Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Ukash Virus

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 17.05.2012, 17:46   #1
cross89
 
Ukash Virus - Standard

Ukash Virus



Hallo,

mein Vater hat sich auch den Ukash Virus eingefangen.

Konnte nur noch über den abgesicherten Modus starten.

Daraufhin habe ich alle mir merkwürdig erscheinenden Programme aus msconfig deaktiviert.

dauraufhin konnte ich auch wieder normal starten und auf alles zugreifen.

leider sind meine gesamten Datein von dem Virus befallen und wurden verschlüsselt in normale Dateien ohne Endung. Dazu haben sie verschlüsselte Dateinamen.

Wie bekomme ich die wieder hin, da eine Dateisicherung fehlt...

PS: Virus kam durch eine Email bzw. durch deren Anhang! Inhalt der Email:

---------------------------------------------------------------------

Von: chrisamv@yahoo.co.in
Betreff: 17.05.2012 Artikelerwerb 0191805497

Sehr geehrte/r Kunde/Kundin,

Danke für Ihren Kauf bei CEWEFotobuch, nachfolgend finden Sie Ihre Vertragsbestätigung.

Deine Antragsnummer: 669089716696
Artikel: IBM 3058771357 7495,11 Euro
Rechnungsname: Wie in Vertragsdaten gekennzeichnet


Zahlungsmethode: Paypal

Versandadresse und detaillierte Zahlungsaufforderung finden Sie aus Vorsichtsmassnahmen in beigefügtem Anhang.

Die Zahlung wurde autorisiert und wird innerhalb 4 Tage abgeschrieben.
Kaufeinzelheiten und Widerruf Möglichkeiten finden Sie in beigefügtem Anhang.


Ihr Kundenservice

Mauers GmbH
Bergmannring 41
01276 Bremen

Telefon: (+49) 688 3060756
(Mo-Fr 8.00 bis 19.00 Uhr, Sa 9.00 bis 19.00 Uhr)
Gesellschaftssitz ist Aichtal
Umsatzsteuer-ID: DE673628230
Geschäftsfuehrer: Konstantin Kühn

-------------------------------------------------------------------


Ich denke es ist klar dass er sich nie ein solches Fotobuch bestellt hat! :-D
Nach dem Klick auf den Anhang ist es passiert!


--------------------------------------------------------------------

.DDS Logfile:
Code:
ATTFilter
DDS (Ver_2011-08-26.01) - NTFSAMD64 
Internet Explorer: 9.0.8112.16421
Run by *** at 17:03:36 on 2012-05-17
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.8109.5848 [GMT 2:00]
.
AV: McAfee  Anti-Virus und Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee  Anti-Virus und Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee  Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Windows\system32\mfevtps.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\Explorer.EXE
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\McAfee\MAT\McPvTray.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files\McAfee\VirusScan\mcods.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Common Files\Lexware\LxWebAccess\LxWebAccess.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Users\Hans\Downloads\OTL.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\notepad.exe
C:\Windows\notepad.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.google.com
uStart Page = hxxp://www.google.de/
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120507163429.dll
BHO: Windows Live ID-Anmelde-Hilfsprogramm: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [LexwareInfoService] C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe /autostart
uPolicies-system: <NO NAME> = 
uPolicies-system: DisableRegistryTools = 1 (0x1)
uPolicies-system: DisableRegedit = 1 (0x1)
uPolicies-system: DisableTaskMgr = 1 (0x1)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
IE: Nach Microsoft &Excel exportieren - C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://active.macromedia.com/flash2/cabs/swflash.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{563250DA-53DD-4DBB-AD49-5B89F481FEC6} : DhcpNameServer = 192.168.2.1
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\McAfee\MSC\McSnIePl.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
.
============= SERVICES / DRIVERS ===============
.
R0 McPvDrv;McPvDrv Driver;C:\Windows\system32\drivers\McPvDrv.sys --> C:\Windows\system32\drivers\McPvDrv.sys [?]
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]
R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]
R1 MOBKFilter;MOBKFilter;C:\Windows\system32\DRIVERS\MOBK.sys --> C:\Windows\system32\DRIVERS\MOBK.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-4-12 249936]
R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-4-12 249936]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-4-12 249936]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-4-12 249936]
R2 McShield;McAfee McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2012-4-12 199272]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2012-4-12 210584]
R2 mfevtp;McAfee Validation Trust Protection Service;"C:\Windows\system32\mfevtps.exe" --> C:\Windows\system32\mfevtps.exe [?]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-3-29 2655768]
R3 AVMCOWAN;AVM ISDN CoNDIS WAN CAPI Driver;C:\Windows\system32\DRIVERS\AVMCOWAN.sys --> C:\Windows\system32\DRIVERS\AVMCOWAN.sys [?]
R3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]
R3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;C:\Windows\system32\Drivers\EtronHub3.sys --> C:\Windows\system32\Drivers\EtronHub3.sys [?]
R3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;C:\Windows\system32\Drivers\EtronXHCI.sys --> C:\Windows\system32\Drivers\EtronXHCI.sys [?]
R3 FPCIBASE;AVM FRITZ!Card PCI;C:\Windows\system32\DRIVERS\fpcibase.sys --> C:\Windows\system32\DRIVERS\fpcibase.sys [?]
R3 IntcDAud;Intel(R) Display-Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?]
R3 MEIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]
R3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 StarMoney 8.0 OnlineUpdate;StarMoney 8.0 OnlineUpdate;C:\Program Files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe [2012-4-12 690352]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-5-14 257696]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S4 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-5-12 136176]
S4 gupdatem;Google Update-Dienst (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-5-12 136176]
S4 MOBKbackup;1%;C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe [2010-4-13 231224]
.
=============== Created Last 30 ================
.
2012-05-17 14:06:41	69000	----a-w-	C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{FE6B0E80-5643-4125-8A4F-95C58E7A9343}\offreg.dll
2012-05-17 12:31:51	--------	d-----w-	C:\Users\***\AppData\Roaming\Flwpnghm
2012-05-15 08:24:03	--------	d-----w-	C:\Users\***\AppData\Local\Thunderbird
2012-05-15 08:10:57	--------	d-----w-	C:\Users\***\AppData\Local\{EC3DC68E-D8E8-437C-8147-AEE64C667811}
2012-05-15 08:10:34	--------	d-----w-	C:\Users\***\AppData\Local\{874FA3B8-BE50-4950-8209-55BF585779ED}
2012-05-14 17:22:06	476960	----a-w-	C:\Windows\SysWow64\npdeployJava1.dll
2012-05-14 17:22:06	472864	----a-w-	C:\Windows\SysWow64\deployJava1.dll
2012-05-14 17:09:33	70304	----a-w-	C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-14 17:09:33	419488	----a-w-	C:\Windows\SysWow64\FlashPlayerApp.exe
2012-05-14 09:19:34	--------	d-----w-	C:\Users\***\AppData\Local\{7F0B4E88-53B6-4A08-B560-35C20B66298B}
2012-05-14 09:19:19	--------	d-----w-	C:\Users\***\AppData\Local\{7CD53DE8-74FD-490E-A2C5-6CC26782EA0D}
2012-05-13 19:42:44	--------	d-----w-	C:\Users\***\AppData\Local\{1D086628-0E9E-4991-AD18-F8CE35484B31}
2012-05-13 19:42:41	--------	d-----w-	C:\Users\***\AppData\Local\{2502309F-9927-469E-8828-392612BCE3AB}
2012-05-12 05:57:18	--------	d-----w-	C:\Users\***\AppData\Local\{3E3F6AF7-4D40-40BF-BC24-C1B8D18AEF01}
2012-05-12 05:57:13	--------	d-----w-	C:\Users\***\AppData\Local\{B3645A4B-EF50-448D-8D5D-7FC3D0C48D0D}
2012-05-11 10:04:53	1544704	----a-w-	C:\Windows\System32\DWrite.dll
2012-05-11 10:04:53	1077248	----a-w-	C:\Windows\SysWow64\DWrite.dll
2012-05-11 10:04:36	5559664	----a-w-	C:\Windows\System32\ntoskrnl.exe
2012-05-11 10:04:36	3968368	----a-w-	C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-11 10:04:36	3146240	----a-w-	C:\Windows\System32\win32k.sys
2012-05-11 10:04:35	3913072	----a-w-	C:\Windows\SysWow64\ntoskrnl.exe
2012-05-11 09:43:14	75120	----a-w-	C:\Windows\System32\drivers\partmgr.sys
2012-05-11 08:59:09	1918320	----a-w-	C:\Windows\System32\drivers\tcpip.sys
2012-05-11 08:58:35	1732096	----a-w-	C:\Program Files\Windows Journal\NBDoc.DLL
2012-05-11 08:58:35	1367552	----a-w-	C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-11 08:58:33	936960	----a-w-	C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-11 08:58:33	1402880	----a-w-	C:\Program Files\Windows Journal\JNWDRV.dll
2012-05-11 08:58:33	1393664	----a-w-	C:\Program Files\Windows Journal\JNTFiltr.dll
2012-05-11 07:48:32	--------	d-----w-	C:\Users\***\AppData\Local\{559E002D-7436-45F9-A099-7E582359F95D}
2012-05-11 07:48:29	--------	d-----w-	C:\Users\***\AppData\Local\{E8A460E4-F6D2-4BB0-8CD9-54C9B223C9A1}
2012-05-10 07:05:16	--------	d-----w-	C:\Users\***\AppData\Local\{9B1E772A-9416-465C-8C52-403A981AE7F2}
2012-05-10 07:05:10	--------	d-----w-	C:\Users\***\AppData\Local\{6FFF86C4-DFCC-4A8A-8481-2B7A2A008DB1}
2012-05-09 08:34:55	--------	d-----w-	C:\Users\***\AppData\Local\{533391A0-01B6-4892-97BD-C04369334CDB}
2012-05-09 08:34:36	--------	d-----w-	C:\Users\***\AppData\Local\{4F248E98-BB80-4320-AD5A-C13978A5667F}
2012-05-09 07:16:34	--------	d-----w-	C:\Users\***\AppData\Local\{56EF824D-EF16-47E1-972A-D63205C2464F}
2012-05-08 19:42:20	--------	d-----w-	C:\Users\***\AppData\Local\Microsoft Games
2012-05-08 18:56:08	--------	d-----w-	C:\Users\***\AppData\Local\{3FEFCBEA-8AAE-4CA8-A374-0ED9C312E47F}
2012-05-08 09:42:13	--------	d-----w-	C:\Users\***\AppData\Local\{7AE04051-96DF-4AC0-A456-B793653D8251}
2012-05-07 13:16:21	--------	d-----w-	C:\Users\***\AppData\Local\{F5B34B15-C3DF-46C4-BBF2-83609E4693F1}
2012-04-24 16:54:54	--------	d-----w-	C:\Program Files (x86)\Microsoft
2012-04-17 18:23:14	--------	d-----w-	C:\gienger
.
==================== Find3M  ====================
.
2012-03-29 17:02:02	627600	----a-w-	C:\Windows\System32\deployJava1.dll
2012-03-20 11:11:30	162192	----a-w-	C:\Windows\System32\mfevtps.exe
2012-03-01 06:46:16	23408	----a-w-	C:\Windows\System32\drivers\fs_rec.sys
2012-03-01 06:38:27	220672	----a-w-	C:\Windows\System32\wintrust.dll
2012-03-01 06:33:50	81408	----a-w-	C:\Windows\System32\imagehlp.dll
2012-03-01 06:28:47	5120	----a-w-	C:\Windows\System32\wmi.dll
2012-03-01 05:37:41	172544	----a-w-	C:\Windows\SysWow64\wintrust.dll
2012-03-01 05:33:23	159232	----a-w-	C:\Windows\SysWow64\imagehlp.dll
2012-03-01 05:29:16	5120	----a-w-	C:\Windows\SysWow64\wmi.dll
2012-02-28 06:56:48	2311168	----a-w-	C:\Windows\System32\jscript9.dll
2012-02-28 06:49:56	1390080	----a-w-	C:\Windows\System32\wininet.dll
2012-02-28 06:48:57	1493504	----a-w-	C:\Windows\System32\inetcpl.cpl
2012-02-28 06:42:55	2382848	----a-w-	C:\Windows\System32\mshtml.tlb
2012-02-28 01:18:55	1799168	----a-w-	C:\Windows\SysWow64\jscript9.dll
2012-02-28 01:11:21	1427456	----a-w-	C:\Windows\SysWow64\inetcpl.cpl
2012-02-28 01:11:07	1127424	----a-w-	C:\Windows\SysWow64\wininet.dll
2012-02-28 01:03:16	2382848	----a-w-	C:\Windows\SysWow64\mshtml.tlb
2012-02-23 08:18:36	279656	------w-	C:\Windows\System32\MpSigStub.exe
2012-02-22 11:29:46	75936	----a-w-	C:\Windows\System32\drivers\mfenlfk.sys
2012-02-22 11:29:46	65264	----a-w-	C:\Windows\System32\drivers\cfwids.sys
2012-02-22 11:29:46	647208	----a-w-	C:\Windows\System32\drivers\mfehidk.sys
2012-02-22 11:29:46	487296	----a-w-	C:\Windows\System32\drivers\mfefirek.sys
2012-02-22 11:29:46	289664	----a-w-	C:\Windows\System32\drivers\mfewfpk.sys
2012-02-22 11:29:46	229528	----a-w-	C:\Windows\System32\drivers\mfeavfk.sys
2012-02-22 11:29:46	160792	----a-w-	C:\Windows\System32\drivers\mfeapfk.sys
2012-02-22 11:29:46	10248	----a-w-	C:\Windows\System32\drivers\mfeclnk.sys
2012-02-22 11:29:46	100912	----a-w-	C:\Windows\System32\drivers\mferkdet.sys
.
============= FINISH: 17:10:33,33 ===============
         
--- --- ---



--------------------------------------------------------------------------


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 29.03.2012 18:57:13
System Uptime: 17.05.2012 15:36:06 (2 hours ago)
.
Motherboard: Gigabyte Technology Co., Ltd. | | H61M-D2H-USB3
Processor: Intel(R) Core(TM) i5-2500 CPU @ 3.30GHz | Socket 1155 | 3601/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 466 GiB total, 419,379 GiB free.
D: is CDROM ()
E: is Removable
F: is Removable
G: is Removable
H: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
Adobe Reader X (10.1.3) - Deutsch
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
Compatibility Pack für 2007 Office System
D3DX10
Etron USB3.0 Host Controller
Google Toolbar for Internet Explorer
Google Update Helper
InfraRecorder
Intel(R) Control Center
Intel(R) Management Engine Components
Intel(R) Processor Graphics
Java Auto Updater
Java(TM) 6 Update 2
Java(TM) 6 Update 32
Junk Mail filter update
Lexware Info Service
Lexware warenwirtschaft pro 2009
Lexware warenwirtschaft pro Servicepack Mai 2009, Version 9.50
Lexware warenwirtschaft pro Servicepack Systemdatum 2009
McAfee Online Backup
McAfee Total Protection
Microsoft Office File Validation Add-In
Microsoft Office Live Add-in 1.5
Microsoft Office Professional Edition 2003
Microsoft Visual C++ 2005 Redistributable
Mozilla Thunderbird 12.0.1 (x86 de)
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Picasa 3
Realtek High Definition Audio Driver
RENESIS® Player Browser Plugins
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2518870)
Servicepack Datumsaktualisierung
StarMoney
StarMoney 8.0
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
VLC media player 2.0.0
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
.
==== End Of File ===========================


--------------------------------------------------------------------------
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 17.05.2012 16:52:16 - Run 2
OTL by OldTimer - Version 3.2.43.0     Folder = C:\Users\Hans\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,92 Gb Total Physical Memory | 5,69 Gb Available Physical Memory | 71,83% Memory free
15,84 Gb Paging File | 13,52 Gb Available in Paging File | 85,40% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,66 Gb Total Space | 419,39 Gb Free Space | 90,06% Space Free | Partition Type: NTFS
 
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Hans\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe (Google Inc.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Lexware GmbH & Co. KG)
PRC - C:\Program Files (x86)\Common Files\Lexware\LxWebAccess\LxWebAccess.exe (Lexware GmbH & Co. KG)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\626d0ac2f4ada682d7ca6c4ebf821469\CustomMarshalers.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Messaging\f1241239a9b8229f91ce55d230fad38c\System.Messaging.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\1a690902e9a6293de228c16fab21e2f7\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\90555968565afd59bce4b0974e9903bd\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\69f6e582cb79f107c61308b468c1a215\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll ()
MOD - C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (mfevtp) -- C:\Windows\SysNative\mfevtps.exe (McAfee, Inc.)
SRV:64bit: - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe ()
SRV:64bit: - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe ()
SRV:64bit: - (MSK80Service) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McProxy) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McNASvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McNaiAnn) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (mcmscsvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McMPFSvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McAfee SiteAdvisor Service) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (McODS) -- C:\Programme\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV - (StarMoney 8.0 OnlineUpdate) -- C:\Program Files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe (Star Finanz - Software Entwicklung und Vertriebs GmbH)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (UNS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (MOBKbackup) -- C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe (McAfee, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (mfehidk) -- C:\Windows\SysNative\drivers\mfehidk.sys (McAfee, Inc.)
DRV:64bit: - (mfefirek) -- C:\Windows\SysNative\drivers\mfefirek.sys (McAfee, Inc.)
DRV:64bit: - (mfewfpk) -- C:\Windows\SysNative\drivers\mfewfpk.sys (McAfee, Inc.)
DRV:64bit: - (mfeavfk) -- C:\Windows\SysNative\drivers\mfeavfk.sys (McAfee, Inc.)
DRV:64bit: - (mfeapfk) -- C:\Windows\SysNative\drivers\mfeapfk.sys (McAfee, Inc.)
DRV:64bit: - (mferkdet) -- C:\Windows\SysNative\drivers\mferkdet.sys (McAfee, Inc.)
DRV:64bit: - (mfenlfk) -- C:\Windows\SysNative\drivers\mfenlfk.sys (McAfee, Inc.)
DRV:64bit: - (cfwids) -- C:\Windows\SysNative\drivers\cfwids.sys (McAfee, Inc.)
DRV:64bit: - (EtronXHCI) -- C:\Windows\SysNative\drivers\EtronXHCI.sys (Etron Technology Inc)
DRV:64bit: - (EtronHub3) -- C:\Windows\SysNative\drivers\EtronHub3.sys (Etron Technology Inc)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (McPvDrv) -- C:\Windows\SysNative\drivers\McPvDrv.sys (McAfee, Inc.)
DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (IntcDAud) Intel(R) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (MEIx64) Intel(R) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (MOBKFilter) -- C:\Windows\SysNative\drivers\MOBK.sys (Mozy, Inc.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (FPCIBASE) -- C:\Windows\SysNative\drivers\fpcibase.sys (AVM Berlin)
DRV:64bit: - (AVMCOWAN) -- C:\Windows\SysNative\drivers\avmcowan.sys (AVM GmbH)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E5 16 B2 2A C3 18 CD 01  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope = {621244B6-774C-4C5B-83BE-EE8A8433B662}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q={searchTerms}&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{621244B6-774C-4C5B-83BE-EE8A8433B662}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8&rlz=1I7ADFA_deDE483
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~2\mcafee\msc\npmcsn~1.dll ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2012.04.15 10:20:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files (x86)\Common Files\McAfee\SystemCore [2012.05.08 10:51:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.05.15 10:23:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2012.05.15 10:24:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hans\AppData\Roaming\mozilla\Extensions
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\Common Files\McAfee\SystemCore\ScriptSn.20120507163429.dll (McAfee, Inc.)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120507163429.dll (McAfee, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [McPvTray_exe] C:\Program Files\McAfee\MAT\McPvTray.exe (McAfee, Inc.)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [LexwareInfoService] C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Lexware GmbH & Co. KG)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System:  = 
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegedit = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 10.0.0)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://active.macromedia.com/flash2/cabs/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{563250DA-53DD-4DBB-AD49-5B89F481FEC6}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Programme\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~2\mcafee\msc\mcsniepl.dll (McAfee, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.05.17 14:31:51 | 000,000,000 | ---D | C] -- C:\Users\Hans\AppData\Roaming\Flwpnghm
[2012.05.15 10:24:10 | 000,000,000 | ---D | C] -- C:\Users\Hans\AppData\Roaming\Mozilla
[2012.05.15 10:24:03 | 000,000,000 | ---D | C] -- C:\Users\Hans\AppData\Roaming\Thunderbird
[2012.05.15 10:24:03 | 000,000,000 | ---D | C] -- C:\Users\Hans\AppData\Local\Thunderbird
[2012.05.15 10:23:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
[2012.05.15 10:10:57 | 000,000,000 | ---D | C] -- C:\Users\Hans\AppData\Local\{EC3DC68E-D8E8-437C-8147-AEE64C667811}
[2012.05.15 10:10:34 | 000,000,000 | ---D | C] -- C:\Users\Hans\AppData\Local\{874FA3B8-BE50-4950-8209-55BF585779ED}
[2012.05.14 19:22:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2012.05.14 19:22:06 | 000,476,960 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\npdeployJava1.dll
[2012.05.14 19:22:06 | 000,472,864 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2012.05.14 19:09:49 | 000,000,000 | ---D | C] -- C:\Users\Hans\AppData\Roaming\Macromedia
[2012.05.14 19:09:33 | 000,419,488 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.05.14 19:09:33 | 000,070,304 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.05.14 19:09:31 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2012.05.14 11:19:34 | 000,000,000 | ---D | C] -- C:\Users\Hans\AppData\Local\{7F0B4E88-53B6-4A08-B560-35C20B66298B}
[2012.05.14 11:19:19 | 000,000,000 | ---D | C] -- C:\Users\Hans\AppData\Local\{7CD53DE8-74FD-490E-A2C5-6CC26782EA0D}
[2012.05.13 21:42:44 | 000,000,000 | ---D | C] -- C:\Users\Hans\AppData\Local\{1D086628-0E9E-4991-AD18-F8CE35484B31}
[2012.05.13 21:42:41 | 000,000,000 | ---D | C] -- C:\Users\Hans\AppData\Local\{2502309F-9927-469E-8828-392612BCE3AB}
[2012.05.12 10:46:34 | 000,000,000 | ---D | C] -- C:\Users\Hans\AppData\Roaming\Google
[2012.05.12 10:46:15 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2012.05.12 10:31:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Google
[2012.05.12 07:57:18 | 000,000,000 | ---D | C] -- C:\Users\Hans\AppData\Local\{3E3F6AF7-4D40-40BF-BC24-C1B8D18AEF01}
[2012.05.12 07:57:13 | 000,000,000 | ---D | C] -- C:\Users\Hans\AppData\Local\{B3645A4B-EF50-448D-8D5D-7FC3D0C48D0D}
[2012.05.11 12:04:53 | 001,544,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2012.05.11 12:04:36 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012.05.11 12:04:36 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012.05.11 12:04:35 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012.05.11 09:48:32 | 000,000,000 | ---D | C] -- C:\Users\Hans\AppData\Local\{559E002D-7436-45F9-A099-7E582359F95D}
[2012.05.11 09:48:29 | 000,000,000 | ---D | C] -- C:\Users\Hans\AppData\Local\{E8A460E4-F6D2-4BB0-8CD9-54C9B223C9A1}
[2012.05.10 09:05:16 | 000,000,000 | ---D | C] -- C:\Users\Hans\AppData\Local\{9B1E772A-9416-465C-8C52-403A981AE7F2}
[2012.05.10 09:05:10 | 000,000,000 | ---D | C] -- C:\Users\Hans\AppData\Local\{6FFF86C4-DFCC-4A8A-8481-2B7A2A008DB1}
[2012.05.09 10:34:55 | 000,000,000 | ---D | C] -- C:\Users\Hans\AppData\Local\{533391A0-01B6-4892-97BD-C04369334CDB}
[2012.05.09 10:34:36 | 000,000,000 | ---D | C] -- C:\Users\Hans\AppData\Local\{4F248E98-BB80-4320-AD5A-C13978A5667F}
[2012.05.09 09:18:49 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2012.05.09 09:16:34 | 000,000,000 | ---D | C] -- C:\Users\Hans\AppData\Local\{56EF824D-EF16-47E1-972A-D63205C2464F}
[2012.05.08 21:45:19 | 000,000,000 | R--D | C] -- C:\Users\Hans\Searches
[2012.05.08 21:42:20 | 000,000,000 | ---D | C] -- C:\Users\Hans\AppData\Local\Microsoft Games
[2012.05.08 20:56:08 | 000,000,000 | ---D | C] -- C:\Users\Hans\AppData\Local\{3FEFCBEA-8AAE-4CA8-A374-0ED9C312E47F}
[2012.05.08 11:42:13 | 000,000,000 | ---D | C] -- C:\Users\Hans\AppData\Local\{7AE04051-96DF-4AC0-A456-B793653D8251}
[2012.05.07 15:16:21 | 000,000,000 | ---D | C] -- C:\Users\Hans\AppData\Local\{F5B34B15-C3DF-46C4-BBF2-83609E4693F1}
[2012.05.06 06:05:37 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2012.04.24 18:54:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in
[2012.04.24 18:54:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft
[2012.04.23 18:12:27 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2012.04.17 22:06:16 | 000,000,000 | ---D | C] -- C:\Users\Hans\Documents\deskcalc
[2012.04.17 20:23:14 | 000,000,000 | ---D | C] -- C:\gienger
[2012.04.17 17:23:49 | 000,000,000 | ---D | C] -- C:\Users\Hans\Documents\Bank Sicherung Raiba
 
========== Files - Modified Within 30 Days ==========
 
[2012.05.17 16:37:00 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.05.17 16:20:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.05.17 15:43:38 | 000,021,856 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.05.17 15:43:38 | 000,021,856 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.05.17 15:43:23 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.05.17 15:43:23 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.05.17 15:43:23 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.05.17 15:43:23 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.05.17 15:43:23 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.05.17 15:40:12 | 000,001,828 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Total Protection.lnk
[2012.05.17 15:36:29 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.05.17 15:36:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.05.17 15:36:13 | 2082,398,207 | -HS- | M] () -- C:\hiberfil.sys
[2012.05.15 10:24:00 | 000,002,090 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
[2012.05.15 10:08:57 | 026,073,958 | ---- | M] () -- C:\Users\Hans\VAGsJajGjrXgentTJaJ
[2012.05.14 19:21:57 | 000,476,960 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\npdeployJava1.dll
[2012.05.14 19:21:57 | 000,472,864 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2012.05.14 19:21:57 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2012.05.14 19:21:57 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2012.05.14 19:21:57 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2012.05.14 19:09:33 | 000,419,488 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.05.14 19:09:33 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.05.14 17:37:33 | 453,044,537 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.05.12 05:41:22 | 000,367,120 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.05.11 21:50:50 | 000,481,078 | ---- | M] () -- C:\Windows\SysWow64\winsh323
[2012.05.11 21:50:40 | 000,481,078 | ---- | M] () -- C:\Windows\SysWow64\winsh322
[2012.05.11 21:50:32 | 000,481,078 | ---- | M] () -- C:\Windows\SysWow64\winsh321
[2012.05.11 21:50:22 | 000,481,078 | ---- | M] () -- C:\Windows\SysWow64\winsh320
[2012.05.07 14:04:49 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2012.05.06 12:36:14 | 003,433,984 | ---- | M] () -- C:\Users\Hans\Documents\rTOQpUtLaQtTsyoslQE
[2012.05.01 13:01:37 | 026,023,460 | ---- | M] () -- C:\Users\Hans\egXNlvsAdpuaExD
[2012.04.26 18:38:10 | 000,481,078 | ---- | M] () -- C:\Windows\SysWow64\winsh325
[2012.04.26 18:37:48 | 000,481,078 | ---- | M] () -- C:\Windows\SysWow64\winsh324
[2012.04.23 17:47:21 | 026,020,885 | ---- | M] () -- C:\Users\Hans\gqQpJeqGqOXJtjdsNTLGy
[2012.04.18 18:36:45 | 026,008,467 | ---- | M] () -- C:\Users\Hans\AsEUotlOtjfLuXqGqVsOf
[2012.04.17 22:06:20 | 000,000,031 | ---- | M] () -- C:\Windows\DESKCALC.INI
 
========== Files Created - No Company Name ==========
 
[2012.05.17 14:32:30 | 000,481,078 | ---- | C] () -- C:\Windows\SysWow64\winsh325
[2012.05.17 14:32:30 | 000,481,078 | ---- | C] () -- C:\Windows\SysWow64\winsh324
[2012.05.17 14:32:30 | 000,481,078 | ---- | C] () -- C:\Windows\SysWow64\winsh323
[2012.05.17 14:32:30 | 000,481,078 | ---- | C] () -- C:\Windows\SysWow64\winsh322
[2012.05.17 14:32:30 | 000,481,078 | ---- | C] () -- C:\Windows\SysWow64\winsh321
[2012.05.17 14:32:30 | 000,481,078 | ---- | C] () -- C:\Windows\SysWow64\winsh320
[2012.05.15 10:24:00 | 000,002,102 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
[2012.05.15 10:24:00 | 000,002,090 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
[2012.05.14 19:09:34 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.05.12 10:46:08 | 000,001,106 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.05.12 10:46:07 | 000,001,102 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.05.07 14:04:49 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2012.04.23 18:12:26 | 453,044,537 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012.04.17 22:06:20 | 000,000,031 | ---- | C] () -- C:\Windows\DESKCALC.INI
[2012.04.13 11:06:38 | 000,016,629 | ---- | C] () -- C:\Windows\LxFrame.ini
[2012.04.13 11:01:21 | 000,000,198 | ---- | C] () -- C:\Windows\ODBCINST.ini
[2012.03.29 19:08:34 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\drivers\IntelMEFWVer.dll
[2012.03.29 19:05:54 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012.03.29 19:05:53 | 013,906,944 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2012.03.29 19:05:53 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2012.03.29 19:05:53 | 000,218,304 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2012.03.29 19:05:53 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2012.03.29 19:03:22 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2012.03.29 19:03:02 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2010.10.27 14:55:30 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\FKStampPainter20.dll
 
========== LOP Check ==========
 
[2012.05.17 14:31:51 | 000,000,000 | ---D | M] -- C:\Users\Hans\AppData\Roaming\Flwpnghm
[2012.05.17 14:40:48 | 000,000,000 | ---D | M] -- C:\Users\Hans\AppData\Roaming\InfraRecorder
[2012.04.13 11:34:25 | 000,000,000 | ---D | M] -- C:\Users\Hans\AppData\Roaming\Lexware
[2012.05.15 10:24:03 | 000,000,000 | ---D | M] -- C:\Users\Hans\AppData\Roaming\Thunderbird
[2012.04.26 22:24:13 | 000,000,000 | ---D | M] -- C:\Users\Hans\AppData\Roaming\Windows Live Writer
[2009.07.14 07:08:49 | 000,023,814 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
         
--- --- ---

------------------------------------------------------------------------
OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 17.05.2012 16:52:16 - Run 2
OTL by OldTimer - Version 3.2.43.0     Folder = C:\Users\Hans\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,92 Gb Total Physical Memory | 5,69 Gb Available Physical Memory | 71,83% Memory free
15,84 Gb Paging File | 13,52 Gb Available in Paging File | 85,40% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,66 Gb Total Space | 419,39 Gb Free Space | 90,06% Space Free | Partition Type: NTFS
 
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0786EDB3-7C34-4F2A-890B-1173ABC41430}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{0E5D0F20-DFAB-4896-8BA8-5965A2227F5F}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{35F81879-F363-45F7-A9A5-51909F76EAB2}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{45A4E810-6843-4211-9F9D-89B4307050E9}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{49BB0048-073A-4474-A80F-3CF33F03511C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{4A263D44-7DA5-4537-A8B0-82EAA1D553B7}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{5198D093-4E8C-4063-B288-2D741CDB87A2}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{51AC4ACA-5EE9-4E72-B4D2-ADF9647B3ECF}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{580B28BE-B332-4589-89F7-F5251B43D863}" = rport=137 | protocol=17 | dir=out | app=system | 
"{5EE13CF4-2C26-4BD8-A4F6-FDC0AB1380A5}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{63D3785C-D091-4B02-8B92-D40D1C8489F3}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{69800712-9FAA-4C88-A1FC-B3B996243EE1}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{6E553499-CFB9-496D-ADD5-002381B33FA7}" = lport=139 | protocol=6 | dir=in | app=system | 
"{712BAE5F-4559-4CDD-A1E8-0D7ED766347C}" = lport=445 | protocol=6 | dir=in | app=system | 
"{7205CCDD-C466-4AD1-955B-304C8332A60D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{74522A33-C37E-4D12-BA4C-19971631025A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{797DB5D3-2C84-4823-AF79-1DD8D19010A6}" = lport=138 | protocol=17 | dir=in | app=system | 
"{8AD1E656-6D1F-40FC-89C1-10EC3D477463}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{8C3CC8C3-8BAF-4A6E-A85A-56E8810E608E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{96FF29F4-09AB-4C30-88F9-7476D87E22E0}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{9AFBF07C-262F-41D6-9DCE-DA79F1E7B5B3}" = rport=139 | protocol=6 | dir=out | app=system | 
"{9FAE45B7-E9B7-456F-9CE3-58B74E24D1E3}" = rport=138 | protocol=17 | dir=out | app=system | 
"{C2E3596C-1CE0-40B7-AD0B-A14CB7C106B8}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{DFEA57BE-14F6-4AD4-B7BC-22CC0CB25D1C}" = lport=137 | protocol=17 | dir=in | app=system | 
"{EDCFCA27-2080-4663-92E7-5F04CFC605A3}" = rport=445 | protocol=6 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{016C8076-B003-4FAB-B295-6DF83CAB0950}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{10DC47C2-025F-4BD9-95F9-011AF33AEA74}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{15167430-7227-4B1F-87A8-3CD3FABA9C45}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{1AB4969A-410D-4ED6-BF5B-E407DA9E3233}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{26324441-D7DD-49E9-8E20-0BF73C2F1950}" = protocol=17 | dir=in | app=c:\program files (x86)\starmoney 8.0\app\starmoney.exe | 
"{332D0FA2-FEC0-4826-9084-AE16796B2D19}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{6668BFC7-2B26-4ECE-B425-8B88F2A78342}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{680C9A3E-86D7-4DC3-AC4C-772E34A86A43}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{93775BA9-250A-4A12-9A36-82E0FD36734F}" = protocol=17 | dir=in | app=c:\program files (x86)\starmoney 8.0\ouservice\starmoneyonlineupdate.exe | 
"{991DB5CB-48E0-43AB-8A17-1DD82A9D383A}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{9F6ED1C6-9E71-4371-B51B-03EFE4F94FA8}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{A2BBA8C7-556B-48CB-BDC6-3862FFD87D74}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{B94C8605-5B28-4A13-A0EB-D5053583F5EE}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
"{C53CD739-E33E-4913-A466-E4649CA0F4A4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{CB1E4401-4E29-4875-91FD-F9D0C314AD5B}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{CE8A2A0D-8259-4F72-ADF0-103E6603DE5A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{CEE14D10-1131-4D9C-86EC-1F959BF051B9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{D276884C-9527-44F6-9119-A0FC23E6D87B}" = protocol=6 | dir=in | app=c:\program files (x86)\starmoney 8.0\ouservice\starmoneyonlineupdate.exe | 
"{E22CC2FF-F5B2-4522-8F6E-1938695CA4D3}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{E36541AE-723D-46CF-ACB8-D16494D21BAA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{E50368A9-0F0F-4D96-B8DE-99ED35AAE454}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{E6FB3781-0DAD-4B1E-BD99-03087B809AB6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{EB66E2A7-AD98-457F-A0E3-3783D1C21456}" = protocol=6 | dir=out | app=system | 
"{F0BE0072-6CCA-49BD-B597-D682C0EAEDFA}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
"{F43C89CD-93ED-492D-BC11-0F30D317196C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{FCD4BB4C-01FB-4480-96C7-6ABB7588958D}" = protocol=6 | dir=in | app=c:\program files (x86)\starmoney 8.0\app\starmoney.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{26A24AE4-039D-4CA4-87B4-2F86417000FF}" = Java(TM) 7 (64-bit)
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{CFF4500E-C5D6-695D-A027-B3D4DDED2CC3}" = McAfee Online Backup
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"CANONIJINBOXADDON100" = Canon Inkjet Printer Driver Add-On Module
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java(TM) 6 Update 32
"{27C467F8-F8EF-4f68-BD72-D63632B2096C}" = McAfee Online Backup
"{2E290305-56EB-4F91-A7A4-8EB9C6AAA0C3}" = Lexware warenwirtschaft pro Servicepack Systemdatum 2009
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{34D99953-2606-432C-AEE7-B391C6C68474}" = Lexware warenwirtschaft pro 2009
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4F66CF90-778F-49CB-A320-43919B73A156}" = Lexware warenwirtschaft pro Servicepack Mai 2009, Version 9.50
"{59624372-3B85-47f4-9B04-4911E551DF1E}" = Lexware Info Service
"{5B12C1F2-A0BC-40E8-97F8-A4854C5F494E}" = StarMoney
"{62B7C52C-CAB6-48B1-8245-52356C141C92}" = RENESIS® Player Browser Plugins
"{63B9224A-89C9-44E6-8252-5F2F73A71C54}" = StarMoney
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{7016EC53-EE81-42B6-B4FF-18BB103B0AA3}" = Lexware warenwirtschaft pro Servicepack Mai 2009, Version 9.50
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7895E7FF-C210-4C01-88EB-8B902140B22D}" = StarMoney
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{879C52A2-FF9A-4CB5-BB74-B0DA994ABB2A}" = StarMoney
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B398F256-CA15-4D8D-BCF1-DCAFF000198D}" = Lexware warenwirtschaft pro 2009
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{CD1C148D-4E12-4D5E-935A-84D6603D1D08}" = StarMoney 8.0 
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}" = Etron USB3.0 Host Controller
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{EC2F8A30-787F-4DA5-9A8F-8E7DFE777CC2}" = Servicepack Datumsaktualisierung
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F5BB8FAD-2BA1-4BA5-A5B5-607676118C47}" = Lexware warenwirtschaft pro Servicepack Systemdatum 2009
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"InfraRecorder" = InfraRecorder
"Mozilla Thunderbird 12.0.1 (x86 de)" = Mozilla Thunderbird 12.0.1 (x86 de)
"MSC" = McAfee Total Protection
"Picasa 3" = Picasa 3
"VLC media player" = VLC media player 2.0.0
"WinLiveSuite" = Windows Live Essentials
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 17.05.2012 08:50:35 | Computer Name = Hans-PC | Source = SignInAssistant | ID = 0
Description = 
 
Error - 17.05.2012 08:52:07 | Computer Name = Hans-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 17.05.2012 08:52:41 | Computer Name = Hans-PC | Source = VSS | ID = 8194
Description = 
 
Error - 17.05.2012 09:22:30 | Computer Name = Hans-PC | Source = SignInAssistant | ID = 0
Description = 
 
Error - 17.05.2012 09:24:03 | Computer Name = Hans-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 17.05.2012 09:24:39 | Computer Name = Hans-PC | Source = VSS | ID = 8194
Description = 
 
Error - 17.05.2012 09:31:47 | Computer Name = Hans-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 17.05.2012 09:36:31 | Computer Name = Hans-PC | Source = SignInAssistant | ID = 0
Description = 
 
Error - 17.05.2012 09:38:07 | Computer Name = Hans-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 17.05.2012 10:17:52 | Computer Name = Hans-PC | Source = MsiInstaller | ID = 11706
Description = 
 
[ System Events ]
Error - 17.05.2012 09:30:13 | Computer Name = Hans-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "SMB 2.0-Miniredirector" ist vom Dienst "SMB-Miniredirector-Wrapper
 und -Modul" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 17.05.2012 09:30:13 | Computer Name = Hans-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "NLA (Network Location Awareness)" ist vom Dienst "Netzwerkspeicher-Schnittstellendienst"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 17.05.2012 09:30:13 | Computer Name = Hans-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "McAfee McShield" ist vom Dienst "McAfee Validation Trust
 Protection Service" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
   %%1068
 
Error - 17.05.2012 09:30:13 | Computer Name = Hans-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "McAfee Firewall Core Service" ist vom Dienst "McAfee Validation
 Trust Protection Service" abhängig, der aufgrund folgenden Fehlers nicht gestartet
 wurde:   %%1068
 
Error - 17.05.2012 09:30:13 | Computer Name = Hans-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "McAfee Anti-Spam Service" ist vom Dienst "McAfee Firewall
 Core Service" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 17.05.2012 09:30:13 | Computer Name = Hans-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "McAfee Proxy Service" ist vom Dienst "McAfee Firewall 
Core Service" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 17.05.2012 09:30:13 | Computer Name = Hans-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   AFD  DfsC  discache  mfehidk  mfenlfk  MOBKFilter  NetBIOS  NetBT  nsiproxy  Psched  rdbss  spldr  tdx  Wanarpv6
WfpLwf
 
Error - 17.05.2012 09:34:17 | Computer Name = Hans-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 17.05.2012 09:34:58 | Computer Name = Hans-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 17.05.2012 09:36:28 | Computer Name = Hans-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 StarMoney 8.0 OnlineUpdate erreicht.
 
 
< End of report >
         
--- --- ---


-------------------------------------------------------------------------


CCleaner ausgeführt

ach ja weder McAfee noch sämtliche anderen Sicherheitseinrichtungen haben bemerkt, dass es sich bei der Email um einen Virus handelt! Auch t-online nicht über die das Email konto lief!

so denke das war alles...


Vielen dank im Vorraus

mfg

Geändert von cross89 (17.05.2012 um 17:55 Uhr)

Alt 17.05.2012, 17:48   #2
markusg
/// Malware-holic
 
Ukash Virus - Standard

Ukash Virus



hi,
an solchen mails mit rechnung, mahnung und sonstigen anhängen, von unbekannten absendern bin ich interessiert.
wenn du ein mail programm nutzt, dann mail markieren, rechtsklick, speichern unter, typ:
.eml einstellen.
dann mail an:
http://markusg.trojaner-board.de
dort die soeben erstellte datei anhängen.
wenn du deine mails über den browser abrufst, sag mir mal welchen anbieter du nutzt, dann geht das ein bisschen anders.
bitte warne freunde, bekannte, verwante etc vor dieser masche, und lasse ihnen ruhig diese mail adresse zukommen.
sie können dann dorthin solche verdächtigen mails senden.
diese helfen uns dann, angemessen auf neue bedrohungen zu reagieren, da diese schadsoftware auch updates erhält ist das wichtig.

welche programme hast du in msconfig deaktiviert?
wie ist das datei namens chema der verschlüsselten dateien?
__________________

__________________

Alt 17.05.2012, 18:30   #3
cross89
 
Ukash Virus - Standard

Ukash Virus



Thunderbird wurde komplett deaktiviert... und die Emails verschlüsselt oder so...

Anbieter ist T-online.de

Habe folgende Funktionen in der msconfig deaktiviert, da ich diese nicht installierte oder die Funktion als Verdächtig hielt.

deaktivierte dienste: sämtliche google dienste, 1% von McAfee, Microsoft Software Schattenanbieter, Server für Treadsortierung, volumeschattenkopie

deaktivierte systemstartprogramme: Code::Blocks von The Code::BlocksTeam und swg ein google toolbar programm


weiteres ist mir aufgefallen, dass Taskmanager und die Registry deaktiviert wurden!



Würde mich um Hilfe echt freuen!

Namesschema der Verschlüsselten dateien: z.b. AsEUotlOtjfLuXqGqVsOf oder EdjdqOerGyxAJlLVEragf

alles wirre Namen...

Das war ein wichtiger Büro-PC dessen Daten nun verschlüsselt sind...

Wenn ich diese entschlüsseln kann erfolgt sofort eine Sicherung und dann eine formatierung!

Vielen Dank im Vorraus

mfg
__________________

Geändert von cross89 (17.05.2012 um 18:37 Uhr)

Alt 22.05.2012, 19:52   #4
markusg
/// Malware-holic
 
Ukash Virus - Standard

Ukash Virus



hi
versuchs mal hiermit:
http://www.trojaner-board.de/115496-...tml#post831090
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Antwort

Themen zu Ukash Virus
acrobat update, autorun, browser, cpu, disabletaskmgr, email, error, excel, firefox, flash player, format, google, helper, home, install.exe, langs, lexware, logfile, mcafee firewall, msiinstaller, notification, object, proxy, realtek, rundll, searchscopes, security, siteadvisor, software, starmoney, svchost.exe, system, ukash virus, usb, usb 3.0, virus, windows, windows 7 home



Ähnliche Themen: Ukash Virus


  1. BKA/UKASH Virus
    Plagegeister aller Art und deren Bekämpfung - 01.07.2013 (8)
  2. Ukash Virus eingefangen
    Plagegeister aller Art und deren Bekämpfung - 30.04.2013 (2)
  3. Ukash - Virus
    Plagegeister aller Art und deren Bekämpfung - 16.01.2013 (15)
  4. Ukash-Virus
    Log-Analyse und Auswertung - 11.01.2013 (7)
  5. Ukash Virus
    Plagegeister aller Art und deren Bekämpfung - 17.10.2012 (15)
  6. UKash Virus
    Plagegeister aller Art und deren Bekämpfung - 29.09.2012 (2)
  7. BKA/Ukash Virus
    Plagegeister aller Art und deren Bekämpfung - 29.09.2012 (28)
  8. Ukash Virus?
    Plagegeister aller Art und deren Bekämpfung - 30.08.2012 (23)
  9. Virus blockiert PC! Gema Bundestrojaner Virus - 50 euro Ukash?
    Plagegeister aller Art und deren Bekämpfung - 06.05.2012 (4)
  10. Ukash Virus wie entfernen?
    Plagegeister aller Art und deren Bekämpfung - 15.03.2012 (1)
  11. 50 € Ukash/Paysafe Virus :(
    Log-Analyse und Auswertung - 21.01.2012 (1)
  12. ukash/BKA - Virus
    Log-Analyse und Auswertung - 14.12.2011 (36)
  13. GEMA ukash virus
    Log-Analyse und Auswertung - 11.12.2011 (54)
  14. BKA Virus - Ukash 100€
    Log-Analyse und Auswertung - 24.11.2011 (22)
  15. Bundespolizei/ukash virus
    Log-Analyse und Auswertung - 05.06.2011 (1)
  16. BKA-Ukash-virus
    Log-Analyse und Auswertung - 21.05.2011 (83)
  17. BKA-Ukash Virus
    Mülltonne - 27.04.2011 (3)

Zum Thema Ukash Virus - Hallo, mein Vater hat sich auch den Ukash Virus eingefangen. Konnte nur noch über den abgesicherten Modus starten. Daraufhin habe ich alle mir merkwürdig erscheinenden Programme aus msconfig deaktiviert. dauraufhin - Ukash Virus...
Archiv
Du betrachtest: Ukash Virus auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.