Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: gvu / ukash-trojaner

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 05.08.2012, 00:18   #1
bullahoch2
 
gvu / ukash-trojaner - Standard

gvu / ukash-trojaner



hallo,

bin nun schon zum zweiten mal opfer des ukash-trojaners - jetzt aber in einer anderen version (ist die schon bekannt?), siehe anlage. was kann/soll ich tun?

danke schon mal für die hilfe,


flo.
Miniaturansicht angehängter Grafiken
gvu / ukash-trojaner-ukash.jpg  

Alt 05.08.2012, 02:35   #2
t'john
/// Helfer-Team
 
gvu / ukash-trojaner - Standard

gvu / ukash-trojaner





Von einem sauberen PC OTL.exe runterladen auf USB Stick.
Infizierten Rechner ohne Internet starten. OTL.exe auf Desktop kopieren und Log erstellen.

Systemscan mit OTL (bebilderte Anleitung)

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden)- Doppelklick auf die OTL.exe
- Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
- Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
- Unter Extra Registry, wähle bitte Use SafeList
- Klicke nun auf Run Scan links oben
- Wenn der Scan beendet wurde werden 2 Logfiles erstellt
- Poste die Logfiles hier in den Thread.
__________________

__________________

Alt 06.08.2012, 10:24   #3
bullahoch2
 
gvu / ukash-trojaner - Standard

gvu / ukash-trojaner



ok, habe ich gemacht. hier die logfiles:

otl.txt
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 06.08.2012 10:09:08 - Run 2
OTL by OldTimer - Version 3.2.56.0     Folder = C:\Dokumente und Einstellungen\flo\Desktop
Windows XP Tablet PC Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,99 Gb Total Physical Memory | 0,89 Gb Available Physical Memory | 44,48% Memory free
3,84 Gb Paging File | 2,81 Gb Available in Paging File | 73,12% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 18,62 Gb Total Space | 0,90 Gb Free Space | 4,85% Space Free | Partition Type: NTFS
Drive D: | 18,63 Gb Total Space | 1,03 Gb Free Space | 5,55% Space Free | Partition Type: NTFS
Drive F: | 1,81 Gb Total Space | 0,43 Gb Free Space | 23,65% Space Free | Partition Type: FAT
Drive I: | 931,51 Gb Total Space | 352,44 Gb Free Space | 37,84% Space Free | Partition Type: NTFS
Drive M: | 7,40 Gb Total Space | 7,40 Gb Free Space | 100,00% Space Free | Partition Type: FAT32
 
Computer Name: FLOPTOP | User Name: flo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Dokumente und Einstellungen\flo\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Programme\CDBurnerXP\NMSAccessU.exe ()
PRC - C:\Dokumente und Einstellungen\flo\Anwendungsdaten\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Programme\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe (Nitro PDF Software)
PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe (Adobe Systems)
PRC - C:\Programme\Join Air\UIExec.exe ()
PRC - C:\Programme\Join Air\AssistantServices.exe ()
PRC - C:\WINDOWS\system32\HPSIsvc.exe (HP)
PRC - C:\WINDOWS\system32\Crypserv.exe (CrypKey (Canada) Ltd.)
PRC - C:\WINDOWS\system32\hasplms.exe (Aladdin Knowledge Systems Ltd.)
PRC - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Ink\tcserver.exe (Microsoft Corporation)
PRC - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Ink\tabtip.exe (Microsoft Corporation)
PRC - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Ink\keyboardsurrogate.exe (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software)
PRC - C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
PRC - C:\Programme\WIDCOMM\Bluetooth Software\BTStackServer.exe (Broadcom Corporation.)
PRC - C:\Programme\Syncrosoft\POS\H2O\cledx.exe (Team H2O)
PRC - C:\Programme\Adobe\Adobe Photoshop CS2\Photoshop.exe (Adobe Systems, Incorporated)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Dokumente und Einstellungen\flo\Lokale Einstellungen\temp\Adobelm_Cleanup.0001.dir.0002\~df394b.tmp ()
MOD - C:\Dokumente und Einstellungen\flo\Lokale Einstellungen\temp\Adobelm_Cleanup.0001.dir.0001\~df394b.tmp ()
MOD - C:\Dokumente und Einstellungen\flo\Lokale Einstellungen\temp\abby0_tar.exe ()
MOD - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_270.dll ()
MOD - C:\Programme\Mozilla Firefox\mozjs.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\01abbadafaf265d9f4ac9bbb247acb98\System.Windows.Forms.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\d86f2038209a4cf0d0f5b30f6375c9b2\System.Drawing.ni.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.0.3705\system\1.0.3300.0__b77a5c561934e089_9b74dfc2\system.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.0.3705\mscorlib\1.0.3300.0__b77a5c561934e089_9c17092b\mscorlib.dll ()
MOD - C:\Programme\CDBurnerXP\NMSAccessU.exe ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d5b7368bde0f65aa15d9f46b498cc89\System.Configuration.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\016444dfc5f7e3d11c776f2fbc7a4594\Accessibility.ni.dll ()
MOD - c:\windows\assembly\gac\system\1.0.3300.0__b77a5c561934e089\system.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll ()
MOD - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.DEU ()
MOD - C:\WINDOWS\assembly\GAC\SoftKeyboardLogic\1.7.2600.5512__31bf3856ad364e35\SoftKeyboardLogic.dll ()
MOD - C:\WINDOWS\assembly\GAC\SKLibrary\1.7.2600.5512__31bf3856ad364e35\SKLibrary.dll ()
MOD - C:\WINDOWS\assembly\GAC\Interop.SoftKeyboardInterface\1.7.2600.5512__31bf3856ad364e35\Interop.SoftKeyboardInterface.dll ()
MOD - c:\windows\assembly\gac\interop.tipcomponents\1.7.2600.2180__31bf3856ad364e35\interop.tipcomponents.dll ()
MOD - c:\windows\assembly\gac\mscorlib.resources\1.0.3300.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Programme\Join Air\UIExec.exe ()
MOD - C:\Programme\Join Air\AssistantServices.exe ()
MOD - C:\WINDOWS\system32\HP1100LM.DLL ()
MOD - C:\WINDOWS\system32\spool\prtprocs\w32x86\HP1100PP.dll ()
MOD - C:\WINDOWS\system32\msdmo.dll ()
MOD - C:\Programme\WIDCOMM\Bluetooth Software\BTKeyInd.dll ()
MOD - C:\WINDOWS\system32\sfklg.dll ()
MOD - C:\Programme\Exifer\ExiferShellExt.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (NMSAccess) -- C:\Programme\CDBurnerXP\NMSAccessU.exe ()
SRV - (FLEXnet Licensing Service) -- C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (NitroReaderDriverReadSpool2) -- C:\Programme\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe (Nitro PDF Software)
SRV - (ServiceLayer) -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (Adobe LM Service) -- C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe (Adobe Systems)
SRV - (UI Assistant Service) -- C:\Programme\Join Air\AssistantServices.exe ()
SRV - (HPSIService) -- C:\WINDOWS\system32\HPSIsvc.exe (HP)
SRV - (Crypkey License) -- C:\WINDOWS\System32\Crypserv.exe (CrypKey (Canada) Ltd.)
SRV - (hasplms) -- C:\WINDOWS\system32\hasplms.exe (Aladdin Knowledge Systems Ltd.)
SRV - (StarWindServiceAE) -- C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software)
SRV - (odserv) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (WDICA) --  File not found
DRV - (PDRFRAME) --  File not found
DRV - (PDRELI) --  File not found
DRV - (PDFRAME) --  File not found
DRV - (PDCOMP) --  File not found
DRV - (PCIDump) --  File not found
DRV - (Mnlicnxdmw) --  File not found
DRV - (lbrtfdc) --  File not found
DRV - (i2omgmt) --  File not found
DRV - (Changer) --  File not found
DRV - (catchme) -- C:\DOKUME~1\flo\LOKALE~1\Temp\catchme.sys File not found
DRV - (appliandMP) -- system32\DRIVERS\appliand.sys File not found
DRV - (ajt0mnte) --  File not found
DRV - (AgereSoftModem) -- system32\DRIVERS\AGRSM.sys File not found
DRV - (omyivm) -- C:\WINDOWS\system32\drivers\psma.sys ()
DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (StarOpen) -- C:\WINDOWS\System32\drivers\StarOpen.sys ()
DRV - (Haspnt) -- C:\WINDOWS\system32\drivers\Haspnt.sys (Aladdin Knowledge Systems)
DRV - (nmwcd) -- C:\WINDOWS\system32\drivers\ccdcmb.sys (Nokia)
DRV - (UsbserFilt) -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys (Nokia)
DRV - (upperdev) -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys (Nokia)
DRV - (nmwcdc) -- C:\WINDOWS\system32\drivers\ccdcmbo.sys (Nokia)
DRV - (sptd) -- C:\WINDOWS\system32\drivers\sptd.sys ()
DRV - (mvusbews) -- C:\WINDOWS\system32\drivers\mvusbews.sys (Marvell Semiconductor, Inc.)
DRV - (ZTEusbser6k) -- C:\WINDOWS\system32\drivers\ZTEusbser6k.sys (ZTE Incorporated)
DRV - (ZTEusbnmea) -- C:\WINDOWS\system32\drivers\ZTEusbnmea.sys (ZTE Incorporated)
DRV - (ZTEusbmdm6k) -- C:\WINDOWS\system32\drivers\ZTEusbmdm6k.sys (ZTE Incorporated)
DRV - (massfilter) -- C:\WINDOWS\system32\drivers\massfilter.sys (ZTE Incorporated)
DRV - (pccsmcfd) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia)
DRV - (HBtnKey) -- C:\WINDOWS\system32\drivers\CPQBttn.sys (Hewlett-Packard Development Company, L.P.)
DRV - (aksfridge) -- C:\WINDOWS\system32\drivers\aksfridge.sys (Aladdin Knowledge Systems Ltd.)
DRV - (NetworkX) -- C:\WINDOWS\system32\Ckldrv.sys ()
DRV - (NETw4x32) -- C:\WINDOWS\system32\drivers\NETw4x32.sys (Intel Corporation)
DRV - (Hardlock) -- C:\WINDOWS\system32\drivers\hardlock.sys (Aladdin Knowledge Systems Ltd.)
DRV - (tifm21) -- C:\WINDOWS\system32\drivers\tifm21.sys (Texas Instruments)
DRV - (ATSWPDRV) -- C:\WINDOWS\system32\drivers\atswpdrv.sys (AuthenTec, Inc.)
DRV - (HpqKbFiltr) -- C:\WINDOWS\system32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (motmodem) -- C:\WINDOWS\system32\drivers\motmodem.sys (Motorola)
DRV - (GTIPCI21) -- C:\WINDOWS\system32\drivers\gtipci21.sys (Texas Instruments)
DRV - (wisdpen) -- C:\WINDOWS\system32\drivers\wisdpen.sys (Wacom Technology)
DRV - (BTKRNL) -- C:\WINDOWS\system32\drivers\btkrnl.sys (Broadcom Corporation.)
DRV - (BTDriver) -- C:\WINDOWS\system32\drivers\btport.sys (Broadcom Corporation.)
DRV - (btwmodem) -- C:\WINDOWS\system32\drivers\btwmodem.sys (Broadcom Corporation.)
DRV - (BTWUSB) -- C:\WINDOWS\system32\drivers\btwusb.sys (Broadcom Corporation.)
DRV - (BTWDNDIS) -- C:\WINDOWS\system32\drivers\btwdndis.sys (Broadcom Corporation.)
DRV - (b57w2k) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation)
DRV - (eabusb) -- C:\WINDOWS\system32\drivers\EabUsb.sys (Hewlett-Packard Development Company, L.P.)
DRV - (CLEDX) -- C:\WINDOWS\system32\drivers\cledx.sys (Team H2O)
DRV - (Ca536av) -- C:\WINDOWS\system32\drivers\Ca536av.sys (Digital Camera)
DRV - (USBCamera) -- C:\WINDOWS\system32\drivers\Bulk536.sys (USB BULK)
DRV - (SMCIRDA) -- C:\WINDOWS\system32\drivers\smcirda.sys (SMC)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = 
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.param.yahoo-fr: ""
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "about:blank"
FF - prefs.js..extensions.enabledItems: {ad48108d-92a6-4eb9-87e4-978aca1dbae4}:1.1.7
FF - prefs.js..extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.1.2
FF - prefs.js..network.proxy.backup.ftp: "10.1.0.0"
FF - prefs.js..network.proxy.backup.ftp_port: ""
FF - prefs.js..network.proxy.backup.socks: ""
FF - prefs.js..network.proxy.backup.socks_port: ""
FF - prefs.js..network.proxy.backup.ssl: ""
FF - prefs.js..network.proxy.backup.ssl_port: ""
FF - prefs.js..network.proxy.ftp: "10.1.0.0"
FF - prefs.js..network.proxy.ftp_port: 8080
FF - prefs.js..network.proxy.http: "10.1.0.0"
FF - prefs.js..network.proxy.http_port: 8080
FF - prefs.js..network.proxy.no_proxies_on: "localhost, 127.0.0.1, 10.3.0.64, 10.1.0.0/8080"
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "10.1.0.0"
FF - prefs.js..network.proxy.socks_port: 8080
FF - prefs.js..network.proxy.ssl: "10.1.0.0"
FF - prefs.js..network.proxy.ssl_port: 8080
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_270.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Programme\Nitro PDF\Reader 2\npnitromozilla.dll ( )
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@www.flatcast.com/FlatViewer 5.2: C:\DOKUME~1\flo\ANWEND~1\Mozilla\plugins\NpFv530.dll (1 mal 1 Software GmbH)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{5FE7198A-5950-4068-9FBF-1A60395CC4E9}: C:\Programme\1&1\1&1 SoftPhone\Firefox [2011.03.16 14:01:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fe_10.0@nokia.com: C:\Programme\Nokia\Nokia Suite\Connectors\Bookmarks Connector\FirefoxExtension_10.0
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.07.31 13:37:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.05.21 00:29:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\te_9.0@nokia.com: C:\Programme\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_9.0 [2012.02.29 11:24:00 | 000,000,000 | ---D | M]
 
[2011.03.15 13:42:23 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\Mozilla\Extensions
[2012.08.05 10:22:40 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\Mozilla\Firefox\Profiles\h2h6cuos.default\extensions
[2011.11.23 01:59:37 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\Mozilla\Firefox\Profiles\h2h6cuos.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2012.08.02 22:10:47 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\Mozilla\Firefox\Profiles\h2h6cuos.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011.03.16 01:29:10 | 000,002,062 | ---- | M] () -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\Mozilla\Firefox\Profiles\h2h6cuos.default\searchplugins\qip-search.xml
[2012.03.20 10:17:12 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.01.10 17:47:36 | 000,292,116 | ---- | M] () (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\FLO\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\H2H6CUOS.DEFAULT\EXTENSIONS\{AD48108D-92A6-4EB9-87E4-978ACA1DBAE4}.XPI
[2012.01.21 00:49:31 | 000,025,781 | ---- | M] () (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\FLO\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\H2H6CUOS.DEFAULT\EXTENSIONS\ADD-TO-SEARCHBOX@MALTEKRAUS.DE.XPI
[2012.07.31 13:37:54 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2012.03.06 01:16:18 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll
[2011.09.23 15:41:48 | 002,557,440 | ---- | M] (1 mal 1 Software GmbH) -- C:\Programme\mozilla firefox\plugins\NpFp530.dll
[2009.09.21 12:00:44 | 001,447,328 | ---- | M] (1 mal 1 Software GmbH) -- C:\Programme\mozilla firefox\plugins\NpFv522.dll
[2011.09.23 15:43:02 | 001,623,552 | ---- | M] (1 mal 1 Software GmbH) -- C:\Programme\mozilla firefox\plugins\NpFv530.dll
[2012.06.25 10:38:46 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.06.25 10:38:46 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2012.06.25 10:38:46 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.25 10:38:46 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.25 10:38:46 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.25 10:38:46 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2012.03.11 03:52:58 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Programme\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Programme\Orbitdownloader\GrabPro.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Programme\Orbitdownloader\GrabPro.dll ()
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [H2O] C:\Programme\Syncrosoft\POS\H2O\cledx.exe (Team H2O)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [UIExec] C:\Programme\Join Air\UIExec.exe ()
O4 - HKCU..\Run: [Infium] "C:\Programme\QIP 2012\qip.exe" /autorun File not found
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware  (cleanup)] C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\BTTray.lnk = C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Download by Orbit - C:\Programme\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - C:\Programme\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Programme\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Programme\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: In 1&&1 SoftPhone wählen - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\1&1\1&1 SoftPhone\ContextMenuHandler.html ()
O8 - Extra context menu item: Senden an &Bluetooth - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1112610A-13BC-453D-BD87-A101219290C4}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (sfklg.dll) - C:\WINDOWS\System32\sfklg.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\loginkey: DllName - (C:\Programme\Gemeinsame Dateien\Microsoft Shared\Ink\loginkey.dll) - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Ink\loginkey.dll (Microsoft Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\flo\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\flo\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 0
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.08.06 10:08:29 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\flo\Desktop\OTL.exe
[2012.08.06 01:58:50 | 000,000,000 | ---D | C] -- C:\Programme\Dropbox
[2012.07.08 18:35:25 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Canneverbe Limited
[2012.07.08 18:35:24 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\Canneverbe Limited
[2012.07.08 18:35:00 | 000,000,000 | ---D | C] -- C:\Programme\CDBurnerXP
[2012.04.22 00:28:39 | 000,319,248 | ---- | C] (Autodesk, Inc.) -- C:\Programme\UPI32.dll
[2012.04.22 00:28:36 | 000,674,664 | ---- | C] (Autodesk, Inc.) -- C:\Programme\SetupUi.dll
[2012.04.22 00:28:35 | 000,672,616 | ---- | C] (Autodesk, Inc.) -- C:\Programme\SetupAcadUi.dll
[2012.04.22 00:28:30 | 001,049,240 | ---- | C] (Autodesk, Inc.) -- C:\Programme\PatchMgr.dll
[2012.04.22 00:28:26 | 000,655,872 | ---- | C] (Microsoft Corporation) -- C:\Programme\msvcr90.dll
[2012.04.22 00:28:25 | 000,568,832 | ---- | C] (Microsoft Corporation) -- C:\Programme\msvcp90.dll
[2012.04.22 00:28:24 | 000,224,768 | ---- | C] (Microsoft Corporation) -- C:\Programme\msvcm90.dll
[2012.04.22 00:28:18 | 000,106,344 | ---- | C] (Autodesk, Inc.) -- C:\Programme\LiteHtml.dll
[2012.04.22 00:28:15 | 001,645,320 | ---- | C] (Microsoft Corporation) -- C:\Programme\gdiplus.dll
[2012.04.22 00:28:13 | 000,550,248 | ---- | C] (Autodesk, Inc.) -- C:\Programme\DeployUi.dll
[2012.04.22 00:27:26 | 000,182,632 | ---- | C] (Autodesk) -- C:\Programme\adlmutil.dll
[2012.04.22 00:27:25 | 001,245,032 | ---- | C] (Autodesk) -- C:\Programme\adlmPIT.dll
[2012.04.22 00:27:03 | 000,087,704 | ---- | C] (Autodesk, Inc.) -- C:\Programme\AcSetup.dll
[2012.04.22 00:25:56 | 000,451,944 | ---- | C] (Autodesk, Inc.) -- C:\Programme\setup.exe
[2012.04.22 00:23:56 | 000,161,640 | ---- | C] (Autodesk, Inc.) -- C:\Programme\AcDelTree.exe
[2011.04.02 18:11:02 | 000,818,176 | ---- | C] (Image-Line) -- C:\Programme\Kopie von FL Studio VSTi.dll
[2011.03.16 14:36:36 | 000,092,064 | ---- | C] (MCCI) -- C:\Dokumente und Einstellungen\flo\mqdmmdm.sys
[2011.03.16 14:36:36 | 000,079,328 | ---- | C] (MCCI) -- C:\Dokumente und Einstellungen\flo\mqdmserd.sys
[2011.03.16 14:36:36 | 000,066,656 | ---- | C] (MCCI) -- C:\Dokumente und Einstellungen\flo\mqdmbus.sys
[2011.03.16 14:36:36 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Dokumente und Einstellungen\flo\usbsermptxp.sys
[2011.03.16 14:36:36 | 000,022,768 | ---- | C] (Microsoft Corporation) -- C:\Dokumente und Einstellungen\flo\usbsermpt.sys
[2011.03.16 14:36:36 | 000,009,232 | ---- | C] (MCCI) -- C:\Dokumente und Einstellungen\flo\mqdmmdfl.sys
[2011.03.16 14:36:36 | 000,006,208 | ---- | C] (MCCI) -- C:\Dokumente und Einstellungen\flo\mqdmcmnt.sys
[2011.03.16 14:36:36 | 000,005,936 | ---- | C] (MCCI) -- C:\Dokumente und Einstellungen\flo\mqdmwhnt.sys
[2011.03.16 14:36:36 | 000,004,048 | ---- | C] (MCCI) -- C:\Dokumente und Einstellungen\flo\mqdmcr.sys
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.08.06 10:16:44 | 043,882,460 | ---- | M] () -- C:\WINDOWS\System32\sfklg.dat
[2012.08.06 09:58:42 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\flo\Desktop\OTL.exe
[2012.08.06 09:40:00 | 000,001,090 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012.08.06 09:35:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012.08.06 08:43:54 | 000,052,224 | ---- | M] () -- C:\Dokumente und Einstellungen\flo\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.08.06 07:40:00 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012.08.06 01:58:30 | 000,001,014 | ---- | M] () -- C:\Dokumente und Einstellungen\flo\Desktop\Dropbox.lnk
[2012.08.05 13:56:48 | 000,001,608 | ---- | M] () -- C:\Dokumente und Einstellungen\flo\Startmenü\Programme\Autostart\ctfmon.lnk
[2012.08.05 13:56:47 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\psma.sys
[2012.08.05 10:21:25 | 000,449,782 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2012.08.05 10:21:25 | 000,433,578 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012.08.05 10:21:25 | 000,080,750 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2012.08.05 10:21:25 | 000,068,152 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012.08.05 10:19:39 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.08.05 10:19:25 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.08.05 00:45:31 | 004,503,728 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\rat_0ybba.pad
[2012.08.05 00:42:40 | 000,000,756 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.08.04 22:35:47 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012.08.04 22:35:47 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012.08.02 18:20:26 | 000,000,782 | ---- | M] () -- C:\WINDOWS\Sam9_D.INI
[2012.07.23 18:57:37 | 000,224,816 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012.07.23 06:47:52 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012.07.09 18:16:03 | 000,000,471 | ---- | M] () -- C:\WINDOWS\System32\Datei4
[2012.07.09 18:16:03 | 000,000,471 | ---- | M] () -- C:\WINDOWS\System32\Datei2
[2012.07.09 18:16:03 | 000,000,470 | ---- | M] () -- C:\WINDOWS\System32\Datei3
[2012.07.09 18:16:03 | 000,000,470 | ---- | M] () -- C:\WINDOWS\System32\Datei1
[2012.07.09 18:16:03 | 000,000,469 | ---- | M] () -- C:\WINDOWS\System32\Datei7
[2012.07.09 18:16:03 | 000,000,469 | ---- | M] () -- C:\WINDOWS\System32\Datei5
[2012.07.09 18:16:03 | 000,000,468 | ---- | M] () -- C:\WINDOWS\System32\Datei0
[2012.07.09 18:16:03 | 000,000,467 | ---- | M] () -- C:\WINDOWS\System32\Datei9
[2012.07.09 18:16:03 | 000,000,467 | ---- | M] () -- C:\WINDOWS\System32\Datei8
[2012.07.09 18:16:03 | 000,000,467 | ---- | M] () -- C:\WINDOWS\System32\Datei10
[2012.07.09 18:16:03 | 000,000,465 | ---- | M] () -- C:\WINDOWS\System32\Datei6
[2012.07.08 18:35:02 | 000,001,576 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\CDBurnerXP.lnk
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.08.05 13:56:47 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\psma.sys
[2012.08.05 00:07:52 | 004,503,728 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\rat_0ybba.pad
[2012.08.05 00:07:52 | 000,001,608 | ---- | C] () -- C:\Dokumente und Einstellungen\flo\Startmenü\Programme\Autostart\ctfmon.lnk
[2012.07.08 18:35:02 | 000,001,576 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\CDBurnerXP.lnk
[2012.07.08 18:35:02 | 000,001,520 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\CDBurnerXP.lnk
[2012.07.08 18:35:01 | 000,005,504 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2012.04.25 15:07:32 | 000,340,480 | ---- | C] () -- C:\WINDOWS\System32\K8062e.exe
[2012.04.25 15:07:32 | 000,322,048 | ---- | C] () -- C:\WINDOWS\System32\Easylase.dll
[2012.04.25 15:07:32 | 000,301,056 | ---- | C] () -- C:\WINDOWS\System32\usbdmxfs.dll
[2012.04.25 15:07:32 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\usb_dll.dll
[2012.04.25 15:07:32 | 000,084,992 | ---- | C] () -- C:\WINDOWS\System32\DMX510Vb.dll
[2012.04.25 15:07:32 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\dashardvb.dll
[2012.04.25 15:07:32 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\EspionDll.dll
[2012.04.25 15:07:32 | 000,044,544 | ---- | C] () -- C:\WINDOWS\System32\dmx60.dll
[2012.04.25 15:07:32 | 000,044,544 | ---- | C] () -- C:\WINDOWS\System32\dmx120.dll
[2012.04.25 15:07:32 | 000,042,496 | ---- | C] () -- C:\WINDOWS\System32\K8062D.dll
[2012.04.25 15:07:32 | 000,037,888 | ---- | C] () -- C:\WINDOWS\System32\LPT_dmx.dll
[2012.04.25 15:07:32 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\MPUSBAPI.DLL
[2012.04.25 15:07:32 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\usbdmxsi.dll
[2012.04.25 15:07:32 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\FASTTime32.dll
[2012.04.25 15:07:32 | 000,003,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\dlportio.sys
[2012.04.25 15:07:31 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\inpout32.dll
[2012.04.22 00:23:56 | 000,000,043 | ---- | C] () -- C:\Programme\autorun.inf
[2012.04.22 00:23:54 | 000,015,331 | ---- | C] () -- C:\Programme\Setup.ini
[2012.03.28 08:01:39 | 043,882,460 | ---- | C] () -- C:\WINDOWS\System32\sfklg.dat
[2012.03.15 00:53:11 | 000,001,634 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2012.03.15 00:41:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\MX_SHARE.DAT
[2012.03.08 12:55:57 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012.03.08 12:55:57 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012.03.08 12:55:57 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012.03.08 12:55:57 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012.03.08 12:55:57 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012.03.07 12:11:52 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012.02.11 23:45:10 | 000,715,038 | ---- | C] () -- C:\WINDOWS\unins002.exe
[2012.02.11 23:45:10 | 000,002,292 | ---- | C] () -- C:\WINDOWS\unins002.dat
[2012.02.11 23:27:43 | 000,715,038 | ---- | C] () -- C:\WINDOWS\unins001.exe
[2012.02.11 23:27:43 | 000,002,368 | ---- | C] () -- C:\WINDOWS\unins001.dat
[2012.02.11 23:23:20 | 000,695,578 | ---- | C] () -- C:\WINDOWS\unins000.exe
[2012.02.11 23:23:20 | 000,000,898 | ---- | C] () -- C:\WINDOWS\unins000.dat
[2012.02.11 12:27:27 | 000,000,604 | -H-- | C] () -- C:\Programme\STLL Notifier
[2012.02.10 13:59:03 | 000,000,444 | ---- | C] () -- C:\WINDOWS\{17FE44E2-D21A-4F0C-BE49-798A8FBC374E}_WiseFW.ini
[2012.01.14 18:00:00 | 000,000,004 | ---- | C] () -- C:\WINDOWS\vx86036.dat
[2012.01.14 17:59:31 | 000,000,074 | ---- | C] () -- C:\WINDOWS\Crypkey.ini
[2012.01.14 17:59:27 | 000,027,648 | R--- | C] () -- C:\WINDOWS\Setup_ck.exe
[2012.01.14 17:59:27 | 000,019,584 | ---- | C] () -- C:\WINDOWS\System32\Ckldrv.sys
[2012.01.14 17:59:27 | 000,018,432 | ---- | C] () -- C:\WINDOWS\Setup_ck.dll
[2012.01.14 17:59:27 | 000,011,776 | ---- | C] () -- C:\WINDOWS\Ckrfresh.exe
[2012.01.14 17:58:54 | 000,000,383 | ---- | C] () -- C:\WINDOWS\System32\haspdos.sys
[2011.12.23 13:24:51 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2011.12.23 09:33:11 | 000,107,520 | RHS- | C] () -- C:\WINDOWS\System32\TAKDSDecoder.dll
[2011.09.12 20:43:19 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll
[2011.09.12 20:43:19 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll
[2011.09.12 20:43:19 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll
[2011.09.12 20:43:19 | 000,000,205 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll
[2011.09.12 20:43:19 | 000,000,073 | ---- | C] () -- C:\WINDOWS\System32\ssprs.dll
[2011.08.05 13:24:02 | 000,000,030 | ---- | C] () -- C:\Programme\Exiferupdate.ini
[2011.07.28 19:23:36 | 001,511,424 | ---- | C] () -- C:\WINDOWS\System32\HP1100SM.EXE
[2011.07.28 19:23:36 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\HP1100LM.DLL
[2011.07.28 19:23:02 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\mvusbews.dll
[2011.07.28 19:22:57 | 000,054,272 | ---- | C] () -- C:\WINDOWS\System32\HP1100SMs.dll
[2011.07.18 17:14:01 | 000,284,160 | ---- | C] () -- C:\WINDOWS\System32\mvhlewsi.dll
[2011.06.21 11:11:53 | 000,008,424 | RHS- | C] () -- C:\Dokumente und Einstellungen\All Users\ntuser.pol
[2011.04.11 21:56:57 | 000,006,656 | ---- | C] () -- C:\WINDOWS\System32\CNMVS58.DLL
[2011.04.06 17:01:20 | 000,030,461 | ---- | C] () -- C:\WINDOWS\snap099.dat
[2011.04.06 17:01:20 | 000,029,565 | ---- | C] () -- C:\WINDOWS\snap098.dat
[2011.04.06 17:01:20 | 000,028,669 | ---- | C] () -- C:\WINDOWS\snap097.dat
[2011.04.06 17:01:20 | 000,027,773 | ---- | C] () -- C:\WINDOWS\snap095.dat
[2011.04.06 17:01:20 | 000,027,773 | ---- | C] () -- C:\WINDOWS\snap094.dat
[2011.04.06 17:01:20 | 000,027,773 | ---- | C] () -- C:\WINDOWS\snap093.dat
[2011.04.06 17:01:20 | 000,027,773 | ---- | C] () -- C:\WINDOWS\snap090.dat
[2011.04.06 17:01:20 | 000,027,773 | ---- | C] () -- C:\WINDOWS\snap089.dat
[2011.04.06 17:01:20 | 000,026,877 | ---- | C] () -- C:\WINDOWS\snap096.dat
[2011.04.06 17:01:20 | 000,026,877 | ---- | C] () -- C:\WINDOWS\snap092.dat
[2011.04.06 17:01:20 | 000,025,981 | ---- | C] () -- C:\WINDOWS\snap091.dat
[2011.04.06 17:01:19 | 000,027,773 | ---- | C] () -- C:\WINDOWS\snap088.dat
[2011.04.06 17:01:19 | 000,026,877 | ---- | C] () -- C:\WINDOWS\snap087.dat
[2011.04.06 17:01:19 | 000,026,877 | ---- | C] () -- C:\WINDOWS\snap086.dat
[2011.04.06 17:01:19 | 000,025,981 | ---- | C] () -- C:\WINDOWS\snap085.dat
[2011.04.06 17:01:19 | 000,025,085 | ---- | C] () -- C:\WINDOWS\snap084.dat
[2011.04.06 17:01:19 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap083.dat
[2011.04.06 17:01:19 | 000,023,293 | ---- | C] () -- C:\WINDOWS\snap082.dat
[2011.04.06 17:01:19 | 000,022,397 | ---- | C] () -- C:\WINDOWS\snap081.dat
[2011.04.06 17:01:19 | 000,021,501 | ---- | C] () -- C:\WINDOWS\snap080.dat
[2011.04.06 17:01:19 | 000,020,605 | ---- | C] () -- C:\WINDOWS\snap079.dat
[2011.04.06 17:01:19 | 000,019,709 | ---- | C] () -- C:\WINDOWS\snap078.dat
[2011.04.06 17:01:19 | 000,019,709 | ---- | C] () -- C:\WINDOWS\snap077.dat
[2011.04.06 17:01:18 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap072.dat
[2011.04.06 17:01:18 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap069.dat
[2011.04.06 17:01:18 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap068.dat
[2011.04.06 17:01:18 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap067.dat
[2011.04.06 17:01:18 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap066.dat
[2011.04.06 17:01:18 | 000,023,293 | ---- | C] () -- C:\WINDOWS\snap073.dat
[2011.04.06 17:01:18 | 000,023,293 | ---- | C] () -- C:\WINDOWS\snap071.dat
[2011.04.06 17:01:18 | 000,023,293 | ---- | C] () -- C:\WINDOWS\snap070.dat
[2011.04.06 17:01:18 | 000,022,397 | ---- | C] () -- C:\WINDOWS\snap074.dat
[2011.04.06 17:01:18 | 000,021,501 | ---- | C] () -- C:\WINDOWS\snap075.dat
[2011.04.06 17:01:18 | 000,020,605 | ---- | C] () -- C:\WINDOWS\snap076.dat
[2011.04.06 17:01:17 | 000,025,085 | ---- | C] () -- C:\WINDOWS\snap061.dat
[2011.04.06 17:01:17 | 000,025,085 | ---- | C] () -- C:\WINDOWS\snap060.dat
[2011.04.06 17:01:17 | 000,025,085 | ---- | C] () -- C:\WINDOWS\snap059.dat
[2011.04.06 17:01:17 | 000,025,085 | ---- | C] () -- C:\WINDOWS\snap058.dat
[2011.04.06 17:01:17 | 000,025,085 | ---- | C] () -- C:\WINDOWS\snap057.dat
[2011.04.06 17:01:17 | 000,025,085 | ---- | C] () -- C:\WINDOWS\snap055.dat
[2011.04.06 17:01:17 | 000,025,085 | ---- | C] () -- C:\WINDOWS\snap053.dat
[2011.04.06 17:01:17 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap065.dat
[2011.04.06 17:01:17 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap064.dat
[2011.04.06 17:01:17 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap063.dat
[2011.04.06 17:01:17 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap062.dat
[2011.04.06 17:01:17 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap056.dat
[2011.04.06 17:01:17 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap054.dat
[2011.04.06 17:01:16 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap052.dat
[2011.04.06 17:01:16 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap051.dat
[2011.04.06 17:01:16 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap050.dat
[2011.04.06 17:01:16 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap049.dat
[2011.04.06 17:01:16 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap048.dat
[2011.04.06 17:01:16 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap047.dat
[2011.04.06 17:01:16 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap046.dat
[2011.04.06 17:01:16 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap045.dat
[2011.04.06 17:01:16 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap044.dat
[2011.04.06 17:01:16 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap043.dat
[2011.04.06 17:01:16 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap042.dat
[2011.04.06 17:01:16 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap041.dat
[2011.04.06 17:01:16 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap040.dat
[2011.04.06 17:01:16 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap039.dat
[2011.04.06 17:01:15 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap038.dat
[2011.04.06 17:01:15 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap037.dat
[2011.04.06 17:01:15 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap036.dat
[2011.04.06 17:01:15 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap035.dat
[2011.04.06 17:01:15 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap034.dat
[2011.04.06 17:01:15 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap033.dat
[2011.04.06 17:01:15 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap032.dat
[2011.04.06 17:01:15 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap031.dat
[2011.04.06 17:01:15 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap030.dat
[2011.04.06 17:01:15 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap029.dat
[2011.04.06 17:01:15 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap028.dat
[2011.04.06 17:01:15 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap027.dat
[2011.04.06 17:01:15 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap026.dat
[2011.04.06 17:01:14 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap025.dat
[2011.04.06 17:01:14 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap024.dat
[2011.04.06 17:01:14 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap023.dat
[2011.04.06 17:01:14 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap022.dat
[2011.04.06 17:01:14 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap021.dat
[2011.04.06 17:01:14 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap020.dat
[2011.04.06 17:01:14 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap019.dat
[2011.04.06 17:01:14 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap018.dat
[2011.04.06 17:01:14 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap017.dat
[2011.04.06 17:01:14 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap016.dat
[2011.04.06 17:01:14 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap015.dat
[2011.04.06 17:01:14 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap014.dat
[2011.04.06 17:01:14 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap013.dat
[2011.04.06 17:01:13 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap012.dat
[2011.04.06 17:01:13 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap011.dat
[2011.04.06 17:01:13 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap010.dat
[2011.04.06 17:01:13 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap009.dat
[2011.04.06 17:01:13 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap008.dat
[2011.04.06 17:01:13 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap007.dat
[2011.04.06 17:01:13 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap006.dat
[2011.04.06 17:01:13 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap005.dat
[2011.04.06 17:00:41 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap004.dat
[2011.04.06 17:00:41 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap003.dat
[2011.04.06 17:00:30 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap002.dat
[2011.04.06 17:00:29 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap001.dat
[2011.04.06 17:00:29 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap000.dat
[2011.04.06 16:58:29 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\MKCoInstaller.dll
[2011.04.06 16:58:25 | 000,002,042 | ---- | C] () -- C:\WINDOWS\Ca536a.ini
[2011.03.23 20:39:32 | 000,000,038 | -HS- | C] () -- C:\WINDOWS\camcodec100.ini
[2011.03.23 20:39:32 | 000,000,028 | -HS- | C] () -- C:\WINDOWS\lagarith.ini
[2011.03.23 20:39:18 | 000,032,256 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2011.03.23 19:39:14 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\pxhpinst.exe
[2011.03.21 18:04:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Kopie von musicmaker.INI
[2011.03.21 17:16:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\musicmaker.INI
[2011.03.21 17:13:46 | 000,000,024 | ---- | C] () -- C:\WINDOWS\magix.ini
[2011.03.21 16:54:10 | 000,038,912 | ---- | C] () -- C:\WINDOWS\System32\mgxasio.dll
[2011.03.20 00:57:53 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2011.03.18 10:55:30 | 000,000,782 | ---- | C] () -- C:\WINDOWS\Sam9_D.INI
[2011.03.18 10:51:58 | 000,120,200 | ---- | C] () -- C:\WINDOWS\System32\DLLDEV32i.dll
[2011.03.18 10:51:19 | 000,001,208 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini
[2011.03.18 10:48:46 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2011.03.16 14:36:36 | 000,009,913 | ---- | C] () -- C:\Dokumente und Einstellungen\flo\MCCI_MDM.INF
[2011.03.16 14:36:36 | 000,009,232 | ---- | C] () -- C:\Dokumente und Einstellungen\flo\USB_MOT_BRIT.INF
[2011.03.16 14:36:36 | 000,007,201 | ---- | C] () -- C:\Dokumente und Einstellungen\flo\USBMOT2000.INF
[2011.03.16 14:36:36 | 000,006,989 | ---- | C] () -- C:\Dokumente und Einstellungen\flo\MCCI_BUS.INF
[2011.03.16 14:36:36 | 000,006,141 | ---- | C] () -- C:\Dokumente und Einstellungen\flo\USBMOT2000XP.INF
[2011.03.16 14:36:36 | 000,005,960 | ---- | C] () -- C:\Dokumente und Einstellungen\flo\USB_MOT_A1000.INF
[2011.03.16 14:36:36 | 000,005,880 | ---- | C] () -- C:\Dokumente und Einstellungen\flo\USB_CMCS_2000.INF
[2011.03.16 14:36:36 | 000,004,477 | ---- | C] () -- C:\Dokumente und Einstellungen\flo\MCCI_SDM.INF
[2011.03.16 01:09:20 | 000,052,224 | ---- | C] () -- C:\Dokumente und Einstellungen\flo\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.03.15 13:42:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011.03.15 03:28:05 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2011.03.15 02:19:29 | 000,000,136 | ---- | C] () -- C:\Dokumente und Einstellungen\flo\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2011.03.15 02:14:57 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011.03.15 02:04:58 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011.03.15 01:41:58 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011.03.15 01:40:35 | 000,224,816 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 122 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:C8B8CEBD

< End of report >
         
--- --- ---


extras.txt
OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 06.08.2012 10:09:08 - Run 2
OTL by OldTimer - Version 3.2.56.0     Folder = C:\Dokumente und Einstellungen\flo\Desktop
Windows XP Tablet PC Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,99 Gb Total Physical Memory | 0,89 Gb Available Physical Memory | 44,48% Memory free
3,84 Gb Paging File | 2,81 Gb Available in Paging File | 73,12% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 18,62 Gb Total Space | 0,90 Gb Free Space | 4,85% Space Free | Partition Type: NTFS
Drive D: | 18,63 Gb Total Space | 1,03 Gb Free Space | 5,55% Space Free | Partition Type: NTFS
Drive F: | 1,81 Gb Total Space | 0,43 Gb Free Space | 23,65% Space Free | Partition Type: FAT
Drive I: | 931,51 Gb Total Space | 352,44 Gb Free Space | 37,84% Space Free | Partition Type: NTFS
Drive M: | 7,40 Gb Total Space | 7,40 Gb Free Space | 100,00% Space Free | Partition Type: FAT32
 
Computer Name: FLOPTOP | User Name: flo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- winhlp32.exe %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\Orbitdownloader\orbitdm.exe" = C:\Programme\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Programme\Orbitdownloader\orbitnet.exe" = C:\Programme\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Programme\1&1\1&1 SoftPhone\IPPHONEUI.EXE" = C:\Programme\1&1\1&1 SoftPhone\IPPHONEUI.EXE:*:Enabled:1&1 SoftPhone -- (1&1 Internet AG)
"C:\Programme\Mozilla Firefox\firefox.exe" = C:\Programme\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Programme\QIP\qip.exe" = C:\Programme\QIP\qip.exe:*:Enabled:Quiet Internet Pager -- (The Author of QIP)
"C:\Programme\Sibelius Software\Sibelius 6\RegTool.exe" = C:\Programme\Sibelius Software\Sibelius 6\RegTool.exe:*:Enabled:RegTool.exe -- ()
"C:\Programme\Sibelius Software\Sibelius 6\Sibelius.exe" = C:\Programme\Sibelius Software\Sibelius 6\Sibelius.exe:*:Enabled:Sibelius.exe -- (Sibelius Software, a division of Avid Technology, Inc. and its licensors.)
"C:\Dokumente und Einstellungen\flo\Anwendungsdaten\Dropbox\bin\Dropbox.exe" = C:\Dokumente und Einstellungen\flo\Anwendungsdaten\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- (Dropbox, Inc.)
"D:\FreeStyler\FreeStyler512.exe" = D:\FreeStyler\FreeStyler512.exe:*:Enabled:FreeStyler512
"C:\Programme\QIP 2012\qip.exe" = C:\Programme\QIP 2012\qip.exe:*:Enabled:QIP 2012
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0659E943-DDF4-44FC-9FEE-A13B09F8BB08}" = Adobe Flash Media Live Encoder 3.2
"{09266808-537A-43C1-8B4D-D411169F1E3B}" = Garmin Training Center
"{0DD140D3-9563-481E-AA75-BA457CBDAEF2}" = PC Inspector File Recovery
"{17FE44E2-D21A-4F0C-BE49-798A8FBC374E}" = Sibelius 6
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{268723B7-A994-4286-9F85-B974D5CAFC7B}" = Ontrack EasyRecovery Professional
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{27237DBF-81A7-4569-908C-48427460B7BA}" = The Panorama Factory V5 m32 Edition
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 H2
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3F4EC965-28EF-45C3-B063-04B25D4E9679}" = HP Integrated Module with Bluetooth wireless technology
"{48CF6549-B45D-4313-9927-EFCCC8A3493F}" = TIPCI
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AA68A73-DB9C-439D-9481-981C82BD008B}" = Nokia Connectivity Cable Driver
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers
"{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}" = Power Tab Editor 1.7
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{767B964C-D9B4-422D-802B-F7ACBE2D310A}" = TIPCI
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7F362F06-A9A3-440F-8B19-6A01A72723C4}" = AuthenTec Fingerprint Sensor Minimum Install
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders  (German) 12
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0000-0000-0000000FF1CE}" = Microsoft Office OneNote 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{903B0407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Project Professional 2003
"{92D1CEBC-7C72-4ECF-BFC6-C131EF3FE6A7}" = Nokia Suite
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A14F7508-B784-40B8-B11A-E0E2EEB7229F}" = Adobe Premiere Pro 1.5
"{A2AA4204-C05A-4013-888A-AD153139297F}" = PC Connectivity Solution
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}" = Join Air
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{AEB9948B-4FF2-47C9-990E-47014492A0FE}" = MSXML 6.0 Parser
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0
"{B7F54262-AB66-44B3-88BF-9FC69941B643}" = Broadcom NetXtreme Ethernet Controller
"{B93DCF58-AA57-41EC-8D69-B05C66C6312D}_is1" = SUPER © v2011.build.49 (July 1st, 2011) Version v2011.build.49
"{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}" = Motorola Phone Tools
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU
"{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D6A1E429-CCE1-4140-A615-710B806D12BA}" = Motorola Driver Installation 3.2.0
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{E8F728D0-C3F0-42EB-BBC2-C4A38A577CB1}" = Motorola Phone Tools
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{FFB6614F-6E61-4831-BF71-51633A718B18}" = Nitro Reader 2
"1&1 SmartFax" = 1&1 SmartFax
"1&1 SoftPhone" = 1&1 SoftPhone
"3D4You22 2009_is1" = 3D4You22 2009
"4.0M MPEG4 DV" = 4.0M MPEG4 DV
"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (06/03/2009 2.3.0.0)
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"ALZip_is1" = ALZip
"AsfTools 3.1" = AsfTools 3.1 (remove only)
"ASIO4ALL" = ASIO4ALL
"Avidemux 2.5" = Avidemux 2.5
"Broadcom 802.11b Network Adapter" = Broadcom 802.11-WLAN-Adapter
"Bullzip PDF Printer_is1" = Bullzip PDF Printer 8.2.0.1406
"CamStudio" = CamStudio
"CANONBJ_Deinstall_CNMCP58.DLL" = Canon i560
"CDex" = CDex - Open Source Digital Audio CD Extractor
"Exifer_is1" = Exifer
"Feurio" = Feurio! CD-Writer
"ffdshow_is1" = ffdshow [rev 2202] [2008-10-10]
"FL Studio 9" = FL Studio 9
"Flatcast Producer 5.3_is1" = Flatcast Producer Plugin 5.3.0.784
"Flatcast Viewer 5.3_is1" = Flatcast Viewer Plugin 5.3.0.784
"Flatcast_is1" = Flatcast Viewer Plugin 5.2.2.454
"GPL Ghostscript 9.05" = GPL Ghostscript
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Hippsoft hsWebCam_is1" = Hippsoft hsWebCam 1.09.0000
"HP LaserJet Professional P1100-P1560-P1600 Series" = HP LaserJet Professional P1100-P1560-P1600 Series
"HS2_is1" = Steinberg Hypersonic 2
"InstallShield_{268723B7-A994-4286-9F85-B974D5CAFC7B}" = Ontrack EasyRecovery Professional
"InstallShield_{48CF6549-B45D-4313-9927-EFCCC8A3493F}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"InstallShield_{767B964C-D9B4-422D-802B-F7ACBE2D310A}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Nokia Suite" = Nokia Suite
"ONENOTE" = Microsoft Office OneNote 2007
"Orbit_is1" = Orbit Downloader
"Samplitude SE No.9 D" = Samplitude SE No.9 9.1.1.1 (D)
"SyncroSoft Emu" = SyncroSoft Emu (Remove only)
"Syncrosoft's License Control" = Syncrosofts Lizenz Kontrolle
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Toxic Biohazard" = Toxic Biohazard
"VLC media player" = VLC media player 1.1.7
"Vuze_Remote Toolbar" = Vuze Remote Toolbar
"WacomPenabled" = Wacom Pen Driver 2.7
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"Wudf01009" = Microsoft User-Mode Driver Framework Feature Pack 1.9
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"QIP 2005" = QIP 2005 8095
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 28.07.2012 14:35:02 | Computer Name = FLOPTOP | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung FlashPlayerUpdateService.exe, Version 11.3.300.268,
 fehlgeschlagenes Modul ntdll.dll, Version 5.1.2600.6055, Fehleradresse 0x000113c0.
 
Error - 28.07.2012 15:13:41 | Computer Name = FLOPTOP | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung rundll32.exe, Version 5.1.2600.5512, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 29.07.2012 07:26:59 | Computer Name = FLOPTOP | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung nitro_pipassistant.exe, Version 2.3.1.7,
 fehlgeschlagenes Modul msvcr100.dll, Version 10.0.40219.1, Fehleradresse 0x0008d6fd.
 
Error - 31.07.2012 14:35:33 | Computer Name = FLOPTOP | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung FlashPlayerUpdateService.exe, Version 11.3.300.268,
 fehlgeschlagenes Modul ntdll.dll, Version 5.1.2600.6055, Fehleradresse 0x000113c0.
 
Error - 02.08.2012 04:35:03 | Computer Name = FLOPTOP | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung FlashPlayerUpdateService.exe, Version 11.3.300.268,
 fehlgeschlagenes Modul ntdll.dll, Version 5.1.2600.6055, Fehleradresse 0x000113c0.
 
Error - 02.08.2012 10:35:17 | Computer Name = FLOPTOP | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung FlashPlayerUpdateService.exe, Version 11.3.300.268,
 fehlgeschlagenes Modul ntdll.dll, Version 5.1.2600.6055, Fehleradresse 0x000113c0.
 
Error - 02.08.2012 11:35:18 | Computer Name = FLOPTOP | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung FlashPlayerUpdateService.exe, Version 11.3.300.268,
 fehlgeschlagenes Modul ntdll.dll, Version 5.1.2600.6055, Fehleradresse 0x000113c0.
 
Error - 02.08.2012 15:35:02 | Computer Name = FLOPTOP | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung FlashPlayerUpdateService.exe, Version 11.3.300.268,
 fehlgeschlagenes Modul ntdll.dll, Version 5.1.2600.6055, Fehleradresse 0x000113c0.
 
Error - 03.08.2012 00:43:53 | Computer Name = FLOPTOP | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung plugin-container.exe, Version 14.0.1.4577,
 fehlgeschlagenes Modul npgarmin.dll, Version 3.0.1.0, Fehleradresse 0x004aa177.
 
Error - 04.08.2012 05:33:13 | Computer Name = FLOPTOP | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung plugin-container.exe, Version 14.0.1.4577,
 fehlgeschlagenes Modul npgarmin.dll, Version 3.0.1.0, Fehleradresse 0x004aa177.
 
[ OSession Events ]
Error - 15.03.2011 20:02:45 | Computer Name = FLOPTOP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 13, Application Name: Microsoft Office OneNote, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 376
 seconds with 360 seconds of active time.  This session ended with a crash.
 
Error - 01.04.2011 15:02:01 | Computer Name = FLOPTOP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 13, Application Name: Microsoft Office OneNote, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 6927
 seconds with 1200 seconds of active time.  This session ended with a crash.
 
Error - 01.04.2011 15:02:20 | Computer Name = FLOPTOP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 13, Application Name: Microsoft Office OneNote, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 12
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 01.04.2011 15:02:39 | Computer Name = FLOPTOP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 13, Application Name: Microsoft Office OneNote, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 16
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 01.04.2011 15:02:52 | Computer Name = FLOPTOP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 13, Application Name: Microsoft Office OneNote, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 9
 seconds with 0 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 04.08.2012 05:19:58 | Computer Name = FLOPTOP | Source = Service Control Manager | ID = 7000
Description = Der Dienst "4.0M MPEG4 DV Video Capture" wurde aufgrund folgenden 
Fehlers nicht gestartet:   %%1058
 
Error - 04.08.2012 05:20:05 | Computer Name = FLOPTOP | Source = Service Control Manager | ID = 7023
Description = Der Dienst "WMI-Leistungsadapter" wurde mit folgendem Fehler beendet:
   %%2147500037
 
Error - 04.08.2012 11:49:56 | Computer Name = FLOPTOP | Source = Service Control Manager | ID = 7000
Description = Der Dienst "4.0M MPEG4 DV Video Capture" wurde aufgrund folgenden 
Fehlers nicht gestartet:   %%1058
 
Error - 04.08.2012 11:50:02 | Computer Name = FLOPTOP | Source = Service Control Manager | ID = 7023
Description = Der Dienst "WMI-Leistungsadapter" wurde mit folgendem Fehler beendet:
   %%2147500037
 
Error - 04.08.2012 16:08:09 | Computer Name = FLOPTOP | Source = Service Control Manager | ID = 7000
Description = Der Dienst "4.0M MPEG4 DV Video Capture" wurde aufgrund folgenden 
Fehlers nicht gestartet:   %%1058
 
Error - 04.08.2012 16:08:14 | Computer Name = FLOPTOP | Source = Service Control Manager | ID = 7023
Description = Der Dienst "WMI-Leistungsadapter" wurde mit folgendem Fehler beendet:
   %%2147500037
 
Error - 04.08.2012 18:12:15 | Computer Name = FLOPTOP | Source = Service Control Manager | ID = 7000
Description = Der Dienst "4.0M MPEG4 DV Video Capture" wurde aufgrund folgenden 
Fehlers nicht gestartet:   %%1058
 
Error - 04.08.2012 18:12:21 | Computer Name = FLOPTOP | Source = Service Control Manager | ID = 7023
Description = Der Dienst "WMI-Leistungsadapter" wurde mit folgendem Fehler beendet:
   %%2147500037
 
Error - 05.08.2012 04:19:47 | Computer Name = FLOPTOP | Source = Service Control Manager | ID = 7000
Description = Der Dienst "4.0M MPEG4 DV Video Capture" wurde aufgrund folgenden 
Fehlers nicht gestartet:   %%1058
 
Error - 05.08.2012 04:19:57 | Computer Name = FLOPTOP | Source = Service Control Manager | ID = 7023
Description = Der Dienst "WMI-Leistungsadapter" wurde mit folgendem Fehler beendet:
   %%2147500037
 
 
< End of report >
         
--- --- ---
__________________

Alt 06.08.2012, 16:01   #4
t'john
/// Helfer-Team
 
gvu / ukash-trojaner - Standard

gvu / ukash-trojaner



Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

  • Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc.
  • Starte die OTL.exe.
    Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
  • Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:


Code:
ATTFilter
:OTL
MOD - C:\Dokumente und Einstellungen\flo\Lokale Einstellungen\Temp\Adobelm_Cleanup.0001.dir.0002\~df394b.tmp () 
MOD - C:\Dokumente und Einstellungen\flo\Lokale Einstellungen\Temp\Adobelm_Cleanup.0001.dir.0001\~df394b.tmp () 
MOD - C:\Dokumente und Einstellungen\flo\Lokale Einstellungen\Temp\abby0_tar.exe () 
DRV - (WDICA) -- File not found 
DRV - (PDRFRAME) -- File not found 
DRV - (PDRELI) -- File not found 
DRV - (PDFRAME) -- File not found 
DRV - (PDCOMP) -- File not found 
DRV - (PCIDump) -- File not found 
DRV - (Mnlicnxdmw) -- File not found 
DRV - (lbrtfdc) -- File not found 
DRV - (i2omgmt) -- File not found 
DRV - (Changer) -- File not found 
DRV - (catchme) -- C:\DOKUME~1\flo\LOKALE~1\Temp\catchme.sys File not found 
DRV - (appliandMP) -- system32\DRIVERS\appliand.sys File not found 
DRV - (ajt0mnte) -- File not found 
DRV - (AgereSoftModem) -- system32\DRIVERS\AGRSM.sys File not found 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = 
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 
FF - prefs.js..browser.search.defaultenginename: "" 
FF - prefs.js..browser.search.param.yahoo-fr: "" 
FF - prefs.js..browser.search.selectedEngine: "Google" 
FF - prefs.js..browser.search.update: false 
FF - prefs.js..browser.startup.homepage: "about:blank" 
FF - prefs.js..extensions.enabledItems: {ad48108d-92a6-4eb9-87e4-978aca1dbae4}:1.1.7 
FF - prefs.js..extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.1.2 
FF - prefs.js..network.proxy.backup.ftp: "10.1.0.0" 
FF - prefs.js..network.proxy.backup.ftp_port: "" 
FF - prefs.js..network.proxy.backup.socks: "" 
FF - prefs.js..network.proxy.backup.socks_port: "" 
FF - prefs.js..network.proxy.backup.ssl: "" 
FF - prefs.js..network.proxy.backup.ssl_port: "" 
FF - prefs.js..network.proxy.ftp: "10.1.0.0" 
FF - prefs.js..network.proxy.ftp_port: 8080 
FF - prefs.js..network.proxy.http: "10.1.0.0" 
FF - prefs.js..network.proxy.http_port: 8080 
FF - prefs.js..network.proxy.no_proxies_on: "localhost, 127.0.0.1, 10.3.0.64, 10.1.0.0/8080" 
FF - prefs.js..network.proxy.share_proxy_settings: true 
FF - prefs.js..network.proxy.socks: "10.1.0.0" 
FF - prefs.js..network.proxy.socks_port: 8080 
FF - prefs.js..network.proxy.ssl: "10.1.0.0" 
FF - prefs.js..network.proxy.ssl_port: 8080 
FF - prefs.js..network.proxy.type: 0 
FF - user.js - File not found 
O4 - HKCU..\Run: [Infium] "C:\Programme\QIP 2012\qip.exe" /autorun File not found 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) 
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) 
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) 
O32 - HKLM CDRom: AutoRun - 0 


[2012.08.06 09:40:00 | 000,001,090 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job 
[2012.08.06 09:35:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job 
[2012.08.06 07:40:00 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job 
[2012.08.05 13:56:48 | 000,001,608 | ---- | M] () -- C:\Dokumente und Einstellungen\flo\Startmenü\Programme\Autostart\ctfmon.lnk 

[2012.08.05 00:45:31 | 004,503,728 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\rat_0ybba.pad 

:Files

ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[emptyflash]
         
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Wenn OTL einen Neustart verlangt, bitte zulassen.
  • Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
    Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\<datum_nummer.log>

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!
__________________
Mfg, t'john
Das TB unterstützen

Alt 06.08.2012, 21:43   #5
bullahoch2
 
gvu / ukash-trojaner - Standard

gvu / ukash-trojaner



Code:
ATTFilter
All processes killed
========== OTL ==========
Service WDICA stopped successfully!
Service WDICA deleted successfully!
File  File not found not found.
Service PDRFRAME stopped successfully!
Service PDRFRAME deleted successfully!
File  File not found not found.
Service PDRELI stopped successfully!
Service PDRELI deleted successfully!
File  File not found not found.
Service PDFRAME stopped successfully!
Service PDFRAME deleted successfully!
File  File not found not found.
Service PDCOMP stopped successfully!
Service PDCOMP deleted successfully!
File  File not found not found.
Service PCIDump stopped successfully!
Service PCIDump deleted successfully!
File  File not found not found.
Error: No service named Mnlicnxdmw was found to stop!
Service\Driver key Mnlicnxdmw not found.
File  File not found not found.
Service lbrtfdc stopped successfully!
Service lbrtfdc deleted successfully!
File  File not found not found.
Service i2omgmt stopped successfully!
Service i2omgmt deleted successfully!
File  File not found not found.
Service Changer stopped successfully!
Service Changer deleted successfully!
File  File not found not found.
Service catchme stopped successfully!
Service catchme deleted successfully!
File  C:\DOKUME~1\flo\LOKALE~1\Temp\catchme.sys File not found not found.
Service appliandMP stopped successfully!
Service appliandMP deleted successfully!
File  system32\DRIVERS\appliand.sys File not found not found.
Error: No service named ajt0mnte was found to stop!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ajt0mnte deleted successfully.
File  File not found not found.
Service AgereSoftModem stopped successfully!
Service AgereSoftModem deleted successfully!
File  system32\DRIVERS\AGRSM.sys File not found not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Prefs.js: "" removed from browser.search.defaultenginename
Prefs.js: "" removed from browser.search.param.yahoo-fr
Prefs.js: "Google" removed from browser.search.selectedEngine
Prefs.js: false removed from browser.search.update
Prefs.js: "about:blank" removed from browser.startup.homepage
Prefs.js: {ad48108d-92a6-4eb9-87e4-978aca1dbae4}:1.1.7 removed from extensions.enabledItems
Prefs.js: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.1.2 removed from extensions.enabledItems
Prefs.js: "10.1.0.0" removed from network.proxy.backup.ftp
Prefs.js: "" removed from network.proxy.backup.ftp_port
Prefs.js: "" removed from network.proxy.backup.socks
Prefs.js: "" removed from network.proxy.backup.socks_port
Prefs.js: "" removed from network.proxy.backup.ssl
Prefs.js: "" removed from network.proxy.backup.ssl_port
Prefs.js: "10.1.0.0" removed from network.proxy.ftp
Prefs.js: 8080 removed from network.proxy.ftp_port
Prefs.js: "10.1.0.0" removed from network.proxy.http
Prefs.js: 8080 removed from network.proxy.http_port
Prefs.js: "localhost, 127.0.0.1, 10.3.0.64, 10.1.0.0/8080" removed from network.proxy.no_proxies_on
Prefs.js: true removed from network.proxy.share_proxy_settings
Prefs.js: "10.1.0.0" removed from network.proxy.socks
Prefs.js: 8080 removed from network.proxy.socks_port
Prefs.js: "10.1.0.0" removed from network.proxy.ssl
Prefs.js: 8080 removed from network.proxy.ssl_port
Prefs.js: 0 removed from network.proxy.type
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Infium deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives deleted successfully.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job moved successfully.
C:\WINDOWS\tasks\Adobe Flash Player Updater.job moved successfully.
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job moved successfully.
C:\Dokumente und Einstellungen\flo\Startmenü\Programme\Autostart\ctfmon.lnk moved successfully.
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\rat_0ybba.pad moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Auflösungscache wurde geleert.
C:\Dokumente und Einstellungen\flo\Desktop\cmd.bat deleted successfully.
C:\Dokumente und Einstellungen\flo\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: flo
->Temp folder emptied: 27655285 bytes
->Temporary Internet Files folder emptied: 96522251 bytes
->Java cache emptied: 1288861 bytes
->FireFox cache emptied: 301543984 bytes
->Flash cache emptied: 40143 bytes
 
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 711240 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1328790 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 409,00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Default User
 
User: flo
->Flash cache emptied: 0 bytes
 
User: LocalService
 
User: NetworkService
 
Total Flash Files Cleaned = 0,00 mb
 
 
OTL by OldTimer - Version 3.2.56.0 log created on 08062012_212024

Files\Folders moved on Reboot...
File\Folder C:\Dokumente und Einstellungen\flo\Lokale Einstellungen\Temp\abby0_tar.exe not found!
File move failed. C:\WINDOWS\temp\hlktmp scheduled to be moved on reboot.

PendingFileRenameOperations files...
File C:\Dokumente und Einstellungen\flo\Lokale Einstellungen\Temp\abby0_tar.exe not found!
[2012.08.06 21:37:50 | 008,405,015 | ---- | M] () C:\WINDOWS\temp\hlktmp : Unable to obtain MD5

Registry entries deleted on Reboot...
         


Alt 07.08.2012, 14:48   #6
t'john
/// Helfer-Team
 
gvu / ukash-trojaner - Standard

gvu / ukash-trojaner



Sehr gut!

Wie laeuft der Rechner?

1. Schritt
Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Malwarebytes Anti-Malware
- Anwendbar auf Windows 2000, XP, Vista und 7.
- Installiere das Programm in den vorgegebenen Pfad.
- Aktualisiere die Datenbank!
- Aktiviere "Komplett Scan durchführen" => Scan.
- Wähle alle verfügbaren Laufwerke (ausser CD/DVD) aus und starte den Scan.
- Funde bitte löschen lassen oder in Quarantäne.
- Wenn der Scan beendet ist, klicke auf "Zeige Resultate".
danach:

2. Schritt

Downloade Dir bitte AdwCleaner auf deinen Desktop.

  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Search.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.
__________________
--> gvu / ukash-trojaner

Alt 08.08.2012, 21:13   #7
bullahoch2
 
gvu / ukash-trojaner - Standard

gvu / ukash-trojaner



der rechner läuft problemlos..
malwarebytes Anti-Malware findet nichts mehr.
hier der log vom adwcleaner:
Code:
ATTFilter
# AdwCleaner v1.800 - Logfile created 08/08/2012 at 21:11:35
# Updated 01/08/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : flo - FLOPTOP
# Running from : D:\downloads\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\Dokumente und Einstellungen\flo\Anwendungsdaten\pdfforge
Folder Found : C:\Programme\Conduit
Folder Found : C:\Programme\Vuze_Remote
Folder Found : C:\Programme\Vuze_Remote

***** [Registry] *****
[*] Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2504091
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Headlight
Key Found : HKCU\Software\Softonic
Key Found : HKCU\Software\Vuze_Remote
Key Found : HKCU\Toolbar
Key Found : HKLM\SOFTWARE\Adobe\OpenCandy
Key Found : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Found : HKLM\SOFTWARE\Conduit
Key Found : HKLM\SOFTWARE\eRightSoft\OpenCandy
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Vuze_Remote Toolbar
Key Found : HKLM\SOFTWARE\Orbit\OpenCandy
Key Found : HKLM\SOFTWARE\Software
Key Found : HKLM\SOFTWARE\Vuze_Remote
Key Found : HKLM\SOFTWARE\Wise Solutions
Value Found : HKCU\Software\Microsoft\Internet Explorer\Extensions\CmdMapping [{F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478}]

***** [Registre - GUID] *****

Key Found : HKLM\SOFTWARE\Classes\CLSID\{C2B137E4-563A-437D-AFFE-E5A047FA759C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{7533B9D8-A1BC-4806-899A-D169C27F7373}
Key Found : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Key Found : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{93930591-E827-49E3-A4B6-1DCFBFBB2176}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C765ED3C-7D17-412E-BC07-02972B2AD53B}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7533B9D8-A1BC-4806-899A-D169C27F7373}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F72841F0-4EF1-4DF5-BCE5-B3AC8ACF5478}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BA14329E-9550-4989-B3F2-9732E92D17CC}

***** [Internet Browsers] *****

-\\ Internet Explorer v6.0.2900.5512

[OK] Registry is clean.

*************************

AdwCleaner[R1].txt - [2787 octets] - [08/08/2012 21:11:35]

########## EOF - C:\AdwCleaner[R1].txt - [2915 octets] ##########
         

Alt 08.08.2012, 21:19   #8
t'john
/// Helfer-Team
 
gvu / ukash-trojaner - Standard

gvu / ukash-trojaner



Sehr gut!


  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Delete.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.




danach:


Malware-Scan mit Emsisoft Anti-Malware

Lade die Gratisversion von => Emsisoft Anti-Malware herunter und installiere das Programm.
Lade über Jetzt Updaten die aktuellen Signaturen herunter.
Wähle den Freeware-Modus aus.

Wähle Detail Scan und starte über den Button Scan die Überprüfung des Computers.
Am Ende des Scans nichts loeschen lassen!. Mit Klick auf Bericht speichern das Logfile auf dem Desktop speichern und hier in den Thread posten.

Anleitung: http://www.trojaner-board.de/103809-...i-malware.html
__________________
Mfg, t'john
Das TB unterstützen

Alt 09.09.2012, 03:26   #9
t'john
/// Helfer-Team
 
gvu / ukash-trojaner - Standard

gvu / ukash-trojaner



Fehlende Rückmeldung

Gibt es Probleme beim Abarbeiten obiger Anleitung?

Um Kapazitäten für andere Hilfesuchende freizumachen, lösche ich dieses Thema aus meinen Benachrichtigungen.

Solltest Du weitermachen wollen, schreibe mir eine PN oder eröffne ein neues Thema.
http://www.trojaner-board.de/69886-a...-beachten.html


Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner sauber ist.
__________________
Mfg, t'john
Das TB unterstützen

Alt 09.09.2012, 17:10   #10
bullahoch2
 
gvu / ukash-trojaner - Standard

gvu / ukash-trojaner



sorry, ich dachte, ich hätte geantwortet.

hier der adwcleaner-log:

Code:
ATTFilter
# AdwCleaner v2.000 - Datei am 09/09/2012 um 09:38:27 erstellt
# Aktualisiert am 30/08/2012 von Xplode
# Betriebssystem : Microsoft Windows XP Service Pack 3 (32 bits)
# Benutzer : flo - FLOPTOP
# Normaler Modus : Normal
# Ausgeführt unter : D:\downloads\adwcleaner(1).exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gelöscht : C:\Dokumente und Einstellungen\flo\Anwendungsdaten\pdfforge
Ordner Gelöscht : C:\Programme\Conduit
Ordner Gelöscht : C:\Programme\Vuze_Remote

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\Headlight
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BA14329E-9550-4989-B3F2-9732E92D17CC}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F72841F0-4EF1-4DF5-BCE5-B3AC8ACF5478}
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\SweetIm
Schlüssel Gelöscht : HKCU\Software\Vuze_Remote
Schlüssel Gelöscht : HKCU\Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{7533B9D8-A1BC-4806-899A-D169C27F7373}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{C2B137E4-563A-437D-AFFE-E5A047FA759C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Conduit.Engine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2504091
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\Software\eRightSoft\OpenCandy
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{93930591-E827-49E3-A4B6-1DCFBFBB2176}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C765ED3C-7D17-412E-BC07-02972B2AD53B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Vuze_Remote Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7533B9D8-A1BC-4806-899A-D169C27F7373}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Vuze_Remote Toolbar
Schlüssel Gelöscht : HKLM\Software\Orbit\OpenCandy
Schlüssel Gelöscht : HKLM\SOFTWARE\Software
Schlüssel Gelöscht : HKLM\Software\SweetIm
Schlüssel Gelöscht : HKLM\Software\Vuze_Remote
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Extensions\CmdMapping [{F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EEE6C35B-6118-11DC-9C72-001320C79847}]

***** [Internet Browser] *****

-\\ Internet Explorer v6.0.2900.5512

Wiederhergestellt : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

*************************

AdwCleaner[R1].txt - [2916 octets] - [08/08/2012 21:11:35]
AdwCleaner[S1].txt - [4007 octets] - [09/09/2012 09:38:27]

########## EOF - C:\AdwCleaner[S1].txt - [4067 octets] ##########
         

anti-malware scan log:
Code:
ATTFilter
Emsisoft Anti-Malware - Version 6.6
Letztes Update: 09.09.2012 09:55:23

Scan Einstellungen:

Scan Methode: Detail Scan
Objekte: Rootkits, Speicher, Traces, C:\, D:\, E:\
Archiv Scan: An
ADS Scan: An

Scan Beginn:	09.09.2012 09:56:22

c:\windows\system32\sfklg.dll 	gefunden: Riskware.Monitor.Win32.Sfkeylogger.a!E2
c:\programme\rkfree 	gefunden: Trace.File.revealerkeylog!E1
c:\windows\system32\sfklg.dat 	gefunden: Trace.File.free keylogger 1.1!E1
c:\windows\system32\sfklgcp.exe 	gefunden: Trace.File.free keylogger 1.1!E1
Value: hkey_local_machine\software\microsoft\windows nt\currentversion\windows --> sfklg 	gefunden: Trace.Registry.free keylogger 1.1!E1
C:\_OTL.zip -> MovedFiles\03052012_234830\C_WINDOWS\system32\E13521A1E0A0CC59F69D.exe 	gefunden: Trojan.Win32.Yakes!E2
C:\_OTL\MovedFiles\08062012_212024\C_Dokumente und Einstellungen\flo\Startmenü\Programme\Autostart\ctfmon.lnk 	gefunden: Trojan.LNK.Reveton!E2
C:\WINDOWS\assembly\GAC\Desktop.ini 	gefunden: Backdoor.Win32.ZAccess!E1
C:\System Volume Information\_restore{08B71889-4190-42E7-A07A-9202A9EEBDEB}\RP113\A0037774.ini 	gefunden: Backdoor.Win32.ZAccess!E1
C:\System Volume Information\_restore{08B71889-4190-42E7-A07A-9202A9EEBDEB}\RP113\A0038774.ini 	gefunden: Backdoor.Win32.ZAccess!E1
C:\System Volume Information\_restore{08B71889-4190-42E7-A07A-9202A9EEBDEB}\RP113\A0038804.ini 	gefunden: Backdoor.Win32.ZAccess!E1
C:\System Volume Information\_restore{08B71889-4190-42E7-A07A-9202A9EEBDEB}\RP113\A0038893.ini 	gefunden: Backdoor.Win32.ZAccess!E1
C:\System Volume Information\_restore{08B71889-4190-42E7-A07A-9202A9EEBDEB}\RP112\A0037677.ini 	gefunden: Backdoor.Win32.ZAccess!E1
C:\System Volume Information\_restore{08B71889-4190-42E7-A07A-9202A9EEBDEB}\RP112\A0037705.ini 	gefunden: Backdoor.Win32.ZAccess!E1
C:\System Volume Information\_restore{08B71889-4190-42E7-A07A-9202A9EEBDEB}\RP112\A0037721.ini 	gefunden: Backdoor.Win32.ZAccess!E1
C:\System Volume Information\_restore{08B71889-4190-42E7-A07A-9202A9EEBDEB}\RP112\A0037728.ini 	gefunden: Backdoor.Win32.ZAccess!E1
C:\System Volume Information\_restore{08B71889-4190-42E7-A07A-9202A9EEBDEB}\RP112\A0037736.ini 	gefunden: Backdoor.Win32.ZAccess!E1
C:\System Volume Information\_restore{08B71889-4190-42E7-A07A-9202A9EEBDEB}\RP112\A0037744.ini 	gefunden: Backdoor.Win32.ZAccess!E1
C:\System Volume Information\_restore{08B71889-4190-42E7-A07A-9202A9EEBDEB}\RP112\A0037756.ini 	gefunden: Backdoor.Win32.ZAccess!E1
C:\System Volume Information\_restore{08B71889-4190-42E7-A07A-9202A9EEBDEB}\RP111\A0037666.ini 	gefunden: Backdoor.Win32.ZAccess!E1
C:\System Volume Information\_restore{08B71889-4190-42E7-A07A-9202A9EEBDEB}\RP110\A0037504.ini 	gefunden: Backdoor.Win32.ZAccess!E1
C:\System Volume Information\_restore{08B71889-4190-42E7-A07A-9202A9EEBDEB}\RP110\A0037511.ini 	gefunden: Backdoor.Win32.ZAccess!E1
C:\System Volume Information\_restore{08B71889-4190-42E7-A07A-9202A9EEBDEB}\RP110\A0037518.ini 	gefunden: Backdoor.Win32.ZAccess!E1
C:\System Volume Information\_restore{08B71889-4190-42E7-A07A-9202A9EEBDEB}\RP110\A0037531.ini 	gefunden: Backdoor.Win32.ZAccess!E1
C:\System Volume Information\_restore{08B71889-4190-42E7-A07A-9202A9EEBDEB}\RP110\A0037561.ini 	gefunden: Backdoor.Win32.ZAccess!E1
C:\System Volume Information\_restore{08B71889-4190-42E7-A07A-9202A9EEBDEB}\RP110\A0037571.ini 	gefunden: Backdoor.Win32.ZAccess!E1
C:\System Volume Information\_restore{08B71889-4190-42E7-A07A-9202A9EEBDEB}\RP110\A0037593.ini 	gefunden: Backdoor.Win32.ZAccess!E1
C:\System Volume Information\_restore{08B71889-4190-42E7-A07A-9202A9EEBDEB}\RP110\A0037626.ini 	gefunden: Backdoor.Win32.ZAccess!E1
C:\System Volume Information\_restore{08B71889-4190-42E7-A07A-9202A9EEBDEB}\RP109\A0037269.exe 	gefunden: Trojan-Dropper.Win32.Injector!E2
C:\System Volume Information\_restore{08B71889-4190-42E7-A07A-9202A9EEBDEB}\RP109\A0037432.ini 	gefunden: Backdoor.Win32.ZAccess!E1
C:\System Volume Information\_restore{08B71889-4190-42E7-A07A-9202A9EEBDEB}\RP109\A0037484.ini 	gefunden: Backdoor.Win32.ZAccess!E1
C:\RECYCLER\S-1-5-18\$4326bb3558bc3f06d34f3e87218ccfcd\U\00000004.@ 	gefunden: Trojan.Win32.Sirefef!E2
C:\RECYCLER\S-1-5-21-1644491937-861567501-839522115-1003\$4326bb3558bc3f06d34f3e87218ccfcd\n 	gefunden: Trojan.Win32.Sirefef!E2
C:\RECYCLER\S-1-5-18\$4326bb3558bc3f06d34f3e87218ccfcd\n 	gefunden: Trojan.Win32.Sirefef!E2
C:\RECYCLER\S-1-5-18\$4326bb3558bc3f06d34f3e87218ccfcd\U\80000000.@ 	gefunden: Trojan.Win32.Sirefef.AMN!E1
C:\RECYCLER\S-1-5-18\$4326bb3558bc3f06d34f3e87218ccfcd\U\80000032.@ 	gefunden: Trojan.Win32.Sirefef.AMN!E1
C:\RECYCLER\S-1-5-18\$4326bb3558bc3f06d34f3e87218ccfcd\U\000000cb.@ 	gefunden: Backdoor.Win32.ZAccess.AMN!E1
C:\RECYCLER\S-1-5-18\$4326bb3558bc3f06d34f3e87218ccfcd\L\00000004.@ 	gefunden: Rootkit.Win32.Sirefef!E2
C:\RECYCLER\S-1-5-18\$4326bb3558bc3f06d34f3e87218ccfcd\U\00000008.@ 	gefunden: Trojan.Dropper.Win32.Miner.AMN!E1
C:\Dokumente und Einstellungen\flo\Lokale Einstellungen\temp\jar_cache2738727237457515325.tmp -> zagruzische.class 	gefunden: Exploit.Java.CVE-2011!E2
C:\Dokumente und Einstellungen\flo\Lokale Einstellungen\temp\jar_cache2738727237457515325.tmp -> pipka.class 	gefunden: Exploit.Java.CVE-2011!E2
C:\Dokumente und Einstellungen\flo\Lokale Einstellungen\temp\jar_cache2738727237457515325.tmp -> farel.class 	gefunden: Exploit.Java.CVE-2011!E2
C:\Dokumente und Einstellungen\flo\Lokale Einstellungen\temp\jar_cache2738727237457515325.tmp -> lipricon.class 	gefunden: Exploit.Java.CVE-2011!E2
C:\Dokumente und Einstellungen\flo\Lokale Einstellungen\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\27\48f2159b-30de4ca1 -> Atica.class 	gefunden: JAVA.Agent!E2
C:\Dokumente und Einstellungen\flo\Lokale Einstellungen\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\27\48f2159b-30de4ca1 -> New.class 	gefunden: Virus.Java.Exploit!E2
C:\Dokumente und Einstellungen\flo\Lokale Einstellungen\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\27\48f2159b-30de4ca1 -> Third.class 	gefunden: JAVA.Agent!E2
D:\downloads\klg.exe -> $SYSDIR\sfklgcp.exe 	gefunden: not-a-virus:Monitor.Win32.Sfkeylogger!E2
D:\downloads\klg.exe -> $SYSDIR\sfklg.dll 	gefunden: not-a-virus:Monitor.Win32.Sfkeylogger.a!E2

Gescannt	604248
Gefunden	48

Scan Ende:	09.09.2012 17:06:57
Scan Zeit:	7:10:35
         

Alt 09.09.2012, 22:45   #11
t'john
/// Helfer-Team
 
gvu / ukash-trojaner - Standard

gvu / ukash-trojaner



Zitat:
C:\RECYCLER\S-1-5-18\$4326bb3558bc3f06d34f3e87218ccfcd\U\00000004.@ gefunden: Trojan.Win32.Sirefef!E2
C:\RECYCLER\S-1-5-21-1644491937-861567501-839522115-1003\$4326bb3558bc3f06d34f3e87218ccfcd\n gefunden: Trojan.Win32.Sirefef!E2
C:\RECYCLER\S-1-5-18\$4326bb3558bc3f06d34f3e87218ccfcd\n gefunden: Trojan.Win32.Sirefef!E2
C:\RECYCLER\S-1-5-18\$4326bb3558bc3f06d34f3e87218ccfcd\U\80000000.@ gefunden: Trojan.Win32.Sirefef.AMN!E1
C:\RECYCLER\S-1-5-18\$4326bb3558bc3f06d34f3e87218ccfcd\U\80000032.@ gefunden: Trojan.Win32.Sirefef.AMN!E1
C:\RECYCLER\S-1-5-18\$4326bb3558bc3f06d34f3e87218ccfcd\U\000000cb.@ gefunden: Backdoor.Win32.ZAccess.AMN!E1
C:\RECYCLER\S-1-5-18\$4326bb3558bc3f06d34f3e87218ccfcd\L\00000004.@ gefunden: Rootkit.Win32.Sirefef!E2
C:\RECYCLER\S-1-5-18\$4326bb3558bc3f06d34f3e87218ccfcd\U\00000008.@ gefunden: Trojan.Dropper.Win32.Miner.AMN!E1
Diese Infektion ist neu dazugekommen.
Du haettest lieber hier weitergemacht.




Schlechte Nachrichten!

Du hast mehr als eine schwere Infektion auf Deinem Rechner. http://www.trojaner-board.de/56634-rootkits.html
Er ist kompromittiert und ist nicht mehr vertrauenswuerdig. Du solletest von einem sauberen System aus alle deine Passwoerter aendern.
Ich empfehle dir dringendst den PC vom Netz zu trennen und neu aufzusetzen.


Anleitungen zum Neuaufsetzen (bebildert) > Windows 7 neu aufsetzen > Vista > XP

1. Datenrettung:





2. Formatieren, Windows neu instalieren:





3. PC absichern: http://www.trojaner-board.de/96344-a...-rechners.html
ich werde außerdem noch weitere punkte dazu posten.
4. alle Passwörter ändern!
5. nach PC Absicherung, die gesicherten Daten prüfen und falls sauber: zurückspielen.
__________________
Mfg, t'john
Das TB unterstützen

Alt 24.04.2013, 17:35   #12
t'john
/// Helfer-Team
 
gvu / ukash-trojaner - Standard

gvu / ukash-trojaner



Fehlende Rückmeldung

Gibt es Probleme beim Abarbeiten obiger Anleitung?

Um Kapazitäten für andere Hilfesuchende freizumachen, lösche ich dieses Thema aus meinen Benachrichtigungen.

Solltest Du weitermachen wollen, schreibe mir eine PN oder eröffne ein neues Thema.
http://www.trojaner-board.de/69886-a...-beachten.html


Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner sauber ist.
__________________
Mfg, t'john
Das TB unterstützen

Antwort

Themen zu gvu / ukash-trojaner
andere, anderen, cftmon.lnk, go_0molg.pad, gvu trojaner, gvu trojaner 2.07, gvu trojaner entfernen, gvu trojaner mit webcam, opfer, reveton.c, ukash-trojaner, version, webcam gvu trojaner, webcamfenster



Ähnliche Themen: gvu / ukash-trojaner


  1. GVU Trojaner hat Windows 7 gesperrt - Webcam - paysafecard oder ukash - Trojaner-Board
    Plagegeister aller Art und deren Bekämpfung - 26.06.2013 (3)
  2. Ukash Trojaner
    Plagegeister aller Art und deren Bekämpfung - 21.12.2012 (9)
  3. Ukash-Trojaner
    Plagegeister aller Art und deren Bekämpfung - 08.11.2012 (12)
  4. Ukash GVU Trojaner
    Plagegeister aller Art und deren Bekämpfung - 03.11.2012 (11)
  5. UKASH BKA-Trojaner
    Log-Analyse und Auswertung - 01.11.2012 (22)
  6. BKA Trojaner Ukash
    Log-Analyse und Auswertung - 20.10.2012 (7)
  7. BKA/UKASH - Trojaner
    Plagegeister aller Art und deren Bekämpfung - 16.08.2012 (1)
  8. Ukash Trojaner
    Log-Analyse und Auswertung - 28.07.2012 (25)
  9. GVU Trojaner 2.07? Ukash
    Plagegeister aller Art und deren Bekämpfung - 14.07.2012 (1)
  10. Ukash Trojaner
    Plagegeister aller Art und deren Bekämpfung - 12.06.2012 (2)
  11. Ukash- Trojaner
    Mülltonne - 04.06.2012 (2)
  12. BKA-trojaner, ukash
    Log-Analyse und Auswertung - 20.01.2012 (10)
  13. BKA-Ukash-Trojaner
    Log-Analyse und Auswertung - 04.08.2011 (1)
  14. BKA Trojaner Ukash
    Log-Analyse und Auswertung - 14.05.2011 (1)
  15. Ukash-BKA Trojaner
    Log-Analyse und Auswertung - 06.05.2011 (68)
  16. Ukash - BKA - Trojaner
    Log-Analyse und Auswertung - 02.05.2011 (25)
  17. BKA-Ukash-Trojaner
    Plagegeister aller Art und deren Bekämpfung - 29.04.2011 (3)

Zum Thema gvu / ukash-trojaner - hallo, bin nun schon zum zweiten mal opfer des ukash-trojaners - jetzt aber in einer anderen version (ist die schon bekannt?), siehe anlage. was kann/soll ich tun? danke schon mal - gvu / ukash-trojaner...
Archiv
Du betrachtest: gvu / ukash-trojaner auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.