überprüfen und reparieren Sie das Dateisystem, indem Sie CHKDSK
 ausführen. Klicken Sie dazu im Menü "Start" auf "Ausführen", geben Sie CMD ein,
 und klicken Sie auf "OK". Geben Sie an der Eingabeaufforderung CHKDSK /F ein, und
 drücken Sie die EINGABETASTE.  4. Stellen Sie die Datei von einer Sicherungskopie
 wieder her, wenn das Problem weiterhin besteht.  5. Überprüfen Sie, ob andere Dateien
 auf demselben Datenträger geöffnet werden können. Falls dies nicht möglich ist,
 ist der Datenträger eventuell beschädigt.   Wenden Sie sich an den Administrator 
oder den Hersteller der Computerhardware, um weitere Unterstützung zu erhalten, 
wenn es sich um eine Festplatte handelt.    Zusätzliche Daten  Fehlerwert: C0000185  Datenträgertyp:
 3
 
Error - 17.03.2012 05:10:41 | Computer Name = kaiz-PC | Source = EventSystem | ID = 4609
Description = 
 
Error - 17.03.2012 06:43:33 | Computer Name = kaiz-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 17.03.2012 06:43:33 | Computer Name = kaiz-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 17.03.2012 06:47:51 | Computer Name = kaiz-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung winlogon.exe, Version 6.0.6002.18005, Zeitstempel
 0x49e01d05, fehlerhaftes Modul winlogon.exe, Version 6.0.6002.18005, Zeitstempel
 0x49e01d05, Ausnahmecode 0xc0000006, Fehleroffset 0x0000f708,  Prozess-ID 0x2c0, 
Anwendungsstartzeit 01cd042afca72494.
 
Error - 17.03.2012 06:47:51 | Computer Name = kaiz-PC | Source = Application Error | ID = 1005
Description = Aus einem der folgenden Gründe kann nicht auf die Datei "C:\Windows\System32\winlogon.exe"
 zugegriffen werden:   Es besteht ein Problem mit der Netzwerkverbindung, dem Datenträger
 mit der gespeicherten Datei bzw. den auf dem Computer installierten   Speichertreibern;
 oder der Datenträger fehlt.   Das Programm Windows-Anmeldeanwendung wurde wegen dieses
 Fehlers geschlossen.    Programm: Windows-Anmeldeanwendung  Datei: C:\Windows\System32\winlogon.exe

Der
 Fehlerwert ist im Abschnitt "Zusätzliche Dateien" aufgelistet.  Benutzeraktion  1. 
Öffnen Sie die Datei erneut.   Diese Situation ist eventuell ein temporäres Problem,
 das selbstständig behoben wird, wenn das Programm erneut ausgeführt wird.  2.   Wenn
 Sie weiterhin nicht auf die Datei zugreifen können und   - diese sich im Netzwerk 
befindet,   dann sollte der Netzwerkadministrator überprüfen, dass kein Netzwerkproblem
 besteht und dass eine Verbindung mit dem Server hergestellt werden kann.   - diese
 sich auf einem Wechseldatenträger, wie z. B. einer Diskette oder einer CD, befindet,
 überprüfen Sie, ob der Datenträger richtig in der Computer eingelegt ist.  3. Überprüfen
 und reparieren Sie das Dateisystem, indem Sie CHKDSK ausführen. Klicken Sie dazu
 im Menü "Start" auf "Ausführen", geben Sie CMD ein, und klicken Sie auf "OK". Geben
 Sie an der Eingabeaufforderung CHKDSK /F ein, und drücken Sie die EINGABETASTE.
4.
 Stellen Sie die Datei von einer Sicherungskopie wieder her, wenn das Problem weiterhin
 besteht.  5. Überprüfen Sie, ob andere Dateien auf demselben Datenträger geöffnet
 werden können. Falls dies nicht möglich ist, ist der Datenträger eventuell beschädigt.
   Wenden Sie sich an den Administrator oder den Hersteller der Computerhardware, 
um weitere Unterstützung zu erhalten, wenn es sich um eine Festplatte handelt.    Zusätzliche
 Daten  Fehlerwert: C0000185  Datenträgertyp: 3
 
Error - 17.03.2012 06:48:22 | Computer Name = kaiz-PC | Source = EventSystem | ID = 4609
Description = 
 
[ Broadcom Wireless LAN Events ]
Error - 05.03.2012 19:02:52 | Computer Name = kaiz-PC | Source = WLAN-Tray | ID = 0
Description = 00:02:52, Tue, Mar 06, 12 Error - User "" does not have administrative
 privileges on this system 
 
Error - 06.03.2012 17:16:26 | Computer Name = kaiz-PC | Source = WLAN-Tray | ID = 0
Description = 22:16:26, Tue, Mar 06, 12 Error - User "" does not have administrative
 privileges on this system 
 
Error - 06.03.2012 17:16:26 | Computer Name = kaiz-PC | Source = WLAN-Tray | ID = 0
Description = 22:16:26, Tue, Mar 06, 12 Error - User "" does not have administrative
 privileges on this system 
 
Error - 07.03.2012 18:47:22 | Computer Name = kaiz-PC | Source = WLAN-Tray | ID = 0
Description = 23:47:22, Wed, Mar 07, 12 Error - User "" does not have administrative
 privileges on this system 
 
Error - 10.03.2012 13:20:17 | Computer Name = kaiz-PC | Source = WLAN-Tray | ID = 0
Description = 18:20:17, Sat, Mar 10, 12 Error - User "" does not have administrative
 privileges on this system 
 
Error - 10.03.2012 13:20:17 | Computer Name = kaiz-PC | Source = WLAN-Tray | ID = 0
Description = 18:20:17, Sat, Mar 10, 12 Error - User "" does not have administrative
 privileges on this system 
 
Error - 13.03.2012 18:57:12 | Computer Name = kaiz-PC | Source = WLAN-Tray | ID = 0
Description = 23:57:12, Tue, Mar 13, 12 Error - User "" does not have administrative
 privileges on this system 
 
Error - 13.03.2012 18:57:12 | Computer Name = kaiz-PC | Source = WLAN-Tray | ID = 0
Description = 23:57:12, Tue, Mar 13, 12 Error - User "" does not have administrative
 privileges on this system 
 
Error - 17.03.2012 03:22:04 | Computer Name = kaiz-PC | Source = WLAN-Tray | ID = 0
Description = 08:22:04, Sat, Mar 17, 12 Error - User "" does not have administrative
 privileges on this system 
 
Error - 17.03.2012 03:22:04 | Computer Name = kaiz-PC | Source = WLAN-Tray | ID = 0
Description = 08:22:04, Sat, Mar 17, 12 Error - User "" does not have administrative
 privileges on this system 
 
[ OSession Events ]
Error - 30.03.2011 05:47:02 | Computer Name = kaiz-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 129
 seconds with 120 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 17.03.2012 06:48:14 | Computer Name = kaiz-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 17.03.2012 06:48:14 | Computer Name = kaiz-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = 
 
Error - 17.03.2012 06:48:22 | Computer Name = kaiz-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 17.03.2012 06:48:24 | Computer Name = kaiz-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 17.03.2012 06:48:40 | Computer Name = kaiz-PC | Source = Service Control Manager | ID = 7022
Description = 
 
Error - 17.03.2012 06:48:40 | Computer Name = kaiz-PC | Source = Service Control Manager | ID = 7023
Description = 
 
Error - 17.03.2012 06:48:40 | Computer Name = kaiz-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 17.03.2012 06:48:40 | Computer Name = kaiz-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 17.03.2012 06:48:40 | Computer Name = kaiz-PC | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 17.03.2012 06:48:56 | Computer Name = kaiz-PC | Source = DCOM | ID = 10005
Description = 
 
 
< End of report >
         
--- --- ---

wichtiger edit: Ich besitze KEIN CD/DVD Laufwerk am Laptop, nur USB Schnittstellen.

Geändert von Yuumura (17.03.2012 um 12:40 Uhr)

Alt 17.03.2012, 13:33   #2
Yuumura
 
Ukash 100€ Bundestrojaner Windows Vista sp 2 - Standard

Ukash 100€ Bundestrojaner Windows Vista sp 2



Hier die logs von Malware nach dem 2ten durchlauf vor dem Löschen

Malwarebytes Anti-Malware (Trial) 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.17.04

Windows Vista Service Pack 2 x86 NTFS (Safe Mode/Networking)
Internet Explorer 8.0.6001.19088
kaiz :: KAIZ-PC [administrator]

Protection: Disabled

17.03.2012 12:16:26
mbam-log-2012-03-17 (12-16-26).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 402377
Time elapsed: 1 hour(s), 10 minute(s), 15 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 3
HKCR\CLSID\{975670D0-7EFB-4fa8-90FA-3AE575B9FB77} (Trojan.Banker) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{975670D0-7EFB-4FA8-90FA-3AE575B9FB77} (Trojan.Banker) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{975670D0-7EFB-4FA8-90FA-3AE575B9FB77} (Trojan.Banker) -> Quarantined and deleted successfully.

Registry Values Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Userinit (Trojan.Agent) -> Data: C:\Users\kaiz\AppData\Roaming\appconf32.exe -> Quarantined and deleted successfully.

Registry Data Items Detected: 1
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (Spyware.Zeus) -> Bad: (C:\Users\kaiz\LOCALS~1\Temp\msierbu.com) Good: () -> Delete on reboot.

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\Users\kaiz\Local Settings\Temp\msierbu.com (Spyware.Zeus) -> Quarantined and deleted successfully.
C:\Users\kaiz\AppData\Roaming\AcroIEHelpe.dll (Trojan.Banker) -> Quarantined and deleted successfully.

(end)


und hier nach dem Löschen

Malwarebytes Anti-Malware (Trial) 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.17.04

Windows Vista Service Pack 2 x86 NTFS (Safe Mode/Networking)
Internet Explorer 8.0.6001.19088
kaiz :: KAIZ-PC [administrator]

Protection: Disabled

17.03.2012 12:16:26
mbam-log-2012-03-17 (13-29-08).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 402377
Time elapsed: 1 hour(s), 10 minute(s), 15 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 3
HKCR\CLSID\{975670D0-7EFB-4fa8-90FA-3AE575B9FB77} (Trojan.Banker) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{975670D0-7EFB-4FA8-90FA-3AE575B9FB77} (Trojan.Banker) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{975670D0-7EFB-4FA8-90FA-3AE575B9FB77} (Trojan.Banker) -> No action taken.

Registry Values Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Userinit (Trojan.Agent) -> Data: C:\Users\kaiz\AppData\Roaming\appconf32.exe -> No action taken.

Registry Data Items Detected: 1
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (Spyware.Zeus) -> Bad: (C:\Users\kaiz\LOCALS~1\Temp\msierbu.com) Good: () -> No action taken.

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\Users\kaiz\Local Settings\Temp\msierbu.com (Spyware.Zeus) -> No action taken.
C:\Users\kaiz\AppData\Roaming\AcroIEHelpe.dll (Trojan.Banker) -> No action taken.

(end)
__________________


Alt 17.03.2012, 15:16   #3
Yuumura
 
Ukash 100€ Bundestrojaner Windows Vista sp 2 - Standard

Ukash 100€ Bundestrojaner Windows Vista sp 2



So, hab jetzt mit der aktuellen Version von Malwarebyte alles gelöscht und jetzt funktioniert wieder alles normal...

Gibt es irgendwelche Tipps mit denen ich potentielle Reste beseitigen könnte ? CCcleaner habe ich schon ausgeführt.
__________________

Antwort

Themen zu Ukash 100€ Bundestrojaner Windows Vista sp 2
0xc0000006, 7-zip, bho, chkdsk /f, dateisystem, desktop, entfernen, error, festplatte, firefox, flash player, home, hängen, install.exe, jdownloader, libusb0.sys, logfile, malware, mbamservice.exe, microsoft office word, mozilla, mp3, nicht möglich, object, office 2007, problem, realtek, registry, scan, searchscopes, security, security update, senden, software, svchost.exe, ukash 100€, usb, virus/trojaner, vista, windows



Ähnliche Themen: Ukash 100€ Bundestrojaner Windows Vista sp 2


  1. Windows Vista: Österreichischer Bundestrojaner / Sperrbildschirm
    Log-Analyse und Auswertung - 25.11.2013 (15)
  2. Bundestrojaner Vista
    Plagegeister aller Art und deren Bekämpfung - 21.09.2013 (4)
  3. Mal wieder Ukash/Bundestrojaner
    Plagegeister aller Art und deren Bekämpfung - 20.06.2013 (7)
  4. Bundestrojaner/weißer Bildschirm Windows Vista
    Plagegeister aller Art und deren Bekämpfung - 11.03.2013 (13)
  5. Windows Vista RunDLL-Boot-Fehler nach Bundestrojaner-Entfernung (rty0_7z.exe)
    Plagegeister aller Art und deren Bekämpfung - 03.01.2013 (18)
  6. ukash virus - bundestrojaner - schweiz - windows xp
    Plagegeister aller Art und deren Bekämpfung - 03.12.2012 (15)
  7. Bundestrojaner, Ukash, Version 1.13
    Plagegeister aller Art und deren Bekämpfung - 23.10.2012 (1)
  8. UKASH-Bundestrojaner hat mich erwischt...
    Plagegeister aller Art und deren Bekämpfung - 18.10.2012 (9)
  9. Bundestrojaner? UKash Aufforderung mit Systemstillegung
    Log-Analyse und Auswertung - 13.10.2012 (45)
  10. UKASH Bundestrojaner - bitte um HILFE!!! Win 7
    Plagegeister aller Art und deren Bekämpfung - 13.10.2012 (1)
  11. Bundestrojaner und UKash
    Plagegeister aller Art und deren Bekämpfung - 28.09.2012 (2)
  12. Bundestrojaner Ukash
    Log-Analyse und Auswertung - 13.08.2012 (17)
  13. Nach Entfernung von Ukash Bundestrojaner - Kein LAN mehr!
    Plagegeister aller Art und deren Bekämpfung - 12.08.2012 (18)
  14. Bundestrojaner UKASH auch bei mir :(( HILFE
    Plagegeister aller Art und deren Bekämpfung - 17.07.2012 (7)
  15. Bundestrojaner Windows Vista
    Plagegeister aller Art und deren Bekämpfung - 23.05.2012 (7)
  16. UKash/Bundestrojaner sperrt System
    Log-Analyse und Auswertung - 02.04.2012 (1)
  17. Windows Vista 32bit von Bundespolizei uKash infiziert.
    Plagegeister aller Art und deren Bekämpfung - 12.10.2011 (10)

Zum Thema Ukash 100€ Bundestrojaner Windows Vista sp 2 - Hi, Ich habe seit heute morgen diesen Virus/Trojaner auf meinem Notebook. Ich besitze folgende Einschränkungen: Kein internetzugang mehr (konnte Malware trotzdem auf aktuelle Datenbank patchen) und lediglich abgesicherter Modus funktioniert - Ukash 100€ Bundestrojaner Windows Vista sp 2...
Archiv
Du betrachtest: Ukash 100€ Bundestrojaner Windows Vista sp 2 auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.