| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Win 7: BKA Trojaner - UkashWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
25.07.2012, 17:49
| #1 |
 |  Win 7: BKA Trojaner - Ukash Hallo, ich habe ein Problem mit dem BKA-Trojaner. Ich komme im normalen Modus nicht in den PC rein. Nach wenigen Minuten wird wieder mein Bildschirm durch das "BKA" gesperrt(, was ich durch Zahlung entsperren kann....) Ich habe im abgesicherten Modus kein Internet, sodass ich kein OTL herunterladen kann. Wäre über jegliche Hilfe sehr dankbar! Grüße, P. Geändert von A22 (25.07.2012 um 18:03 Uhr) |
|
25.07.2012, 18:13
| #2 |
| /// Helfer-Team  |  Win 7: BKA Trojaner - Ukash Mit einem sauberen 2. Rechner eine OTLPE-CD erstellen und den infizierten Rechner dann von dieser CD booten: Falls Du kein Brennprogramm installiert hast, lade dir bitte ISOBurner herunter. Das Programm wird Dir erlauben, OTLPE auf eine CD zu brennen und sie bootfähig zu machen. Du brauchst das Tool nur zu installieren, der Rest läuft automatisch => Wie brenne ich eine ISO Datei auf CD/DVD.
__________________ |
|
25.07.2012, 18:16
| #3 |
| | Win 7: BKA Trojaner - Ukash Hallo t'john,
__________________ich habe es doch hinbekommen. OTL -Log-File folgt gleich! Danke! OTL Logfile: Code:
ATTFilter OTL logfile created on: 7/25/2012 7:10:21 PM - Run 1 OTL by OldTimer - Version 3.2.54.1 Folder = C:\Users\***\Desktop Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2.99 Gb Total Physical Memory | 2.28 Gb Available Physical Memory | 76.20% Memory free 5.98 Gb Paging File | 5.22 Gb Available in Paging File | 87.29% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files Drive C: | 147.15 Gb Total Space | 59.03 Gb Free Space | 40.12% Space Free | Partition Type: NTFS Drive D: | 135.84 Gb Total Space | 135.74 Gb Free Space | 99.93% Space Free | Partition Type: NTFS Computer Name: ***-PC | User Name: *** | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/07/25 19:09:15 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe PRC - [2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe ========== Modules (No Company Name) ========== MOD - [2012/07/10 06:09:00 | 000,438,296 | ---- | M] () -- C:\Users\***\AppData\Local\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll MOD - [2012/07/10 06:08:59 | 003,972,120 | ---- | M] () -- C:\Users\***\AppData\Local\Google\Chrome\Application\20.0.1132.57\pdf.dll MOD - [2012/07/10 06:07:22 | 000,140,328 | ---- | M] () -- C:\Users\***\AppData\Local\Google\Chrome\Application\20.0.1132.57\avutil-51.dll MOD - [2012/07/10 06:07:21 | 000,262,184 | ---- | M] () -- C:\Users\***\AppData\Local\Google\Chrome\Application\20.0.1132.57\avformat-54.dll MOD - [2012/07/10 06:07:19 | 002,386,984 | ---- | M] () -- C:\Users\***\AppData\Local\Google\Chrome\Application\20.0.1132.57\avcodec-54.dll ========== Win32 Services (SafeList) ========== SRV - [2012/07/20 02:09:41 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012/07/03 13:19:28 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012/05/08 18:46:13 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012/05/08 18:46:11 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012/01/18 14:38:28 | 000,155,320 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion) SRV - [2012/01/14 03:26:16 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2011/09/28 03:09:56 | 000,482,992 | ---- | M] (Crawler.com) [Auto | Stopped] -- C:\Program Files\Spyware Terminator\st_rsser.exe -- (ST2012_Svc) SRV - [2011/06/10 22:54:55 | 000,641,464 | ---- | M] (Cisco Systems, Inc.) [Auto | Stopped] -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent) SRV - [2009/07/14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009/07/14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV - [2009/03/05 11:54:50 | 000,311,296 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\Rezip.exe -- (Rezip) SRV - [2007/12/17 15:00:00 | 000,143,872 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Stopped] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE -- (EPSON_EB_RPCV4_01) SRV - [2007/01/11 15:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Stopped] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE -- (EPSON_PM_RPCV4_01) ========== Driver Services (SafeList) ========== DRV - [2012/05/08 18:46:14 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2012/05/08 18:46:14 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2012/03/02 13:01:44 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV - [2011/12/13 03:32:24 | 002,228,224 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2011/12/07 00:48:29 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggsemc.sys -- (ggsemc) DRV - [2011/12/07 00:48:29 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggflt.sys -- (ggflt) DRV - [2011/10/11 15:00:01 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2011/06/21 11:24:06 | 000,032,768 | ---- | M] () [Kernel | System | Stopped] -- C:\Windows\System32\drivers\sp_rsdrv2.sys -- (sp_rsdrv2) DRV - [2011/06/10 22:42:41 | 000,019,192 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vpnva.sys -- (vpnva) DRV - [2010/11/20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010/11/20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010/06/17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2010/01/08 08:39:36 | 009,935,016 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2009/11/25 23:32:16 | 000,125,824 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Impcd.sys -- (Impcd) DRV - [2009/09/28 11:22:00 | 000,315,392 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7) DRV - [2009/07/14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp) DRV - [2009/06/27 16:55:12 | 000,066,080 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA) DRV - [2008/10/21 11:22:48 | 000,114,600 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017mdm.sys -- (s0017mdm) DRV - [2008/10/21 11:22:48 | 000,109,736 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017unic.sys -- (s0017unic) DRV - [2008/10/21 11:22:48 | 000,108,328 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017mgmt.sys -- (s0017mgmt) DRV - [2008/10/21 11:22:48 | 000,104,616 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017obex.sys -- (s0017obex) DRV - [2008/10/21 11:22:48 | 000,086,824 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017bus.sys -- (s0017bus) DRV - [2008/10/21 11:22:48 | 000,026,024 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017nd5.sys -- (s0017nd5) DRV - [2008/10/21 11:22:48 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017mdfl.sys -- (s0017mdfl) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Hiergehtslos.de - Mein Startfenster im Internet IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "gmx.de" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..keyword.URL: "hxxp://www.google.com/search?sourceid=navclient&hl=de&q=" FF - prefs.js..network.proxy.backup.ftp: "" FF - prefs.js..network.proxy.backup.ftp_port: 0 FF - prefs.js..network.proxy.backup.gopher: "" FF - prefs.js..network.proxy.backup.gopher_port: 0 FF - prefs.js..network.proxy.backup.socks: "" FF - prefs.js..network.proxy.backup.socks_port: 0 FF - prefs.js..network.proxy.backup.ssl: "" FF - prefs.js..network.proxy.backup.ssl_port: 0 FF - prefs.js..network.proxy.ftp: "128.112.139.82" FF - prefs.js..network.proxy.ftp_port: 3127 FF - prefs.js..network.proxy.gopher: "128.112.139.82" FF - prefs.js..network.proxy.gopher_port: 3127 FF - prefs.js..network.proxy.http: "128.112.139.82" FF - prefs.js..network.proxy.http_port: 3127 FF - prefs.js..network.proxy.share_proxy_settings: true FF - prefs.js..network.proxy.socks: "128.112.139.82" FF - prefs.js..network.proxy.socks_port: 3127 FF - prefs.js..network.proxy.ssl: "128.112.139.82" FF - prefs.js..network.proxy.ssl_port: 3127 FF - prefs.js..network.proxy.type: 0 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32_11_3_300_257.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00: C:\Program Files\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.) FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\***\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\***\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/01/13 15:43:14 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/20 02:09:41 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/02/06 17:56:55 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/20 02:09:41 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/02/06 17:56:55 | 000,000,000 | ---D | M] [2011/04/19 17:11:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2012/07/25 10:50:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\9odxqsya.default\extensions [2012/05/17 12:56:20 | 000,000,000 | ---D | M] (Winamp Toolbar) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\9odxqsya.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f} [2011/06/16 11:36:15 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\9odxqsya.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2012/05/18 11:16:30 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\9odxqsya.default\extensions\ich@maltegoetz.de [2012/07/05 09:52:31 | 000,000,000 | ---D | M] (Zotero) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\9odxqsya.default\extensions\zotero@chnm.gmu.edu [2011/06/25 23:28:28 | 000,002,354 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\9odxqsya.default\searchplugins\aol-web-search.xml [2012/03/19 12:24:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions [2012/07/12 10:09:41 | 000,061,228 | ---- | M] () (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9ODXQSYA.DEFAULT\EXTENSIONS\{9AA46F4F-4DC7-4C06-97AF-5035170634FE}.XPI [2012/02/25 12:04:00 | 000,164,722 | ---- | M] () (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9ODXQSYA.DEFAULT\EXTENSIONS\COMPATIBILITY@ADDONS.MOZILLA.ORG.XPI [2012/07/20 02:09:41 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012/02/25 12:12:28 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2012/01/23 12:50:38 | 000,170,080 | ---- | M] (Tracker Software Products (Canada) Ltd.) -- C:\Program Files\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll [2011/07/11 23:48:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll [2011/10/02 18:08:02 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2011/10/02 18:08:02 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2011/10/02 18:08:02 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2011/10/02 18:08:01 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2011/10/02 18:08:01 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2011/10/02 18:08:01 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: Google CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: Google CHR - plugin: Shockwave Flash (Disabled) = C:\Users\***\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\20.0.1132.57\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\windows\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\20.0.1132.57\pdf.dll CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll CHR - plugin: downloadUpdater (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdnu.dll CHR - plugin: downloadUpdater2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dll CHR - plugin: PDF-XChange Viewer (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npPDFXCviewNPPlugin.dll CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npwachk.dll CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll CHR - plugin: Media Go Detector (Enabled) = C:\Program Files\Sony\Media Go\npmediago.dll CHR - plugin: PlayStation(R)Network Downloader Check Plug-in (Enabled) = C:\Program Files\Sony\PLAYSTATION Network Downloader\nppsndl.dll CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: Google Translate = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\1.2.3.1_0\ CHR - Extension: Google Drive = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6_0\ CHR - Extension: Turn Off the Lights = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn\2.1_0\ CHR - Extension: YouTube = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google-Suche = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Verr\u00FCckte Achterbahn = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\eafhgomkapdagnpmmgilphbolnejepoc\1.0_0\ CHR - Extension: AdBlock = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.38_0\ CHR - Extension: Evernote Web = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbol\1.0.7_0\ CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\ CHR - Extension: Evernote Web Clipper = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc\5.5.1_0\ CHR - Extension: Google Mail = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2009/06/10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL Inc.) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL Inc.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4 - HKLM..\Run: [APLangApp] C:\Program Files\AnyPC Client\APLangApp.exe (DoctorSoft) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [Eraser] "C:\PROGRA~1\Eraser\Eraser.exe" --atRestart File not found O4 - HKLM..\Run: [NvCplDaemon] C:\windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe (CyberLink Corp.) O4 - HKLM..\Run: [RemoteControl8] C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.) O4 - HKLM..\Run: [SpywareTerminatorShield] C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe (Crawler.com) O4 - HKLM..\Run: [SpywareTerminatorUpdater] C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe (Crawler.com) O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdatePDRShortCut] C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdatePPShortCut] C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.) O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKCU..\Run: [EPSON Stylus SX400 Series] C:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIEGE.EXE (SEIKO EPSON CORPORATION) O4 - HKCU..\Run: [Sony PC Companion] C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe (Sony) O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\***\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe () O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B98CEE83-F7BC-467C-909F-992CC6526E86}: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{3e60093b-2049-11e1-bd72-002454828e22}\Shell - "" = AutoRun O33 - MountPoints2\{3e60093b-2049-11e1-bd72-002454828e22}\Shell\AutoRun\command - "" = F:\Startme.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012/07/25 19:09:17 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2012/07/25 19:00:03 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\ElevatedDiagnostics [2012/07/24 11:53:53 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Environmental_Economics_of_Developing_Countries-Dokumente [2012/07/12 00:12:10 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mshtml.tlb [2012/07/12 00:12:09 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieui.dll [2012/07/12 00:12:09 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieUnatt.exe [2012/07/12 00:12:09 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jsproxy.dll [2012/07/12 00:12:08 | 001,800,192 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jscript9.dll [2012/07/12 00:12:08 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\url.dll [2012/07/12 00:12:07 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\inetcpl.cpl [2012/07/12 00:08:02 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\win32k.sys [2012/07/11 22:30:24 | 000,219,136 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ncrypt.dll [2012/07/11 22:30:11 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msxml3r.dll [2012/07/11 22:30:10 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\cdosys.dll [2012/07/10 11:14:33 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Turbo Lister [2012/07/10 10:52:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay [2012/07/10 10:52:08 | 000,000,000 | ---D | C] -- C:\ProgramData\eBay [2012/07/10 10:52:08 | 000,000,000 | ---D | C] -- C:\Program Files\eBay [2012/07/09 16:01:36 | 000,000,000 | ---D | C] -- C:\Program Files\FireArc Arcade [2012/07/09 14:59:36 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\qdvd.dll [2012/07/01 23:17:27 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{E6D37B4C-FB8F-4489-801B-C869A793E0DC} [2012/06/30 18:40:09 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Archiv ========== Files - Modified Within 30 Days ========== [2012/07/25 19:20:50 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys [2012/07/25 19:20:10 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012/07/25 19:17:55 | 010,652,120 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\***\Desktop\mbam-setup-1.62.0.1300.exe [2012/07/25 19:09:15 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2012/07/25 19:05:21 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2012/07/25 19:05:16 | 3209,216,000 | -HS- | M] () -- C:\hiberfil.sys [2012/07/25 18:44:13 | 000,014,512 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/07/25 18:44:13 | 000,014,512 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/07/25 18:25:00 | 000,001,096 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job [2012/07/25 17:44:48 | 004,503,728 | ---- | M] () -- C:\ProgramData\z7_0ytr.pad [2012/07/25 17:39:18 | 000,001,092 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job [2012/07/25 17:35:46 | 000,001,879 | ---- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk [2012/07/25 17:10:00 | 000,001,120 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-2339853823-2107313754-116825072-1000UA.job [2012/07/25 13:10:00 | 000,001,068 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-2339853823-2107313754-116825072-1000Core.job [2012/07/24 10:58:02 | 000,002,619 | ---- | M] () -- C:\Users\***\Desktop\dateiliste.csv [2012/07/23 23:08:24 | 000,049,310 | ---- | M] () -- C:\Users\***\Desktop\not.JPG [2012/07/20 19:37:20 | 000,557,417 | ---- | M] () -- C:\Users\***\Desktop\Intensivsprachkurs.pdf [2012/07/12 10:18:29 | 000,002,397 | ---- | M] () -- C:\Users\***\Desktop\Google Chrome.lnk [2012/07/12 10:02:45 | 000,428,744 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT [2012/07/10 11:03:28 | 000,654,166 | ---- | M] () -- C:\windows\System32\perfh007.dat [2012/07/10 11:03:28 | 000,616,008 | ---- | M] () -- C:\windows\System32\perfh009.dat [2012/07/10 11:03:28 | 000,130,006 | ---- | M] () -- C:\windows\System32\perfc007.dat [2012/07/10 11:03:28 | 000,106,388 | ---- | M] () -- C:\windows\System32\perfc009.dat [2012/07/09 16:01:42 | 000,002,907 | ---- | M] () -- C:\Users\***\Desktop\FireArc Arcade.lnk [2012/07/05 22:31:17 | 000,001,089 | ---- | M] () -- C:\Users\***\Dokumente - Verknüpfung.lnk [2012/07/04 14:28:21 | 000,079,464 | ---- | M] () -- C:\Users\***\Desktop\flug.JPG [2012/07/03 15:39:46 | 000,001,972 | ---- | M] () -- C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk [2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys [2012/06/30 19:41:00 | 000,001,180 | ---- | M] () -- C:\Users\Public\Desktop\R i386 2.15.1.lnk ========== Files Created - No Company Name ========== [2012/07/25 17:35:46 | 004,503,728 | ---- | C] () -- C:\ProgramData\z7_0ytr.pad [2012/07/25 17:35:46 | 000,001,879 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk [2012/07/23 23:08:13 | 000,049,310 | ---- | C] () -- C:\Users\***\Desktop\not.JPG [2012/07/20 19:37:20 | 000,557,417 | ---- | C] () -- C:\Users\***\Desktop\Intensivsprachkurs.pdf [2012/07/09 16:01:42 | 000,002,907 | ---- | C] () -- C:\Users\***\Desktop\FireArc Arcade.lnk [2012/07/09 16:01:41 | 000,002,867 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FireArc Arcade.lnk [2012/07/05 22:31:17 | 000,001,089 | ---- | C] () -- C:\Users\***\Dokumente - Verknüpfung.lnk [2012/07/04 14:28:18 | 000,079,464 | ---- | C] () -- C:\Users\***\Desktop\flug.JPG [2012/07/03 15:39:46 | 000,001,972 | ---- | C] () -- C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk [2012/06/30 19:41:00 | 000,001,180 | ---- | C] () -- C:\Users\Public\Desktop\R i386 2.15.1.lnk [2012/04/02 12:38:03 | 000,000,867 | ---- | C] () -- C:\Users\***\.recently-used.xbel [2011/12/01 10:58:34 | 000,000,032 | ---- | C] () -- C:\Users\***\.simfy [2011/10/17 19:13:20 | 000,032,768 | ---- | C] () -- C:\windows\System32\drivers\sp_rsdrv2.sys [2011/05/28 00:38:59 | 000,175,616 | ---- | C] () -- C:\windows\System32\unrar.dll [2011/05/28 00:38:58 | 000,000,038 | ---- | C] () -- C:\windows\avisplitter.ini [2011/05/28 00:38:53 | 000,631,808 | ---- | C] () -- C:\windows\System32\xvidcore.dll [2011/05/28 00:38:53 | 000,243,200 | ---- | C] () -- C:\windows\System32\xvidvfw.dll [2011/05/28 00:38:51 | 000,080,896 | ---- | C] () -- C:\windows\System32\ff_vfw.dll [2011/04/21 13:47:19 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2011/04/19 17:33:22 | 000,111,932 | ---- | C] () -- C:\windows\System32\EPPICPrinterDB.dat [2011/04/19 17:33:22 | 000,031,053 | ---- | C] () -- C:\windows\System32\EPPICPattern131.dat [2011/04/19 17:33:22 | 000,027,417 | ---- | C] () -- C:\windows\System32\EPPICPattern121.dat [2011/04/19 17:33:22 | 000,026,154 | ---- | C] () -- C:\windows\System32\EPPICPattern1.dat [2011/04/19 17:33:22 | 000,024,903 | ---- | C] () -- C:\windows\System32\EPPICPattern3.dat [2011/04/19 17:33:22 | 000,021,390 | ---- | C] () -- C:\windows\System32\EPPICPattern5.dat [2011/04/19 17:33:22 | 000,020,148 | ---- | C] () -- C:\windows\System32\EPPICPattern2.dat [2011/04/19 17:33:22 | 000,011,811 | ---- | C] () -- C:\windows\System32\EPPICPattern4.dat [2011/04/19 17:33:22 | 000,004,943 | ---- | C] () -- C:\windows\System32\EPPICPattern6.dat [2011/04/19 17:33:22 | 000,001,146 | ---- | C] () -- C:\windows\System32\EPPICPresetData_DU.dat [2011/04/19 17:33:22 | 000,001,139 | ---- | C] () -- C:\windows\System32\EPPICPresetData_PT.dat [2011/04/19 17:33:22 | 000,001,139 | ---- | C] () -- C:\windows\System32\EPPICPresetData_BP.dat [2011/04/19 17:33:22 | 000,001,136 | ---- | C] () -- C:\windows\System32\EPPICPresetData_ES.dat [2011/04/19 17:33:22 | 000,001,129 | ---- | C] () -- C:\windows\System32\EPPICPresetData_FR.dat [2011/04/19 17:33:22 | 000,001,129 | ---- | C] () -- C:\windows\System32\EPPICPresetData_CF.dat [2011/04/19 17:33:22 | 000,001,120 | ---- | C] () -- C:\windows\System32\EPPICPresetData_IT.dat [2011/04/19 17:33:22 | 000,001,107 | ---- | C] () -- C:\windows\System32\EPPICPresetData_GE.dat [2011/04/19 17:33:22 | 000,001,104 | ---- | C] () -- C:\windows\System32\EPPICPresetData_EN.dat [2011/04/19 17:33:22 | 000,000,097 | ---- | C] () -- C:\windows\System32\PICSDK.ini [2011/04/19 17:30:54 | 000,000,025 | ---- | C] () -- C:\windows\CDE SX400DEFGIPS.ini [2010/06/15 00:09:19 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe ========== LOP Check ========== [2012/03/02 13:04:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools Lite [2012/07/25 17:40:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Dropbox [2011/04/19 23:59:23 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\EPSON [2011/06/09 11:42:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Foxit Software [2011/07/11 13:10:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\go [2012/04/02 12:38:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\gtk-2.0 [2011/06/03 14:55:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Klipfolio [2011/04/20 00:01:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Lingo4u [2011/07/11 13:26:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Opera [2012/05/09 17:04:53 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\pdfforge [2011/04/22 22:37:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PlayFirst [2011/05/06 12:26:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Simfy [2011/12/28 17:13:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Sony [2012/07/24 00:44:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Spotify [2011/10/17 19:13:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Spyware Terminator [2011/04/19 23:08:15 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SumatraPDF [2012/06/13 11:00:31 | 000,032,640 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:ABE89FFE < End of report > OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 7/25/2012 7:10:21 PM - Run 1
OTL by OldTimer - Version 3.2.54.1 Folder = C:\Users\***\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2.99 Gb Total Physical Memory | 2.28 Gb Available Physical Memory | 76.20% Memory free
5.98 Gb Paging File | 5.22 Gb Available in Paging File | 87.29% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 147.15 Gb Total Space | 59.03 Gb Free Space | 40.12% Space Free | Partition Type: NTFS
Drive D: | 135.84 Gb Total Space | 135.74 Gb Free Space | 99.93% Space Free | Partition Type: NTFS
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07A10F61-7555-4AF3-8A7D-27AF97E8BB5D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{0FE4FB64-14D7-4693-910C-42B9D546CC64}" = rport=137 | protocol=17 | dir=out | app=system |
"{2FF80DEA-2C30-47E5-88C6-6D414B0C32AD}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{31FC9074-D4E3-4A92-90C7-A29EB6AA8238}" = lport=2869 | protocol=6 | dir=in | app=system |
"{39120E27-9458-432B-B614-1C03F665F3D1}" = lport=10243 | protocol=6 | dir=in | app=system |
"{40DE9AD1-D00B-46AB-839F-496B302A8A72}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4581E5F6-71B7-4E29-960B-832E0A4B83C8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{469AC8F5-3A73-41DE-B4DD-E299330C69A8}" = lport=445 | protocol=6 | dir=in | app=system |
"{50CBE265-1B0A-45CB-8FFA-0B56D53A5F41}" = rport=139 | protocol=6 | dir=out | app=system |
"{590281C5-32DC-4477-8B3B-E332A412BC33}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{741787C7-4692-4B2E-A871-A260153C9AA3}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{76180859-3A4E-46E1-B850-57AE33709D9C}" = lport=139 | protocol=6 | dir=in | app=system |
"{808CA3F3-4649-4BCC-AB0F-0EF2244DA16B}" = lport=138 | protocol=17 | dir=in | app=system |
"{82EEDAC6-5312-43C0-ADCB-CD1926693B4C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{845EBA6B-E6E1-4DBC-AFFB-F42C24A811FF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{84F94198-F6ED-40F0-9F12-EB216667C340}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{8EF2C62A-2C54-4B37-ABDF-088B4B77E2F4}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8F655F41-2843-4071-B75B-6E5CE613ED5F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9D79211A-3A06-4649-B706-B3CCDBB78262}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{A0584AA4-38EB-420E-A9B3-18CE9AD61522}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A194B1AC-C884-4E26-B616-0773A46EEFF9}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A98549C2-3074-4367-964E-7D93CFDC0350}" = lport=137 | protocol=17 | dir=in | app=system |
"{B8453859-0E8D-4369-875B-418AEB33C46F}" = rport=138 | protocol=17 | dir=out | app=system |
"{C47468FD-7A20-4D10-A97A-4BE88C599823}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{C65E24D8-1733-442B-9B22-1E740B91388F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C84C055B-2CFE-4B19-BFFC-611298B2E62C}" = lport=2869 | protocol=6 | dir=in | app=system |
"{CE345DC1-5A80-4FD4-84B9-2E973C70A72D}" = rport=10243 | protocol=6 | dir=out | app=system |
"{D1C4078D-64A9-4F6C-9AB7-A2C7164C326A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{D2E656FD-8679-4B4D-A6D4-EB2F40F36827}" = rport=445 | protocol=6 | dir=out | app=system |
"{E6E0C4C5-F524-4587-988A-3E845E55F304}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{EA011834-1861-4D67-95BB-92ECD7A58DAD}" = lport=2869 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{033F12EA-CDE7-4CED-888A-229AEB81FAFD}" = protocol=17 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe |
"{21241067-4948-42AB-8CE9-2BD4230DE2A0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{219B8875-B862-4920-A04B-2D1FB88CC6F5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2373C57F-C48C-4A9F-8941-51B6634FB95F}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{26D9CC65-11BD-4B8B-9649-69A7D41E6386}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{273FC779-4321-48B3-A541-D78D85697B1E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{29B589BC-F89A-4F69-9104-BC0811419C38}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"{2E22DE61-5CD3-46D8-9E8E-42CEFFEEC4F5}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{311EC75B-45E9-48B0-9D77-CDBC636F1493}" = protocol=6 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{4289C17E-224B-4869-A072-D16D7417DE51}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{4C7B8125-6D78-4A70-9D89-D128F06FF598}" = protocol=6 | dir=out | app=system |
"{4EA1233D-7EA9-4FB5-BE38-7D6A206BA638}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4F5EF214-538D-4457-9BAD-ED02B030CC7A}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{50AD84C6-CB9F-4960-975D-204E09E70424}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{53BC365B-BF05-43B0-A936-AE908413E47B}" = protocol=6 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe |
"{6C20B2AB-6A47-468C-BB31-3360B351553E}" = protocol=6 | dir=in | app=c:\program files\spyware terminator\spywareterminatorupdate.exe |
"{70C8FE5C-CB5F-4D3A-8A37-4BCA0537FB73}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{73A89CE8-C770-4A9C-AA94-515609E7CA3D}" = dir=in | app=c:\program files\cyberlink\powerdvd8\powerdvd8.exe |
"{73AF65EE-7EBF-41B6-A5D4-124266355E2C}" = protocol=6 | dir=out | app=%systemroot%\system32\wudfhost.exe |
"{7D93A87D-C68A-4136-AC77-76E48F49350C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{842DEB30-5FA2-4AEF-BDA5-D0408E340865}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{8B5DB944-3C7F-4F6F-A4AE-596463361616}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{90E212C7-0577-4456-A594-27BEB5B5F22B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{97D69C64-8F60-438C-808B-1F1309805370}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9EAA2433-28BD-4FA6-9EB8-8CD0ADA79485}" = protocol=17 | dir=in | app=c:\program files\spyware terminator\spywareterminatorupdate.exe |
"{A96084F9-4175-4D05-80C9-47C766CB0BE8}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{B2DDC2B1-AE86-4351-9A92-2574F2B3789A}" = protocol=17 | dir=in | app=c:\program files\spyware terminator\spywareterminator.exe |
"{C7451DAC-5417-4110-911B-4FF36E3E98E8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D01D8115-B033-46E5-8539-11EF02BD1709}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{D69E5506-9791-498F-AE8C-AE61FF9B95DD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{DC96961F-7C9C-4883-9F60-143B9D9E65DF}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"{DF0BD2DA-2226-4D1D-8A52-D255A498EADF}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{E6371E04-6341-457E-A0EE-DF6E61A2113A}" = protocol=6 | dir=in | app=c:\program files\spyware terminator\spywareterminator.exe |
"{EB6116DF-3E6E-4708-9466-46205D3FB4A7}" = protocol=17 | dir=in | app=c:\program files\sony ericsson\update engine\sony ericsson update engine.exe |
"{FA179E20-1020-43C6-80E9-25929F5FF170}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{FBEDDD7B-7F69-4A4B-AFA8-88322E710E6A}" = protocol=6 | dir=in | app=c:\program files\sony ericsson\update engine\sony ericsson update engine.exe |
"{FC5B1CC7-69F7-4A5F-A273-206D6450DF52}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{04F2B978-4663-4E57-BEB0-E99E2FF926F1}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{1F0DBF26-C6A3-4D7E-98DF-13B64878AA98}C:\windows\system32\java.exe" = protocol=6 | dir=in | app=c:\windows\system32\java.exe |
"TCP Query User{4644390C-0F91-4E08-B5C4-2F39549EE001}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{6BEDB7FE-CF88-4B88-9EC5-0C8D0D173AA7}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"TCP Query User{7D1E21BB-1A46-47B9-8206-78250C107A33}C:\program files\spyware terminator\spywareterminatorupdate.exe" = protocol=6 | dir=in | app=c:\program files\spyware terminator\spywareterminatorupdate.exe |
"TCP Query User{85485678-DB62-437D-B408-922734AEA5A7}C:\users\***\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\***\appdata\roaming\spotify\spotify.exe |
"TCP Query User{D99E6E1D-39F8-4771-87CE-716B03F85B10}C:\users\***\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{DF3FB731-F3BB-42B4-AB43-309AF561F1DC}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe |
"UDP Query User{007393EE-449A-495B-8CC7-5B860115D0B7}C:\users\***\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{5ACD1152-D0FD-40D0-B3B2-42694886CDC4}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{64F1FBD9-6D48-488A-A79E-DA4338F9766F}C:\program files\spyware terminator\spywareterminatorupdate.exe" = protocol=17 | dir=in | app=c:\program files\spyware terminator\spywareterminatorupdate.exe |
"UDP Query User{7CDD3C75-5928-4264-9A70-987C3500B67E}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{BAC459A9-08F0-4C1B-B33F-5F5D0BB23B16}C:\windows\system32\java.exe" = protocol=17 | dir=in | app=c:\windows\system32\java.exe |
"UDP Query User{C9D2A836-8C8E-48B6-AAAD-E06BBF5CE25D}C:\users\***\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\***\appdata\roaming\spotify\spotify.exe |
"UDP Query User{E8089321-9CA3-426A-9630-5FCCA0A8D7C2}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"UDP Query User{F705CEA5-915E-42A8-B2E7-DA59B00D965A}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{0483BE07-260D-4E4D-815E-F737C0A72E40}" = Adobe Flash Player 10 ActiveX
"{0A353130-D22C-41DD-8C67-1B02A05F2CE0}" = Samsung Support Center
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation(R)Store
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution 4
"{167A1F6A-9BF2-4B24-83DB-C6D659F680EA}" = Media Go
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{178EE5F4-0F86-4BF0-A0D1-9790AFF409D1}" = EasyBatteryManager
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1AFA1FEF-8CF9-4A51-AC46-64FAA7F3D9E2}" = AnyPC Client
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34B76DCB-BF7C-440F-B058-C84172C1E338}" = Easy Network Manager
"{34EF7358-ABC7-8469-5FB6-C5C0146F099E}" = Media Go Video Playback Engine 1.84.104.07010
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{392A74D0-4DFE-49F7-87C3-8A61708F8856}" = Eraser 6.0.8.2273
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3A6F4A31-8CFD-46B4-8385-E1F384DB121E}" = PDF-XChange Viewer
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3EED7541-55F8-4DC6-B9CD-28762D71310E}" = Samsung R-Series
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{42EDF895-158C-484E-A7F2-42B90759F281}" = Camera RAW Plug-In for EPSON Creativity Suite
"{46CBBDF8-55B5-40DB-B459-7B848394309C}" = EPSON File Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5482DCBE-D2D1-47B0-A621-DF8E2B0D174C}" = Windows Live Family Safety
"{553C904F-57A2-4113-888E-BA0C3D1C69C0}" = Microsoft VC9 runtime libraries
"{56736259-613E-4A3B-B428-6235F2E76F44}_is1" = Spyware Terminator 2012
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{853F8A41-A3C9-43FA-87FA-1AE74FC6F3F7}" = BatteryLifeExtender
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8927E07C-97F7-4A54-88FB-D976F50DD46E}" = Turbo Lister 2
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A8F8391-4C2C-4BE1-A984-CD4A5A546467}" = EPSON Easy Photo Print
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F3EF135-1B7F-44A1-8605-CB84CF9CF615}" = Cisco AnyConnect VPN Client
"{90120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
"{90120000-0014-0000-0000-0000000FF1CE}_PRO_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_PRO_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_PRO_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_PRO_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_PRO_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_PRO_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_PRO_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PRO_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PRO_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PRO_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_PRO_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_PRO_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}" = PlayStation(R)Network Downloader
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide
"{BCF16F16-AC0E-4ABE-A9EF-412CF484BA51}" = Windows Live Family Safety
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{CADFD74F-0724-43B4-96A1-93CD18D1FE98}" = FireArc Arcade
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D1434266-0486-4469-B338-A60082CC04E1}" = Atheros Client Installation Program
"{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}" = Samsung Update Plus
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel(R) Turbo Boost Technology Driver
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony PC Companion 2.10.079
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2BC3383-F000-410C-A038-3846ADBE8D90}" = REALTEK Wireless LAN Software
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"1489-3350-5074-6281" = JDownloader 0.9
"7-Zip" = 7-Zip 4.65
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"DAEMON Tools Lite" = DAEMON Tools Lite
"DivX Setup" = DivX-Setup
"EPSON Scanner" = EPSON Scan
"EPSON Stylus SX200_SX400_TX200_TX400 Benutzerhandbuch" = EPSON Stylus SX200_SX400_TX200_TX400 Handbuch
"EPSON Stylus SX400 Series" = EPSON Stylus SX400 Series Printer Uninstall
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 7.1.0
"LastFM_is1" = Last.fm 1.5.4.27091
"LingoPad_is1" = LingoPad 2.6 (Build 360)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Marvell Miniport Driver" = Marvell Miniport Driver
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIA Drivers" = NVIDIA Drivers
"PRO" = Microsoft Office Professional 2007
"R for Windows 2.14.2_is1" = R for Windows 2.14.2
"R for Windows 2.15.1_is1" = R for Windows 2.15.1
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Update Engine" = Sony Ericsson Update Engine
"VLC media player" = VLC media player 1.1.11
"Winamp" = Winamp
"Winamp Toolbar" = Winamp Toolbar
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite" = Windows Live Essentials
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Game Organizer" = EasyBits GO
"Google Chrome" = Google Chrome
"Spotify" = Spotify
"Winamp Detect" = Winamp Erkennungs-Plug-in
"Winamp Toolbar" = Winamp Toolbar
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 7/17/2012 5:09:38 PM | Computer Name = ***-PC | Source = ESENT | ID = 439
Description = Windows (2316) Windows: Die Shadowkopfzeile für Datei C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.chk
konnte nicht geschrieben werden. Fehler -1032.
Error - 7/17/2012 5:11:50 PM | Computer Name = ***-PC | Source = ESENT | ID = 490
Description = Windows (2316) Windows: Versuch, Datei "C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.chk"
für den Lese-/Schreibzugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der
Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet
wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien.
Error - 7/17/2012 5:11:50 PM | Computer Name = ***-PC | Source = ESENT | ID = 439
Description = Windows (2316) Windows: Die Shadowkopfzeile für Datei C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.chk
konnte nicht geschrieben werden. Fehler -1032.
Error - 7/17/2012 5:29:07 PM | Computer Name = ***-PC | Source = ESENT | ID = 490
Description = Windows (2316) Windows: Versuch, Datei "C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.chk"
für den Lese-/Schreibzugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der
Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet
wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien.
Error - 7/17/2012 5:29:07 PM | Computer Name = ***-PC | Source = ESENT | ID = 439
Description = Windows (2316) Windows: Die Shadowkopfzeile für Datei C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.chk
konnte nicht geschrieben werden. Fehler -1032.
Error - 7/19/2012 4:00:33 AM | Computer Name = ***-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Samsung\Samsung
Support Center\Drv\drv2x64\KStartMem.exe.Manifest". Die abhängige Assemblierung
"Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 7/19/2012 4:01:17 AM | Computer Name = ***-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Samsung\BatteryLifeExtender\Drv\SABI2x64\KStartMem.exe.Manifest".
Die
abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 7/19/2012 4:39:12 AM | Computer Name = ***-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Samsung\Samsung
Support Center\Drv\drv2x64\KStartMem.exe.Manifest". Die abhängige Assemblierung
"Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 7/19/2012 4:39:31 AM | Computer Name = ***-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Samsung\BatteryLifeExtender\Drv\SABI2x64\KStartMem.exe.Manifest".
Die
abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 7/19/2012 4:43:00 AM | Computer Name = ***-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\Sony\sony
pc companion\Drivers\DPInst64.exe". Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
[ Cisco AnyConnect VPN Client Events ]
Error - 7/25/2012 11:08:06 AM | Computer Name = ***-PC | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::noticeHandler File: .\MainThread.cpp Line: 5295
Invoked
Function: CMainThread::processNotice Return Code: -33095647 (0xFE070021) Description:
ROUTETABLE_ERROR_GETBESTROUTE_FAILED
Error - 7/25/2012 11:08:06 AM | Computer Name = ***-PC | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::internalCallbackHandler File: .\MainThread.cpp
Line:
5057 Invoked Function: CMainThread::noticeHandler Return Code: -33095647 (0xFE070021)
Description:
ROUTETABLE_ERROR_GETBESTROUTE_FAILED
Error - 7/25/2012 11:08:06 AM | Computer Name = ***-PC | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::callbackHandler File: .\MainThread.cpp Line:
4983 Invoked Function: internalCallbackHandler Return Code: -33095647 (0xFE070021)
Description:
ROUTETABLE_ERROR_GETBESTROUTE_FAILED
Error - 7/25/2012 11:37:42 AM | Computer Name = ***-PC | Source = vpnagent | ID = 67110873
Description = Termination reason code 9: Client PC is shutting down.
Error - 7/25/2012 11:37:43 AM | Computer Name = ***-PC | Source = vpnagent | ID = 67108866
Description = Function: fileExists File: .\Utility\sysutils.cpp Line: 500 Invoked Function:
_tstat Return Code: 2 (0x00000002) Description: Das System kann die angegebene Datei
nicht finden. File: C:\ProgramData\Cisco\Cisco AnyConnect VPN Client\InitialFirewallConfig.wfw
Error:
No such file or directory
Error - 7/25/2012 11:38:39 AM | Computer Name = ***-PC | Source = vpnagent | ID = 67108866
Description = Function: fileExists File: .\Utility\sysutils.cpp Line: 500 Invoked Function:
_tstat Return Code: 2 (0x00000002) Description: Das System kann die angegebene Datei
nicht finden. File: C:\ProgramData\Cisco\Cisco AnyConnect VPN Client\InitialFirewallConfig.wfw
Error:
No such file or directory
Error - 7/25/2012 11:47:53 AM | Computer Name = ***-PC | Source = vpnagent | ID = 67108866
Description = Function: fileExists File: .\Utility\sysutils.cpp Line: 500 Invoked Function:
_tstat Return Code: 2 (0x00000002) Description: Das System kann die angegebene Datei
nicht finden. File: C:\ProgramData\Cisco\Cisco AnyConnect VPN Client\InitialFirewallConfig.wfw
Error:
No such file or directory
Error - 7/25/2012 12:19:22 PM | Computer Name = ***-PC | Source = vpnagent | ID = 67108866
Description = Function: fileExists File: .\Utility\sysutils.cpp Line: 500 Invoked Function:
_tstat Return Code: 2 (0x00000002) Description: Das System kann die angegebene Datei
nicht finden. File: C:\ProgramData\Cisco\Cisco AnyConnect VPN Client\InitialFirewallConfig.wfw
Error:
No such file or directory
Error - 7/25/2012 12:36:45 PM | Computer Name = ***-PC | Source = vpnagent | ID = 67108866
Description = Function: fileExists File: .\Utility\sysutils.cpp Line: 500 Invoked Function:
_tstat Return Code: 2 (0x00000002) Description: Das System kann die angegebene Datei
nicht finden. File: C:\ProgramData\Cisco\Cisco AnyConnect VPN Client\InitialFirewallConfig.wfw
Error:
No such file or directory
Error - 7/25/2012 12:54:03 PM | Computer Name = ***-PC | Source = vpnagent | ID = 67108866
Description = Function: fileExists File: .\Utility\sysutils.cpp Line: 500 Invoked Function:
_tstat Return Code: 2 (0x00000002) Description: Das System kann die angegebene Datei
nicht finden. File: C:\ProgramData\Cisco\Cisco AnyConnect VPN Client\InitialFirewallConfig.wfw
Error:
No such file or directory
[ OSession Events ]
Error - 5/16/2011 4:57:17 PM | Computer Name = ***-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 7381
seconds with 2460 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 7/25/2012 1:19:24 PM | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 7/25/2012 1:19:56 PM | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 7/25/2012 1:19:56 PM | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 7/25/2012 1:19:56 PM | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 7/25/2012 1:21:24 PM | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 7/25/2012 1:21:24 PM | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 7/25/2012 1:21:24 PM | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 7/25/2012 1:22:04 PM | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 7/25/2012 1:22:04 PM | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 7/25/2012 1:22:04 PM | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
< End of report >
Malwarebytes Anti-Malware (Test) 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.07.25.07 Windows 7 Service Pack 1 x86 NTFS (Abgesichertenmodus/Netzwerkfähig) Internet Explorer 9.0.8112.16421 *** :: ***-PC [Administrator] Schutz: Deaktiviert 25.07.2012 19:21:12 mbam-log-2012-07-25 (19-21-12).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 187435 Laufzeit: 4 Minute(n), 34 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 2 C:\Users\***\AppData\Local\Temp\rty0_7z.exe (Spyware.Zbot.DG) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk (Trojan.Ransom.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Geändert von A22 (25.07.2012 um 18:31 Uhr) |
|
25.07.2012, 20:34
| #4 |
| /// Helfer-Team | Win 7: BKA Trojaner - Ukash Fixen mit OTL Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).
Code:
ATTFilter :OTL
SRV - [2009/03/05 11:54:50 | 000,311,296 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\Rezip.exe -- (Rezip)
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "gmx.de"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "http://www.google.com/search?sourceid=navclient&hl=de&q="
FF - prefs.js..network.proxy.backup.ftp: ""
FF - prefs.js..network.proxy.backup.ftp_port: 0
FF - prefs.js..network.proxy.backup.gopher: ""
FF - prefs.js..network.proxy.backup.gopher_port: 0
FF - prefs.js..network.proxy.backup.socks: ""
FF - prefs.js..network.proxy.backup.socks_port: 0
FF - prefs.js..network.proxy.backup.ssl: ""
FF - prefs.js..network.proxy.backup.ssl_port: 0
FF - prefs.js..network.proxy.ftp: "128.112.139.82"
FF - prefs.js..network.proxy.ftp_port: 3127
FF - prefs.js..network.proxy.gopher: "128.112.139.82"
FF - prefs.js..network.proxy.gopher_port: 3127
FF - prefs.js..network.proxy.http: "128.112.139.82"
FF - prefs.js..network.proxy.http_port: 3127
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "128.112.139.82"
FF - prefs.js..network.proxy.socks_port: 3127
FF - prefs.js..network.proxy.ssl: "128.112.139.82"
FF - prefs.js..network.proxy.ssl_port: 3127
FF - prefs.js..network.proxy.type: 0
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\***\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\***\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Eraser] "C:\PROGRA~1\Eraser\Eraser.exe" --atRestart File not found
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\***\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 File not found
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{3e60093b-2049-11e1-bd72-002454828e22}\Shell - "" = AutoRun
O33 - MountPoints2\{3e60093b-2049-11e1-bd72-002454828e22}\Shell\AutoRun\command - "" = F:\Startme.exe
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:ABE89FFE
[2011/06/25 23:28:28 | 000,002,354 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\9odxqsya.default\searchplugins\aol-web-search.xml
[2012/07/25 18:25:00 | 000,001,096 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/25 17:44:48 | 004,503,728 | ---- | M] () -- C:\ProgramData\z7_0ytr.pad
[2012/07/25 17:39:18 | 000,001,092 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/07/25 17:35:46 | 000,001,879 | ---- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012/07/25 17:10:00 | 000,001,120 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-2339853823-2107313754-116825072-1000UA.job
[2012/07/25 13:10:00 | 000,001,068 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-2339853823-2107313754-116825072-1000Core.job
:Files
C:\autoexec.bat
F:\Startme.exe
ob
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden. Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen! |
|
25.07.2012, 21:03
| #5 |
| | Win 7: BKA Trojaner - Ukash Hi, ist es nun ok? All processes killed ========== OTL ========== Error: Unable to stop service Rezip! Service Rezip deleted successfully! C:\Windows\System32\Rezip.exe moved successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found. HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully! Prefs.js: "Google" removed from browser.search.defaultenginename Prefs.js: true removed from browser.search.useDBForOrder Prefs.js: "gmx.de" removed from browser.startup.homepage Prefs.js: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6 removed from extensions.enabledItems Prefs.js: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 removed from extensions.enabledItems Prefs.js: "hxxp://www.google.com/search?sourceid=navclient&hl=de&q=" removed from keyword.URL Prefs.js: "" removed from network.proxy.backup.ftp Prefs.js: 0 removed from network.proxy.backup.ftp_port Prefs.js: "" removed from network.proxy.backup.gopher Prefs.js: 0 removed from network.proxy.backup.gopher_port Prefs.js: "" removed from network.proxy.backup.socks Prefs.js: 0 removed from network.proxy.backup.socks_port Prefs.js: "" removed from network.proxy.backup.ssl Prefs.js: 0 removed from network.proxy.backup.ssl_port Prefs.js: "128.112.139.82" removed from network.proxy.ftp Prefs.js: 3127 removed from network.proxy.ftp_port Prefs.js: "128.112.139.82" removed from network.proxy.gopher Prefs.js: 3127 removed from network.proxy.gopher_port Prefs.js: "128.112.139.82" removed from network.proxy.http Prefs.js: 3127 removed from network.proxy.http_port Prefs.js: true removed from network.proxy.share_proxy_settings Prefs.js: "128.112.139.82" removed from network.proxy.socks Prefs.js: 3127 removed from network.proxy.socks_port Prefs.js: "128.112.139.82" removed from network.proxy.ssl Prefs.js: 3127 removed from network.proxy.ssl_port Prefs.js: 0 removed from network.proxy.type Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=3\ deleted successfully. C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll moved successfully. Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=9\ deleted successfully. File C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll not found. Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\@tools.google.com/Google Update;version=3\ deleted successfully. C:\Users\***\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll moved successfully. Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\@tools.google.com/Google Update;version=9\ deleted successfully. File C:\Users\***\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll not found. File C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\DivXUpdate deleted successfully. C:\Program Files\DivX\DivX Update\DivXUpdate.exe moved successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Eraser deleted successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Spotify Web Helper deleted successfully. C:\Users\***\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe moved successfully. C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk moved successfully. C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe moved successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully. Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Nach Microsoft E&xel exportieren\ deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully! C:\autoexec.bat moved successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3e60093b-2049-11e1-bd72-002454828e22}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3e60093b-2049-11e1-bd72-002454828e22}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3e60093b-2049-11e1-bd72-002454828e22}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3e60093b-2049-11e1-bd72-002454828e22}\ not found. File F:\Startme.exe not found. ADS C:\ProgramData\Temp:ABE89FFE deleted successfully. C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\9odxqsya.default\searchplugins\aol-web-search.xml moved successfully. C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job moved successfully. C:\ProgramData\z7_0ytr.pad moved successfully. C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job moved successfully. File C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk not found. C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2339853823-2107313754-116825072-1000UA.job moved successfully. C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2339853823-2107313754-116825072-1000Core.job moved successfully. ========== FILES ========== File\Folder C:\autoexec.bat not found. File\Folder F:\Startme.exe not found. File\Folder ob not found. < ipconfig /flushdns /c > Windows-IP-Konfiguration Der DNS-Aufl”sungscache wurde geleert. C:\Users\***\Desktop\cmd.bat deleted successfully. C:\Users\***\Desktop\cmd.txt deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: *** ->Temp folder emptied: 3355525288 bytes ->Temporary Internet Files folder emptied: 331871605 bytes ->Java cache emptied: 264561 bytes ->FireFox cache emptied: 109469704 bytes ->Google Chrome cache emptied: 367078247 bytes ->Flash cache emptied: 130546 bytes User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 56475 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 189493218 bytes RecycleBin emptied: 36883833 bytes Total Files Cleaned = 4,187.00 mb [EMPTYFLASH] User: *** ->Flash cache emptied: 0 bytes User: All Users User: Default ->Flash cache emptied: 0 bytes User: Default User ->Flash cache emptied: 0 bytes User: Public Total Flash Files Cleaned = 0.00 mb C:\windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully OTL by OldTimer - Version 3.2.54.1 log created on 07252012_215010 Files\Folders moved on Reboot... File\Folder C:\Users\***\AppData\Local\Temp\ppt1378.tmp not found! File\Folder C:\Users\***\AppData\Local\Temp\~DF81C25AAA0763BEB9.TMP not found! File\Folder C:\Users\***\AppData\Local\Temp\~DFC320C03C06EDB1A1.TMP not found! C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRF{893F4763-98F3-4B09-AF87-6F6F687EDFDF}.tmp moved successfully. C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{0DAAF41D-C7E0-4E1B-B187-7B826CE87EF2}.tmp moved successfully. C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{3CF92489-2872-4863-A1A4-B801A9A958F5}.tmp moved successfully. C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{432B7BA0-2668-44EF-BA53-4F2CA9A45941}.tmp moved successfully. C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{6D340EEF-2A7B-43BE-A67A-F9AE1C4BDEB0}.tmp moved successfully. C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{AA93BA93-627C-42BC-970B-7EF1C90CC5D5}.tmp moved successfully. C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{E60A826F-DA4D-44AC-99FC-01674DD5B970}.tmp moved successfully. File\Folder C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\25E0CF77.wmf not found! File\Folder C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\42F24B18.emf not found! File\Folder C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\45916039.wmf not found! C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\4CC7E3C6.dat moved successfully. File\Folder C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\5463B0B3.emf not found! File\Folder C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\6D3428FA.wmf not found! File\Folder C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\89035CE.emf not found! File\Folder C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\A2D7DEC1.emf not found! File\Folder C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\C1B2F30C.emf not found! File\Folder C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\D13B07FB.wmf not found! File\Folder C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\DF191F9D.wmf not found! File\Folder C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\ECB069C0.emf not found! File\Folder C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\mso733F.tmp not found! File\Folder C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\mso7449.tmp not found! File\Folder C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\mso7592.tmp not found! File\Folder C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\mso760F.tmp not found! File\Folder C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\mso7A9F.tmp not found! File\Folder C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\msoE7C1.tmp not found! PendingFileRenameOperations files... File C:\Users\***\AppData\Local\Temp\ppt1378.tmp not found! File C:\Users\***\AppData\Local\Temp\~DF81C25AAA0763BEB9.TMP not found! File C:\Users\***\AppData\Local\Temp\~DFC320C03C06EDB1A1.TMP not found! File C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRF{893F4763-98F3-4B09-AF87-6F6F687EDFDF}.tmp not found! File C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{0DAAF41D-C7E0-4E1B-B187-7B826CE87EF2}.tmp not found! File C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{3CF92489-2872-4863-A1A4-B801A9A958F5}.tmp not found! File C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{432B7BA0-2668-44EF-BA53-4F2CA9A45941}.tmp not found! File C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{6D340EEF-2A7B-43BE-A67A-F9AE1C4BDEB0}.tmp not found! File C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{AA93BA93-627C-42BC-970B-7EF1C90CC5D5}.tmp not found! File C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{E60A826F-DA4D-44AC-99FC-01674DD5B970}.tmp not found! File C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\25E0CF77.wmf not found! File C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\42F24B18.emf not found! File C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\45916039.wmf not found! File C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\4CC7E3C6.dat not found! File C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\5463B0B3.emf not found! File C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\6D3428FA.wmf not found! File C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\89035CE.emf not found! File C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\A2D7DEC1.emf not found! File C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\C1B2F30C.emf not found! File C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\D13B07FB.wmf not found! File C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\DF191F9D.wmf not found! File C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\ECB069C0.emf not found! File C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\mso733F.tmp not found! File C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\mso7449.tmp not found! File C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\mso7592.tmp not found! File C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\mso760F.tmp not found! File C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\mso7A9F.tmp not found! File C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\msoE7C1.tmp not found! Registry entries deleted on Reboot... |
|
25.07.2012, 21:33
| #6 |
| /// Helfer-Team | Win 7: BKA Trojaner - Ukash Sehr gut!  Wie laeuft der Rechner? 1. Schritt Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.danach: 2. Schritt Downloade Dir bitte AdwCleaner auf deinen Desktop.
__________________ --> Win 7: BKA Trojaner - Ukash |
|
26.07.2012, 00:26
| #7 |
| | Win 7: BKA Trojaner - Ukash Malwarebytes Anti-Malware (Test) 1.62.0.1300 Malwarebytes : Free Anti-Malware download Datenbank Version: v2012.07.25.08 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 *** :: ***-PC [Administrator] Schutz: Aktiviert 25.07.2012 22:10:29 mbam-log-2012-07-25 (22-10-29).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 398152 Laufzeit: 3 Stunde(n), 13 Minute(n), 45 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Der 2. Schritt folgt morgen. Ich bedanke mich schonmal!! Rechner läuft "normal". Funktioniert alles, wie es soll  Guten Morgen, anbei der Logfile für AdwCleaner. # AdwCleaner v1.703 - Logfile created 07/26/2012 at 10:58:58 # Updated 20/07/2012 by Xplode # Operating system : Windows 7 Home Premium Service Pack 1 (32 bits) # User : *** - ***-PC # Running from : C:\Users\***\Desktop\adwcleaner.exe # Option [Search] ***** [Services] ***** ***** [Files / Folders] ***** Folder Found : C:\Users\***\AppData\LocalLow\boost_interprocess Folder Found : C:\Users\***\AppData\Roaming\pdfforge Folder Found : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\9odxqsya.default\WinampToolbarData Folder Found : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\9odxqsya.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f} Folder Found : C:\ProgramData\Winamp Toolbar Folder Found : C:\Program Files\Winamp Toolbar Folder Found : C:\Program Files\Common Files\Software Update Utility File Found : C:\Program Files\Mozilla Firefox\plugins\npdnu.dll File Found : C:\Program Files\Mozilla Firefox\plugins\npdnu.xpt File Found : C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dll File Found : C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.xpt ***** [Registry] ***** Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Winamp Toolbar Key Found : HKCU\Software\Winamp Toolbar Key Found : HKLM\SOFTWARE\Classes\AppID\dnu.EXE Key Found : HKLM\SOFTWARE\Classes\AppID\winamptbServer.exe Key Found : HKLM\SOFTWARE\Classes\dnUpdate Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1 Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1 Key Found : HKLM\SOFTWARE\Classes\WinampTb.AOLTBSearch Key Found : HKLM\SOFTWARE\Classes\WinampTb.AOLTBSearch.1 Key Found : HKLM\SOFTWARE\Classes\WinampTb.AOLToolBand Key Found : HKLM\SOFTWARE\Classes\WinampTb.AOLToolBand.1 Key Found : HKLM\SOFTWARE\Classes\WinampTb.Downloader Key Found : HKLM\SOFTWARE\Classes\WinampTb.Downloader.1 Key Found : HKLM\SOFTWARE\Classes\WinampTb.ToolbarInfo Key Found : HKLM\SOFTWARE\Classes\WinampTb.ToolbarInfo.1 Key Found : HKLM\SOFTWARE\Classes\WinampTb.ToolbarParams Key Found : HKLM\SOFTWARE\Classes\WinampTb.ToolbarParams.1 Key Found : HKLM\SOFTWARE\Classes\WinampTbServer.AolToolbarHelper Key Found : HKLM\SOFTWARE\Classes\WinampTbServer.AolToolbarHelper.1 Key Found : HKLM\SOFTWARE\DT Soft Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Winamp Toolbar Key Found : HKLM\SOFTWARE\Winamp Toolbar ***** [Registre - GUID] ***** Key Found : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1} Key Found : HKLM\SOFTWARE\Classes\AppID\{B27D9527-3762-4D71-963D-FB7A94FDD678} Key Found : HKLM\SOFTWARE\Classes\CLSID\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20} Key Found : HKLM\SOFTWARE\Classes\CLSID\{57BCA5FA-5DBB-45A2-B558-1755C3F6253B} Key Found : HKLM\SOFTWARE\Classes\CLSID\{6EF4E91D-DDD5-4478-BCA7-DA04435934C0} Key Found : HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96} Key Found : HKLM\SOFTWARE\Classes\CLSID\{841FD004-57A2-4B49-BBDB-5897394619DB} Key Found : HKLM\SOFTWARE\Classes\CLSID\{B38D6EDE-390B-4620-8365-29E16459EBDA} Key Found : HKLM\SOFTWARE\Classes\CLSID\{E1164984-B567-47BD-A7FF-240C2594404A} Key Found : HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70} Key Found : HKLM\SOFTWARE\Classes\CLSID\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} Key Found : HKLM\SOFTWARE\Classes\CLSID\{F20F11FD-203E-45A9-B7BB-AFC1B4FEA7A6} Key Found : HKLM\SOFTWARE\Classes\CLSID\{FE178B09-C8AA-4734-804D-1849BCCA0C29} Key Found : HKLM\SOFTWARE\Classes\Interface\{0F54B66A-21CF-4548-AE59-A6B83EE6676F} Key Found : HKLM\SOFTWARE\Classes\Interface\{51A971CA-D36E-4D13-A799-2CF0A491D04D} Key Found : HKLM\SOFTWARE\Classes\Interface\{56FBEA9F-EF93-4318-B75F-A96FC7C7BD7B} Key Found : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5} Key Found : HKLM\SOFTWARE\Classes\Interface\{66DD22B9-6521-4B05-97DB-0EBC00B1DA5D} Key Found : HKLM\SOFTWARE\Classes\Interface\{78B3C85E-44FF-4DC8-B3AD-156F39DC75E5} Key Found : HKLM\SOFTWARE\Classes\Interface\{841FD004-57A2-4B49-BBDB-5897394619DB} Key Found : HKLM\SOFTWARE\Classes\Interface\{E1164984-B567-47BD-A7FF-240C2594404A} Key Found : HKLM\SOFTWARE\Classes\Interface\{E19FDA06-5BDF-43C2-B794-BCD8A4C2051F} Key Found : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90} Key Found : HKLM\SOFTWARE\Classes\Interface\{FAB076F5-E4DD-4EA4-AFEE-F18BF972B057} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{507591C2-2F4E-46A7-92D6-E6CFF82E5F26} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{538CD77C-BFDD-49B0-9562-77419CAB89D1} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA} Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}] ***** [Internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16421 [OK] Registry is clean. -\\ Mozilla Firefox v14.0.1 (de) Profile name : default File : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\9odxqsya.default\prefs.js Found : user_pref("FirstSearch.winamp_toolbar.search.hasDoneFirst", 19); Found : user_pref("aol_toolbar.surf.date", "7"); Found : user_pref("aol_toolbar.surf.lastDate", "19"); Found : user_pref("aol_toolbar.surf.lastMonth", "6"); Found : user_pref("aol_toolbar.surf.lastYear", "2011"); Found : user_pref("aol_toolbar.surf.month", "7037"); Found : user_pref("aol_toolbar.surf.prevMonth", "3312"); Found : user_pref("aol_toolbar.surf.total", "10370"); Found : user_pref("aol_toolbar.surf.week", "25"); Found : user_pref("aol_toolbar.surf.year", "10348"); -\\ Google Chrome v20.0.1132.57 File : C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Preferences Found : "name": "Winamp Application Detector", Found : "name": "Winamp Application Detector" ************************* AdwCleaner[R1].txt - [6900 octets] - [26/07/2012 10:58:58] ########## EOF - C:\AdwCleaner[R1].txt - [7028 octets] ########## |
|
26.07.2012, 10:59
| #8 |
| /// Helfer-Team | Win 7: BKA Trojaner - Ukash Sehr gut!
danach: Malware-Scan mit Emsisoft Anti-Malware Lade die Gratisversion von => Emsisoft Anti-Malware herunter und installiere das Programm. Lade über Jetzt Updaten die aktuellen Signaturen herunter. Wähle den Freeware-Modus aus. Wähle Detail Scan und starte über den Button Scan die Überprüfung des Computers. Am Ende des Scans nichts loeschen lassen!. Mit Klick auf Bericht speichern das Logfile auf dem Desktop speichern und hier in den Thread posten. Anleitung: http://www.trojaner-board.de/103809-...i-malware.html |
|
26.07.2012, 12:13
| #9 |
| | Win 7: BKA Trojaner - Ukash # AdwCleaner v1.703 - Logfile created 07/26/2012 at 13:05:47 # Updated 20/07/2012 by Xplode # Operating system : Windows 7 Home Premium Service Pack 1 (32 bits) # User : *** - ***-PC # Running from : C:\Users\***\Desktop\adwcleaner.exe # Option [Delete] ***** [Services] ***** ***** [Files / Folders] ***** Folder Deleted : C:\Users\***\AppData\LocalLow\boost_interprocess Folder Deleted : C:\Users\***\AppData\Roaming\pdfforge Folder Deleted : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\9odxqsya.default\WinampToolbarData Folder Deleted : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\9odxqsya.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f} Folder Deleted : C:\ProgramData\Winamp Toolbar Folder Deleted : C:\Program Files\Winamp Toolbar Folder Deleted : C:\Program Files\Common Files\Software Update Utility File Deleted : C:\Program Files\Mozilla Firefox\plugins\npdnu.dll File Deleted : C:\Program Files\Mozilla Firefox\plugins\npdnu.xpt File Deleted : C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dll File Deleted : C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.xpt ***** [Registry] ***** Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Winamp Toolbar Key Deleted : HKCU\Software\Winamp Toolbar Key Deleted : HKLM\SOFTWARE\Classes\AppID\dnu.EXE Key Deleted : HKLM\SOFTWARE\Classes\AppID\winamptbServer.exe Key Deleted : HKLM\SOFTWARE\Classes\dnUpdate Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1 Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1 Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.AOLTBSearch Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.AOLTBSearch.1 Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.AOLToolBand Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.AOLToolBand.1 Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.Downloader Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.Downloader.1 Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.ToolbarInfo Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.ToolbarInfo.1 Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.ToolbarParams Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.ToolbarParams.1 Key Deleted : HKLM\SOFTWARE\Classes\WinampTbServer.AolToolbarHelper Key Deleted : HKLM\SOFTWARE\Classes\WinampTbServer.AolToolbarHelper.1 Key Deleted : HKLM\SOFTWARE\DT Soft Key Deleted : HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43 Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Winamp Toolbar Key Deleted : HKLM\SOFTWARE\Winamp Toolbar ***** [Registre - GUID] ***** Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B27D9527-3762-4D71-963D-FB7A94FDD678} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{57BCA5FA-5DBB-45A2-B558-1755C3F6253B} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6EF4E91D-DDD5-4478-BCA7-DA04435934C0} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{841FD004-57A2-4B49-BBDB-5897394619DB} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B38D6EDE-390B-4620-8365-29E16459EBDA} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E1164984-B567-47BD-A7FF-240C2594404A} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F20F11FD-203E-45A9-B7BB-AFC1B4FEA7A6} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE178B09-C8AA-4734-804D-1849BCCA0C29} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0F54B66A-21CF-4548-AE59-A6B83EE6676F} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{51A971CA-D36E-4D13-A799-2CF0A491D04D} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{56FBEA9F-EF93-4318-B75F-A96FC7C7BD7B} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66DD22B9-6521-4B05-97DB-0EBC00B1DA5D} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{78B3C85E-44FF-4DC8-B3AD-156F39DC75E5} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{841FD004-57A2-4B49-BBDB-5897394619DB} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E1164984-B567-47BD-A7FF-240C2594404A} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E19FDA06-5BDF-43C2-B794-BCD8A4C2051F} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FAB076F5-E4DD-4EA4-AFEE-F18BF972B057} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{507591C2-2F4E-46A7-92D6-E6CFF82E5F26} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{538CD77C-BFDD-49B0-9562-77419CAB89D1} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}] ***** [Internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16421 [OK] Registry is clean. -\\ Mozilla Firefox v14.0.1 (de) Profile name : default File : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\9odxqsya.default\prefs.js C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\9odxqsya.default\user.js ... Deleted ! Deleted : user_pref("FirstSearch.winamp_toolbar.search.hasDoneFirst", 19); Deleted : user_pref("aol_toolbar.surf.date", "7"); Deleted : user_pref("aol_toolbar.surf.lastDate", "19"); Deleted : user_pref("aol_toolbar.surf.lastMonth", "6"); Deleted : user_pref("aol_toolbar.surf.lastYear", "2011"); Deleted : user_pref("aol_toolbar.surf.month", "7037"); Deleted : user_pref("aol_toolbar.surf.prevMonth", "3312"); Deleted : user_pref("aol_toolbar.surf.total", "10370"); Deleted : user_pref("aol_toolbar.surf.week", "25"); Deleted : user_pref("aol_toolbar.surf.year", "10348"); -\\ Google Chrome v20.0.1132.57 File : C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Preferences Deleted : "name": "Winamp Application Detector", Deleted : "name": "Winamp Application Detector" ************************* AdwCleaner[R1].txt - [7029 octets] - [26/07/2012 10:58:58] AdwCleaner[R2].txt - [7208 octets] - [26/07/2012 13:05:07] AdwCleaner[S1].txt - [7405 octets] - [26/07/2012 13:05:47] ########## EOF - C:\AdwCleaner[S1].txt - [7533 octets] ########## |
|
26.07.2012, 12:50
| #10 |
| /// Helfer-Team | Win 7: BKA Trojaner - Ukash Emsisoft Log? |
|
26.07.2012, 14:14
| #11 |
| | Win 7: BKA Trojaner - Ukash Emsisoft Anti-Malware - Version 6.6 Letztes Update: 7/26/2012 1:14:50 PM Scan Einstellungen: Scan Methode: Detail Scan Objekte: Rootkits, Speicher, Traces, C:\, D:\ Archiv Scan: An ADS Scan: An Scan Beginn: 7/26/2012 1:25:06 PM Gescannt 660477 Gefunden 0 Scan Ende: 7/26/2012 3:09:55 PM Scan Zeit: 1:44:49 |
|
26.07.2012, 14:17
| #12 |
| /// Helfer-Team | Win 7: BKA Trojaner - Ukash Sehr gut! Lasse die Funde loeschen, dann: Deinstalliere: Emsisoft Anti-Malware ESET Online Scanner Vorbereitung
|
|
26.07.2012, 20:02
| #13 |
| | Win 7: BKA Trojaner - Ukash ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=cc795cefd3287b47a54cafcd460dda67 # end=finished # remove_checked=true # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2012-07-26 06:51:50 # local_time=2012-07-26 08:51:50 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=1792 16777215 100 0 24460898 24460898 0 0 # compatibility_mode=5893 16776573 100 94 7863 94940584 0 0 # compatibility_mode=7937 16777214 28 75 2412703 13596319 0 0 # compatibility_mode=8192 67108863 100 0 93 93 0 0 # scanned=280317 # found=1 # cleaned=1 # scan_time=19318 C:\Users\***\Downloads\vlc-1.1.11-win32.exe Win32/StartPage.OIE trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C |
|
26.07.2012, 20:05
| #14 |
| /// Helfer-Team | Win 7: BKA Trojaner - Ukash Java aktualisieren Dein Java ist nicht mehr aktuell. Älter Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.
Dann so einstellen: http://www.trojaner-board.de/105213-...tellungen.html |
|
26.07.2012, 21:14
| #15 |
| | Win 7: BKA Trojaner - Ukash Vielen vielen Dank!!! Ich habe mein Java noch geupdated und die alten Versionen deinstalliert und alles so eingestellt, wie geraten. Kann ich Malwarebytes Anti-Malware und OTL deinstallieren oder sollten die besser drauf bleiben? |
|
| Themen zu Win 7: BKA Trojaner - Ukash |
| ahnung, bildschirm, bka trojaner, dankbar, erstelle, erstellen, gesperrt, jegliche, logfile, minute, minuten, modus, normale, normalen, problem, sperre, sperren, troja, trojaner, ukash, wenige, wenigen, win, win 7, zahlung |
Linear-Darstellung
