Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Bundestrojaner Ukash

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 08.08.2012, 08:28   #1
Roman R
 
Bundestrojaner Ukash - Standard

Bundestrojaner Ukash



Hallo hier mein OTL Log. Ich habe leider schon den 3. Run ich hoffe das geht auch so. Die Extra Datei habe ich auch nicht.
Ich habe zu spät von diesem Forum erfahren. Ich habe schon alles mögliche probiert alle gängigen Virenscanner aus dem abgesicherten Modus raus laufen lassen aber keiner hat den Virus entfernt. Desktop Unlocker von Kasperky und Avira haben auch nicht funktioniert, bzw habe sie nicht zum laufen gebracht. Ich hoffe hier wird mir geholfen. DankeOTL Logfile:
Code:
ATTFilter
OTL logfile created on: 08.08.2012 08:10:43 - Run 3
OTL by OldTimer - Version 3.2.56.0     Folder = C:\Users\isa\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,67 Gb Total Physical Memory | 3,05 Gb Available Physical Memory | 83,04% Memory free
7,34 Gb Paging File | 6,76 Gb Available in Paging File | 92,09% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 287,73 Gb Total Space | 175,94 Gb Free Space | 61,15% Space Free | Partition Type: NTFS
 
Computer Name: ISA-VAIO | User Name: isa | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.08.08 07:36:28 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\isa\Downloads\OTL.exe
PRC - [2012.08.08 07:34:45 | 000,050,477 | ---- | M] () -- C:\Users\isa\Downloads\Defogger.exe
PRC - [2012.07.19 13:26:41 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.08.08 07:34:45 | 000,050,477 | ---- | M] () -- C:\Users\isa\Downloads\Defogger.exe
MOD - [2012.07.19 13:26:41 | 002,003,424 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2011.01.29 06:36:18 | 000,259,192 | ---- | M] (Sony Corporation) [Auto | Stopped] -- C:\Program Files\Sony\VAIO Care\VCPerfService.exe -- (SampleCollector)
SRV - [2012.07.19 13:26:41 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.06.27 12:29:24 | 002,369,960 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2012.01.13 10:55:10 | 001,256,040 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Sony\VAIO Update Common\VUAgent.exe -- (VUAgent)
SRV - [2011.03.28 21:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Stopped] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2011.02.14 14:23:50 | 000,044,736 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Sony\VAIO Care\VCService.exe -- (VCService)
SRV - [2010.11.30 19:08:30 | 002,222,376 | ---- | M] (TeamViewer GmbH) [Auto | Stopped] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2010.05.28 11:14:24 | 000,205,168 | ---- | M] (Sony Corporation) [Auto | Stopped] -- C:\Program Files (x86)\SONY\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010.02.19 19:19:28 | 000,115,568 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe -- (VcmXmlIfHelper)
SRV - [2010.02.19 19:19:24 | 000,529,776 | ---- | M] (Sony Corporation) [Auto | Stopped] -- C:\Programme\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr)
SRV - [2009.12.14 22:06:24 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2009.12.14 22:06:08 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2009.11.30 20:51:18 | 000,571,248 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Sony\VAIO Power Management\SPMService.exe -- (VAIO Power Management)
SRV - [2009.11.25 20:06:06 | 000,821,760 | ---- | M] (Sony Corporation) [Auto | Stopped] -- C:\Programme\Sony\VAIO Smart Network\VSNService.exe -- (VSNService)
SRV - [2009.11.21 01:25:24 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2009.10.24 04:18:54 | 000,360,224 | ---- | M] (Sony Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2009.10.15 17:34:36 | 000,427,304 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe -- (SOHDms)
SRV - [2009.10.15 17:34:36 | 000,091,432 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe -- (SOHPlMgr)
SRV - [2009.10.15 17:34:36 | 000,075,048 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe -- (SOHDs)
SRV - [2009.10.15 17:34:34 | 000,120,104 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe -- (SOHCImp)
SRV - [2009.10.15 17:34:34 | 000,070,952 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe -- (SOHDBSvr)
SRV - [2009.09.14 20:24:08 | 000,206,336 | ---- | M] (Sony Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)
SRV - [2009.09.14 20:24:08 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
SRV - [2009.09.14 19:53:48 | 000,642,416 | ---- | M] (Sony Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe -- (VCFw)
SRV - [2009.09.04 23:35:12 | 000,873,248 | ---- | M] (Broadcom Corporation.) [Auto | Stopped] -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2009.09.01 22:42:00 | 000,361,840 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe -- (VcmINSMgr)
SRV - [2009.08.31 02:59:30 | 000,362,992 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe -- (Roxio Upnp Server 10)
SRV - [2009.08.31 02:59:18 | 000,313,840 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe -- (Roxio UPnP Renderer 10)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008.09.18 11:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe -- (uCamMonitor)
SRV - [2008.07.09 15:43:14 | 000,131,072 | ---- | M] (AccSys GmbH) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\AccSys\AccVSSvc.exe -- (accvssvc)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.05.13 12:15:48 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012.03.08 18:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.07.28 19:37:10 | 000,052,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 12:43:57 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2010.11.20 11:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010.08.12 06:07:46 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009.12.24 22:06:08 | 006,106,624 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009.12.16 22:03:59 | 000,244,736 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2009.12.16 22:03:04 | 007,778,176 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009.12.14 22:06:07 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009.11.21 01:09:48 | 000,537,112 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009.11.18 06:30:44 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2009.11.18 06:30:32 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2009.11.18 06:30:32 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2009.11.18 06:30:21 | 000,052,264 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt)
DRV:64bit: - [2009.11.18 06:23:46 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2009.11.13 22:08:21 | 000,151,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009.11.12 22:16:19 | 000,395,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009.11.12 22:06:44 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009.11.06 22:27:30 | 000,093,696 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimssne64.sys -- (rimspci)
DRV:64bit: - [2009.11.04 11:59:59 | 000,253,488 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2009.09.15 22:09:08 | 000,075,776 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\risdsne64.sys -- (risdsnpe)
DRV:64bit: - [2009.08.19 22:09:21 | 000,011,392 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SFEP.sys -- (SFEP)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.26 15:32:04 | 000,019,968 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)
DRV:64bit: - [2009.03.18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2008.05.02 10:59:08 | 000,008,704 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64j.sys -- (UsbserFilt)
DRV:64bit: - [2008.05.02 10:58:50 | 000,008,704 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev)
DRV:64bit: - [2008.05.02 10:58:48 | 000,023,552 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdcx64)
DRV:64bit: - [2008.05.02 10:58:48 | 000,018,432 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcdx64)
DRV:64bit: - [2007.01.25 19:31:38 | 000,040,208 | ---- | M] (CACE Technologies) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://downloads.phpnuke.org/de/index.php?rvs=google
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://downloads.phpnuke.org/de/index.php?rvs=google
IE - HKLM\..\SearchScopes,DefaultScope = {47379DEE-6FCC-4A14-8195-6E56AB7E8604}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{47379DEE-6FCC-4A14-8195-6E56AB7E8604}: "URL" = hxxp://downloads.phpnuke.org/de/index.php?rvs=google
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SVEC&bmod=EU01
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://downloads.phpnuke.org/de/index.php?rvs=google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKCU\..\SearchScopes,DefaultScope = {92DC3383-EEAC-4245-94F8-F004A51B59DD}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{21E95DEF-69E2-46AD-B455-AAF504D3327B}: "URL" = hxxp://de.shopping.com/?linkin_id=8056363
IE - HKCU\..\SearchScopes\{2A5D8926-4BEF-4668-8978-37C6C42B979D}: "URL" = hxxp://rover.ebay.com/rover/1/707-37276-16609-0/4?satitle={searchTerms}
IE - HKCU\..\SearchScopes\{47379DEE-6FCC-4A14-8195-6E56AB7E8604}: "URL" = hxxp://downloads.phpnuke.org/de/index.php?rvs=google
IE - HKCU\..\SearchScopes\{92DC3383-EEAC-4245-94F8-F004A51B59DD}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SVEC
IE - HKCU\..\SearchScopes\{CC9CCE2D-790C-4B05-9047-D6622F2C45AB}: "URL" = hxxp://www.zinio.com/search/index.jsp?s={searchTerms}&rf=sonyie8search
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Search the web"
FF - prefs.js..browser.search.order.1: "Search the web"
FF - prefs.js..browser.search.selectedEngine: "Search the web"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..keyword.URL: "hxxp://www.browsersafesearch.com?client=mozilla-firefox&cd=UTF-8&search=1&q="
 
FF - user.js..browser.search.selectedEngine: "Search the web"
FF - user.js..browser.search.order.1: "Search the web"
FF - user.js..browser.search.defaultenginename: "Search the web"
FF - user.js..keyword.URL: "hxxp://www.browsersafesearch.com?client=mozilla-firefox&cd=UTF-8&search=1&q="
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@phonostar.de/phonostar: C:\Program Files (x86)\phonostar-Player\npphonostarDetectNP.dll ( )
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\isa\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.02.26 12:07:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.19 13:26:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.02.26 11:56:10 | 000,000,000 | ---D | M]
 
[2010.05.03 08:00:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\isa\AppData\Roaming\mozilla\Extensions
[2010.05.03 08:00:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\isa\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.08.04 22:11:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\isa\AppData\Roaming\mozilla\Firefox\Profiles\m6qbdun4.default\extensions
[2011.11.20 02:04:01 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\isa\AppData\Roaming\mozilla\Firefox\Profiles\m6qbdun4.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.03.31 12:46:33 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\isa\AppData\Roaming\mozilla\Firefox\Profiles\m6qbdun4.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011.02.28 11:28:24 | 000,000,000 | ---D | M] (20-20 3D Viewer) -- C:\Users\isa\AppData\Roaming\mozilla\Firefox\Profiles\m6qbdun4.default\extensions\2020Player@2020Technologies.com
[2011.12.11 23:10:08 | 000,000,000 | ---D | M] (20-20 3D Viewer - IKEA) -- C:\Users\isa\AppData\Roaming\mozilla\Firefox\Profiles\m6qbdun4.default\extensions\2020Player_IKEA@2020Technologies.com
[2011.11.11 18:19:58 | 000,000,000 | ---D | M] (Yontoo Layers) -- C:\Users\isa\AppData\Roaming\mozilla\Firefox\Profiles\m6qbdun4.default\extensions\plugin@yontoo.com
[2011.11.29 23:00:43 | 000,000,000 | ---D | M] (toolplugin) -- C:\Users\isa\AppData\Roaming\mozilla\Firefox\Profiles\m6qbdun4.default\extensions\welcome@toolmin.com
[2012.04.11 08:22:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2010.04.26 20:12:22 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files (x86)\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2012.07.18 21:15:55 | 000,339,888 | ---- | M] () (No name found) -- C:\USERS\ISA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\M6QBDUN4.DEFAULT\EXTENSIONS\{19503E42-CA3C-4C27-B1E2-9CDB2170EE34}.XPI
[2012.07.08 09:29:14 | 000,061,705 | ---- | M] () (No name found) -- C:\USERS\ISA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\M6QBDUN4.DEFAULT\EXTENSIONS\{B749FC7C-E949-447F-926C-3F4EED6ACCFE}.XPI
[2012.08.04 22:11:31 | 000,314,397 | ---- | M] () (No name found) -- C:\USERS\ISA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\M6QBDUN4.DEFAULT\EXTENSIONS\{C50CA3C4-5656-43C2-A061-13E717F73FC8}.XPI
[2012.07.19 13:26:41 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.02.26 11:52:47 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011.12.09 19:23:32 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2012.04.11 08:22:49 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.04.11 08:22:49 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.04.11 08:22:49 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.04.11 08:22:49 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.11.29 23:00:43 | 000,000,158 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search the web.src
[2012.04.11 08:22:49 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.04.11 08:22:49 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2012.07.28 21:33:57 | 000,443,881 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1    www.007guard.com
O1 - Hosts: 127.0.0.1    007guard.com
O1 - Hosts: 127.0.0.1    008i.com
O1 - Hosts: 127.0.0.1    www.008k.com
O1 - Hosts: 127.0.0.1    008k.com
O1 - Hosts: 127.0.0.1    www.00hq.com
O1 - Hosts: 127.0.0.1    00hq.com
O1 - Hosts: 127.0.0.1    010402.com
O1 - Hosts: 127.0.0.1    www.032439.com
O1 - Hosts: 127.0.0.1    032439.com
O1 - Hosts: 127.0.0.1    www.0scan.com
O1 - Hosts: 127.0.0.1    0scan.com
O1 - Hosts: 127.0.0.1    www.1000gratisproben.com
O1 - Hosts: 127.0.0.1    1000gratisproben.com
O1 - Hosts: 127.0.0.1    1001namen.com
O1 - Hosts: 127.0.0.1    www.1001namen.com
O1 - Hosts: 127.0.0.1    100888290cs.com
O1 - Hosts: 127.0.0.1    www.100888290cs.com
O1 - Hosts: 127.0.0.1    www.100sexlinks.com
O1 - Hosts: 127.0.0.1    100sexlinks.com
O1 - Hosts: 127.0.0.1    www.10sek.com
O1 - Hosts: 127.0.0.1    10sek.com
O1 - Hosts: 127.0.0.1    www.1-2005-search.com
O1 - Hosts: 127.0.0.1    1-2005-search.com
O1 - Hosts: 127.0.0.1    www.123fporn.info
O1 - Hosts: 15244 more lines...
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll (Yontoo LLC)
O4:64bit: - HKLM..\Run: [Apoint] C:\Programme\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MarketingTools] C:\Program Files (x86)\Sony\Marketing Tools\MarketingTools.exe (Sony Corporation)
O4 - HKLM..\Run: [noaffvhujpjdcdy] C:\ProgramData\noaffvhu.exe ()
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation)
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKCU..\Run: [EPSON Stylus Photo RX585 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATICLE.EXE /FU "C:\Windows\TEMP\E_SCA24.tmp" /EF "HKCU" File not found
O4 - HKCU..\Run: [noaffvhujpjdcdy] C:\ProgramData\noaffvhu.exe ()
O4 - HKCU..\Run: [ooVoo.exe] C:\Program Files (x86)\ooVoo\oovoo.exe (ooVoo LLC)
O4 - HKCU..\Run: [phonostar-PlayerTimer] C:\Program Files (x86)\phonostar-Player\phonostarTimer.exe ()
O4 - HKCU..\Run: [phonostarTimer] C:\Program Files (x86)\phonostar-Player\phonostarTimer.exe ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\isa\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\isa\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)
O9 - Extra 'Tools' menuitem : Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {4A0F5286-01EE-4345-B553-8902A9251E02} hxxp://webgisrz03.kivbf.de/buehl/com/sp_ingweb_extern.cab (sp_ingweb.Extern)
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} hxxp://webgisrz03.kivbf.de/buehl/com/mgaxctrl.cab (Autodesk MapGuide ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {C5DBAE84-700E-42B6-B93F-BC319F910573} hxxp://webgisrz03.kivbf.de/buehl/com/sp_ingweb_crypt.cab (sp_ingweb.Crypt)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6DD0B22D-C026-4940-9700-1362E8BA5673}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EB67E911-867D-4C13-AE00-E3C7ECA0A89B}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\SysWow64\VESWinlogon.dll (Sony Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{22e970f6-f236-11df-95c1-0024bec68b1b}\Shell - "" = AutoRun
O33 - MountPoints2\{22e970f6-f236-11df-95c1-0024bec68b1b}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\Start.hta
O33 - MountPoints2\{22e970fb-f236-11df-95c1-0024bec68b1b}\Shell - "" = AutoRun
O33 - MountPoints2\{22e970fb-f236-11df-95c1-0024bec68b1b}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\Start.hta
O33 - MountPoints2\{8d753ff6-9cd5-11e1-8ae2-0024bebc934c}\Shell - "" = AutoRun
O33 - MountPoints2\{8d753ff6-9cd5-11e1-8ae2-0024bebc934c}\Shell\AutoRun\command - "" = G:\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.08.08 08:01:02 | 000,000,000 | -HSD | C] -- C:\found.003
[2012.08.03 21:28:49 | 000,000,000 | ---D | C] -- C:\Quarantine
[2012.07.28 23:31:41 | 000,000,000 | ---D | C] -- C:\Users\isa\Desktop\sardu
[2012.07.28 21:47:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2012.07.25 19:05:30 | 000,000,000 | ---D | C] -- C:\bcada991d0db960ebeace0c7af
[2012.07.23 14:38:15 | 000,000,000 | ---D | C] -- C:\Users\isa\Desktop\booking.aspx-Dateien
[2012.07.15 10:51:17 | 000,000,000 | -HSD | C] -- C:\found.002
[2012.07.14 21:26:03 | 000,033,856 | -H-- | C] (LogMeIn, Inc.) -- C:\Windows\SysNative\hamachi.sys
[2012.07.14 21:26:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2012.07.14 21:26:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi
[2012.07.14 12:50:17 | 000,000,000 | ---D | C] -- C:\ProgramData\mbujnipyjkcgjzx
[2012.07.14 11:57:52 | 000,000,000 | ---D | C] -- C:\Users\isa\AppData\Local\DDMSettings
[2012.07.12 20:15:17 | 000,000,000 | ---D | C] -- C:\Users\isa\AppData\Local\{D28422F9-5A5D-4D6C-AB41-6B69B2917183}
[2012.07.12 20:14:55 | 000,000,000 | ---D | C] -- C:\Users\isa\AppData\Local\{85B075EC-BA02-42BF-9198-C26CA7AEBD5E}
[2012.07.12 20:14:55 | 000,000,000 | ---D | C] -- C:\Users\isa\AppData\Local\{2F13E742-5EBF-49D1-89C9-A4EA8816FAF3}
[4 C:\Users\isa\Documents\*.tmp files -> C:\Users\isa\Documents\*.tmp -> ]
[3 C:\Users\isa\Desktop\*.tmp files -> C:\Users\isa\Desktop\*.tmp -> ]
[2 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.08.08 08:07:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.08.08 08:07:03 | 2955,485,184 | -HS- | M] () -- C:\hiberfil.sys
[2012.08.08 08:05:16 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.08.08 07:35:04 | 000,000,168 | ---- | M] () -- C:\Users\isa\defogger_reenable
[2012.08.05 21:32:26 | 001,513,832 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.08.05 21:32:26 | 000,659,574 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.08.05 21:32:26 | 000,620,470 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.08.05 21:32:26 | 000,132,920 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.08.05 21:32:26 | 000,108,652 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.08.05 17:16:02 | 000,013,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.08.05 17:16:02 | 000,013,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.08.04 22:07:11 | 000,009,992 | ---- | M] () -- C:\bootsqm.dat
[2012.08.03 20:57:34 | 000,001,953 | ---- | M] () -- C:\Users\Public\Desktop\CDBurnerXP.lnk
[2012.08.03 07:19:42 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.08.03 07:19:34 | 000,000,306 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2012.07.29 12:05:51 | 547,608,576 | ---- | M] () -- C:\Users\isa\Desktop\sardu.iso
[2012.07.29 11:29:44 | 000,406,920 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.07.28 21:47:02 | 141,819,832 | ---- | M] () -- C:\Users\isa\Desktop\setup_11.0.0.1245.x01_2012_07_28_23_03.exe
[2012.07.28 21:33:57 | 000,443,881 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012.07.26 14:55:53 | 000,017,408 | ---- | M] () -- C:\Users\isa\AppData\Local\WebpageIcons.db
[2012.07.23 14:38:20 | 000,035,853 | ---- | M] () -- C:\Users\isa\Desktop\booking.aspx.htm
[2012.07.17 21:16:53 | 001,331,906 | ---- | M] () -- C:\Users\isa\Desktop\attachment1.pdf
[2012.07.17 21:10:51 | 000,023,478 | ---- | M] () -- C:\Users\isa\Desktop\Angebot Rau-1.pdf
[2012.07.15 11:06:25 | 210,292,736 | ---- | M] () -- C:\Users\isa\Desktop\KWU_1.0.3.upd.iso
[2012.07.14 22:33:10 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.14 12:50:18 | 000,000,051 | ---- | M] () -- C:\ProgramData\ptqegnndbxhhiaf
[2012.07.14 12:21:43 | 000,049,152 | ---- | M] () -- C:\ProgramData\noaffvhu.exe
[2012.07.14 11:59:43 | 004,503,728 | ---- | M] () -- C:\ProgramData\to_r0tsef.pad
[2012.07.14 08:15:51 | 000,280,039 | ---- | M] () -- C:\Users\isa\Desktop\photo.php
[2012.07.09 17:45:43 | 000,029,924 | ---- | M] () -- C:\Windows\SysNative\s000002.dat
[2012.07.09 17:45:36 | 000,000,204 | ---- | M] () -- C:\Windows\SysNative\sstates.sdt
[2012.07.09 17:45:36 | 000,000,040 | ---- | M] () -- C:\Windows\SysNative\sstate_prev.sdt
[4 C:\Users\isa\Documents\*.tmp files -> C:\Users\isa\Documents\*.tmp -> ]
[3 C:\Users\isa\Desktop\*.tmp files -> C:\Users\isa\Desktop\*.tmp -> ]
[2 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.08.08 07:35:04 | 000,000,168 | ---- | C] () -- C:\Users\isa\defogger_reenable
[2012.08.04 22:07:11 | 000,009,992 | ---- | C] () -- C:\bootsqm.dat
[2012.08.01 20:17:29 | 006,631,501 | ---- | C] () -- C:\Users\isa\Desktop\SDC16268.JPG
[2012.07.29 12:05:46 | 547,608,576 | ---- | C] () -- C:\Users\isa\Desktop\sardu.iso
[2012.07.28 21:45:03 | 141,819,832 | ---- | C] () -- C:\Users\isa\Desktop\setup_11.0.0.1245.x01_2012_07_28_23_03.exe
[2012.07.23 14:38:14 | 000,035,853 | ---- | C] () -- C:\Users\isa\Desktop\booking.aspx.htm
[2012.07.17 21:16:53 | 001,331,906 | ---- | C] () -- C:\Users\isa\Desktop\attachment1.pdf
[2012.07.17 21:10:51 | 000,023,478 | ---- | C] () -- C:\Users\isa\Desktop\Angebot Rau-1.pdf
[2012.07.16 13:40:17 | 210,292,736 | ---- | C] () -- C:\Users\isa\Desktop\KWU_1.0.3.upd.iso
[2012.07.14 12:50:18 | 000,049,152 | ---- | C] () -- C:\ProgramData\noaffvhu.exe
[2012.07.14 12:49:30 | 000,000,051 | ---- | C] () -- C:\ProgramData\ptqegnndbxhhiaf
[2012.07.14 11:58:27 | 004,503,728 | ---- | C] () -- C:\ProgramData\to_r0tsef.pad
[2012.07.14 08:15:51 | 000,280,039 | ---- | C] () -- C:\Users\isa\Desktop\photo.php
[2012.07.11 12:55:26 | 000,001,696 | ---- | C] () -- C:\Users\isa\AppData\Local\{ab7eaf32-1dfa-c3b2-a595-2832edd89764}\U\00000001.@
[2012.07.09 17:45:43 | 000,029,924 | ---- | C] () -- C:\Windows\SysNative\s000002.dat
[2012.07.02 13:31:11 | 000,001,696 | ---- | C] () -- C:\Windows\Installer\{ab7eaf32-1dfa-c3b2-a595-2832edd89764}\U\00000001.@
[2012.06.23 20:03:45 | 000,003,584 | ---- | C] () -- C:\Users\isa\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.05.31 21:02:19 | 000,017,408 | ---- | C] () -- C:\Users\isa\AppData\Local\WebpageIcons.db
[2012.03.08 17:22:05 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2012.02.14 18:06:37 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2012.01.29 10:32:47 | 000,000,001 | ---- | C] () -- C:\Windows\SysWow64\SI.bin
[2012.01.11 13:43:04 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{ab7eaf32-1dfa-c3b2-a595-2832edd89764}\@
[2012.01.11 13:43:04 | 000,002,048 | -HS- | C] () -- C:\Users\isa\AppData\Local\{ab7eaf32-1dfa-c3b2-a595-2832edd89764}\@
[2012.01.06 22:50:00 | 000,034,936 | ---- | C] () -- C:\Windows\SysWow64\uninstHelixYUV.exe
[2011.11.14 17:52:56 | 000,000,086 | ---- | C] () -- C:\Windows\WIWWI.ini
[2011.11.07 22:46:10 | 000,001,590 | ---- | C] () -- C:\Users\isa\AppData\Roaming\MyMicroBalanceConfig.ini
[2011.07.24 09:48:41 | 000,110,080 | ---- | C] () -- C:\Windows\SysWow64\advd.dll
[2011.07.24 09:48:41 | 000,023,040 | ---- | C] () -- C:\Windows\SysWow64\auth.dll
[2011.07.24 09:48:40 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll
[2011.06.18 10:35:36 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2010.12.09 19:48:21 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2010.11.19 19:20:18 | 000,000,000 | ---- | C] () -- C:\Users\isa\AppData\Roaming\wklnhst.dat
[2010.08.18 20:03:46 | 000,204,857 | ---- | C] () -- C:\Windows\SysWow64\InstallHelp.dll
[2010.08.18 20:03:45 | 000,111,308 | ---- | C] () -- C:\Windows\SysWow64\GMTUninstall.exe
[2010.05.13 18:27:36 | 000,000,221 | ---- | C] () -- C:\ProgramData\MusicStation.xml
 
========== LOP Check ==========
 
[2012.04.21 09:30:17 | 000,000,000 | ---D | M] -- C:\Users\isa\AppData\Roaming\Aquamarin Haushaltsbuch
[2010.05.27 09:56:21 | 000,000,000 | ---D | M] -- C:\Users\isa\AppData\Roaming\Auslogics
[2010.08.18 19:45:56 | 000,000,000 | ---D | M] -- C:\Users\isa\AppData\Roaming\Bombermaaan
[2012.04.25 17:19:51 | 000,000,000 | ---D | M] -- C:\Users\isa\AppData\Roaming\Canneverbe Limited
[2012.05.13 15:09:43 | 000,000,000 | ---D | M] -- C:\Users\isa\AppData\Roaming\Command & Conquer 3 Tiberium Wars
[2012.06.25 17:29:52 | 000,000,000 | ---D | M] -- C:\Users\isa\AppData\Roaming\concept design
[2012.05.13 12:19:59 | 000,000,000 | ---D | M] -- C:\Users\isa\AppData\Roaming\DAEMON Tools Lite
[2012.08.08 08:06:02 | 000,000,000 | ---D | M] -- C:\Users\isa\AppData\Roaming\Dropbox
[2011.11.20 02:04:10 | 000,000,000 | ---D | M] -- C:\Users\isa\AppData\Roaming\DVDVideoSoft
[2011.11.20 02:04:01 | 000,000,000 | ---D | M] -- C:\Users\isa\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.12.27 14:47:05 | 000,000,000 | ---D | M] -- C:\Users\isa\AppData\Roaming\IrfanView
[2011.08.20 21:31:59 | 000,000,000 | ---D | M] -- C:\Users\isa\AppData\Roaming\Leadertech
[2012.01.06 22:43:04 | 000,000,000 | ---D | M] -- C:\Users\isa\AppData\Roaming\mresreg
[2012.05.31 20:59:01 | 000,000,000 | ---D | M] -- C:\Users\isa\AppData\Roaming\ooVoo Details
[2010.06.17 22:31:31 | 000,000,000 | ---D | M] -- C:\Users\isa\AppData\Roaming\oovooinstaller
[2011.06.12 21:39:53 | 000,000,000 | ---D | M] -- C:\Users\isa\AppData\Roaming\phonostar GmbH
[2011.11.20 19:20:43 | 000,000,000 | ---D | M] -- C:\Users\isa\AppData\Roaming\SoundSpectrum
[2012.07.14 23:27:08 | 000,000,000 | RHSD | M] -- C:\Users\isa\AppData\Roaming\System32
[2010.12.03 17:48:53 | 000,000,000 | ---D | M] -- C:\Users\isa\AppData\Roaming\TeamViewer
[2012.07.28 22:01:28 | 000,000,000 | ---D | M] -- C:\Users\isa\AppData\Roaming\toolplugin
[2012.05.17 19:44:17 | 000,000,000 | ---D | M] -- C:\Users\isa\AppData\Roaming\TS3Client
[2012.05.17 19:43:57 | 000,000,000 | ---D | M] -- C:\Users\isa\AppData\Roaming\ts3overlay
[2010.08.10 14:16:17 | 000,000,000 | ---D | M] -- C:\Users\isa\AppData\Roaming\Unity
[2012.07.22 20:15:32 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
         
--- --- ---

Alt 08.08.2012, 17:27   #2
t'john
/// Helfer-Team
 
Bundestrojaner Ukash - Standard

Bundestrojaner Ukash





Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

  • Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc.
  • Starte die OTL.exe.
    Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
  • Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:


Code:
ATTFilter
:OTL
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC 
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 
IE - HKLM\..\SearchScopes,DefaultScope = {47379DEE-6FCC-4A14-8195-6E56AB7E8604} 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC 
IE - HKLM\..\SearchScopes\{47379DEE-6FCC-4A14-8195-6E56AB7E8604}: "URL" = http://downloads.phpnuke.org/de/index.php?rvs=google 
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 
IE - HKCU\..\SearchScopes,DefaultScope = {92DC3383-EEAC-4245-94F8-F004A51B59DD} 
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC 
IE - HKCU\..\SearchScopes\{21E95DEF-69E2-46AD-B455-AAF504D3327B}: "URL" = http://de.shopping.com/?linkin_id=8056363 
IE - HKCU\..\SearchScopes\{2A5D8926-4BEF-4668-8978-37C6C42B979D}: "URL" = http://rover.ebay.com/rover/1/707-37276-16609-0/4?satitle={searchTerms} 
IE - HKCU\..\SearchScopes\{47379DEE-6FCC-4A14-8195-6E56AB7E8604}: "URL" = http://downloads.phpnuke.org/de/index.php?rvs=google 
IE - HKCU\..\SearchScopes\{92DC3383-EEAC-4245-94F8-F004A51B59DD}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SVEC 
IE - HKCU\..\SearchScopes\{CC9CCE2D-790C-4B05-9047-D6622F2C45AB}: "URL" = http://www.zinio.com/search/index.jsp?s={searchTerms}&rf=sonyie8search 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
FF - prefs.js..browser.search.defaultenginename: "Search the web" 
FF - prefs.js..browser.search.order.1: "Search the web" 
FF - prefs.js..browser.search.selectedEngine: "Search the web" 
FF - prefs.js..browser.search.useDBForOrder: true 
FF - prefs.js..browser.startup.homepage: "http://www.google.de/" 
FF - prefs.js..keyword.URL: "http://www.browsersafesearch.com?client=mozilla-firefox&cd=UTF-8&search=1&q=" 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () 
O1 - Hosts: 127.0.0.1 www.007guard.com 
O1 - Hosts: 127.0.0.1 www.008k.com 
O1 - Hosts: 127.0.0.1 www.00hq.com 
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () 
O4 - HKLM..\Run: [noaffvhujpjdcdy] C:\ProgramData\noaffvhu.exe () 
O4 - HKCU..\Run: [EPSON Stylus Photo RX585 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATICLE.EXE /FU "C:\Windows\Temp\E_SCA24.tmp" /EF "HKCU" File not found 
O4 - HKCU..\Run: [noaffvhujpjdcdy] C:\ProgramData\noaffvhu.exe () 
O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found 
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found 
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found 
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found 
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) 
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) 
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) 
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) 
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) 
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) 
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found 
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found 
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. 
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. 
O32 - HKLM CDRom: AutoRun - 1 
O33 - MountPoints2\{22e970f6-f236-11df-95c1-0024bec68b1b}\Shell - "" = AutoRun 
O33 - MountPoints2\{22e970f6-f236-11df-95c1-0024bec68b1b}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\Start.hta 
O33 - MountPoints2\{22e970fb-f236-11df-95c1-0024bec68b1b}\Shell - "" = AutoRun 
O33 - MountPoints2\{22e970fb-f236-11df-95c1-0024bec68b1b}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\Start.hta 
O33 - MountPoints2\{8d753ff6-9cd5-11e1-8ae2-0024bebc934c}\Shell - "" = AutoRun 
O33 - MountPoints2\{8d753ff6-9cd5-11e1-8ae2-0024bebc934c}\Shell\AutoRun\command - "" = G:\autorun.exe 
 
[2012.07.14 12:50:17 | 000,000,000 | ---D | C] -- C:\ProgramData\mbujnipyjkcgjzx 
[2012.08.03 07:19:34 | 000,000,306 | RHS- | M] () -- C:\ProgramData\ntuser.pol 
[2012.07.14 12:50:18 | 000,000,051 | ---- | M] () -- C:\ProgramData\ptqegnndbxhhiaf 
[2012.07.14 12:21:43 | 000,049,152 | ---- | M] () -- C:\ProgramData\noaffvhu.exe 
[2012.07.14 11:59:43 | 004,503,728 | ---- | M] () -- C:\ProgramData\to_r0tsef.pad 

[2012.08.08 08:05:16 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job 

[2012.08.03 07:19:42 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job 
[2012.07.11 12:55:26 | 000,001,696 | ---- | C] () -- C:\Users\isa\AppData\Local\{ab7eaf32-1dfa-c3b2-a595-2832edd89764}\U\00000001.@ 
[2012.07.02 13:31:11 | 000,001,696 | ---- | C] () -- C:\Windows\Installer\{ab7eaf32-1dfa-c3b2-a595-2832edd89764}\U\00000001.@ 
[2012.01.11 13:43:04 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{ab7eaf32-1dfa-c3b2-a595-2832edd89764}\@ 
[2012.01.11 13:43:04 | 000,002,048 | -HS- | C] () -- C:\Users\isa\AppData\Local\{ab7eaf32-1dfa-c3b2-a595-2832edd89764}\@ 
:Files


ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[emptyflash]
         
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Wenn OTL einen Neustart verlangt, bitte zulassen.
  • Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
    Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\<datum_nummer.log>

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!
__________________

__________________

Alt 08.08.2012, 22:52   #3
Roman R
 
Bundestrojaner Ukash - Standard

Bundestrojaner Ukash



Wow ich bin echt platt. Es hat funktioniert vielen lieben Danke.
Was genau hab ich denn gerade gemacht? Ist der Trojaner jetzt total entfernt, waren noch andere Viren oder Trojaner drauf die ich dadurch entfernt habe.

All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{47379DEE-6FCC-4A14-8195-6E56AB7E8604}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{47379DEE-6FCC-4A14-8195-6E56AB7E8604}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{21E95DEF-69E2-46AD-B455-AAF504D3327B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21E95DEF-69E2-46AD-B455-AAF504D3327B}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2A5D8926-4BEF-4668-8978-37C6C42B979D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2A5D8926-4BEF-4668-8978-37C6C42B979D}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{47379DEE-6FCC-4A14-8195-6E56AB7E8604}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{47379DEE-6FCC-4A14-8195-6E56AB7E8604}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{92DC3383-EEAC-4245-94F8-F004A51B59DD}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{92DC3383-EEAC-4245-94F8-F004A51B59DD}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CC9CCE2D-790C-4B05-9047-D6622F2C45AB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CC9CCE2D-790C-4B05-9047-D6622F2C45AB}\ not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
Prefs.js: "Search the web" removed from browser.search.defaultenginename
Prefs.js: "Search the web" removed from browser.search.order.1
Prefs.js: "Search the web" removed from browser.search.selectedEngine
Prefs.js: true removed from browser.search.useDBForOrder
Prefs.js: "hxxp://www.google.de/" removed from browser.startup.homepage
Prefs.js: "hxxp://www.browsersafesearch.com?client=mozilla-firefox&cd=UTF-8&search=1&q=" removed from keyword.URL
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll moved successfully.
127.0.0.1 www.007guard.com removed from HOSTS file successfully
127.0.0.1 008k.com removed from HOSTS file successfully
127.0.0.1 00hq.com removed from HOSTS file successfully
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\DivXUpdate deleted successfully.
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\noaffvhujpjdcdy deleted successfully.
C:\ProgramData\noaffvhu.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\EPSON Stylus Photo RX585 Series deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\noaffvhujpjdcdy deleted successfully.
File C:\ProgramData\noaffvhu.exe not found.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Nach Microsoft &Excel exportieren\ deleted successfully.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Nach Microsoft E&xel exportieren\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Nach Microsoft &Excel exportieren\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Nach Microsoft E&xel exportieren\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{22e970f6-f236-11df-95c1-0024bec68b1b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22e970f6-f236-11df-95c1-0024bec68b1b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{22e970f6-f236-11df-95c1-0024bec68b1b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22e970f6-f236-11df-95c1-0024bec68b1b}\ not found.
File C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\Start.hta not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{22e970fb-f236-11df-95c1-0024bec68b1b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22e970fb-f236-11df-95c1-0024bec68b1b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{22e970fb-f236-11df-95c1-0024bec68b1b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22e970fb-f236-11df-95c1-0024bec68b1b}\ not found.
File C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\Start.hta not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8d753ff6-9cd5-11e1-8ae2-0024bebc934c}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8d753ff6-9cd5-11e1-8ae2-0024bebc934c}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8d753ff6-9cd5-11e1-8ae2-0024bebc934c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8d753ff6-9cd5-11e1-8ae2-0024bebc934c}\ not found.
File G:\autorun.exe not found.
C:\ProgramData\mbujnipyjkcgjzx folder moved successfully.
C:\ProgramData\ntuser.pol moved successfully.
C:\ProgramData\ptqegnndbxhhiaf moved successfully.
File C:\ProgramData\noaffvhu.exe not found.
C:\ProgramData\to_r0tsef.pad moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job moved successfully.
C:\Users\isa\AppData\Local\{ab7eaf32-1dfa-c3b2-a595-2832edd89764}\U\00000001.@ moved successfully.
C:\Windows\Installer\{ab7eaf32-1dfa-c3b2-a595-2832edd89764}\U\00000001.@ moved successfully.
C:\Windows\Installer\{ab7eaf32-1dfa-c3b2-a595-2832edd89764}\@ moved successfully.
C:\Users\isa\AppData\Local\{ab7eaf32-1dfa-c3b2-a595-2832edd89764}\@ moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\isa\Desktop\cmd.bat deleted successfully.
C:\Users\isa\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: isa
->Temp folder emptied: 1414361251 bytes
->Temporary Internet Files folder emptied: 175638649 bytes
->Java cache emptied: 24479766 bytes
->FireFox cache emptied: 50765611 bytes
->Flash cache emptied: 59560737 bytes

User: Mcx1-ISA-VAIO
->Temp folder emptied: 66532 bytes
->Temporary Internet Files folder emptied: 75817 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3745828 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 110453448 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1.754,00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: isa
->Flash cache emptied: 0 bytes

User: Mcx1-ISA-VAIO

User: Public

Total Flash Files Cleaned = 0,00 mb


OTL by OldTimer - Version 3.2.56.0 log created on 08082012_223822

Files\Folders moved on Reboot...
C:\Users\isa\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...
File C:\Users\isa\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!

Registry entries deleted on Reboot...
__________________

Alt 09.08.2012, 08:34   #4
t'john
/// Helfer-Team
 
Bundestrojaner Ukash - Standard

Bundestrojaner Ukash



Nein, wir sind noch nicht ferig, ich sage bescheid

Sehr gut!

Wie laeuft der Rechner?

1. Schritt
Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Malwarebytes Anti-Malware
- Anwendbar auf Windows 2000, XP, Vista und 7.
- Installiere das Programm in den vorgegebenen Pfad.
- Aktualisiere die Datenbank!
- Aktiviere "Komplett Scan durchführen" => Scan.
- Wähle alle verfügbaren Laufwerke (ausser CD/DVD) aus und starte den Scan.
- Funde bitte löschen lassen oder in Quarantäne.
- Wenn der Scan beendet ist, klicke auf "Zeige Resultate".
danach:

2. Schritt

Downloade Dir bitte AdwCleaner auf deinen Desktop.

  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Search.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.
__________________
Mfg, t'john
Das TB unterstützen

Alt 10.08.2012, 10:24   #5
Roman R
 
Bundestrojaner Ukash - Standard

Bundestrojaner Ukash



Hallo hier die beiden Logs:
Vielen Danke nochmal

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.08.10.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
isa :: ISA-VAIO [Administrator]

Schutz: Aktiviert

10.08.2012 09:10:53
mbam-log-2012-08-10 (09-10-53).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 363914
Laufzeit: 38 Minute(n), 3 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

# AdwCleaner v1.800 - Logfile created 08/10/2012 at 10:14:35
# Updated 01/08/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : isa - ISA-VAIO
# Running from : C:\Users\isa\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\Users\isa\AppData\LocalLow\boost_interprocess
Folder Found : C:\Users\isa\AppData\Roaming\Mozilla\Firefox\Profiles\m6qbdun4.default\extensions\plugin@yontoo.com
Folder Found : C:\Users\isa\AppData\Roaming\Mozilla\Firefox\Profiles\m6qbdun4.default\extensions\welcome@toolmin.com
Folder Found : C:\ProgramData\Tarma Installer
Folder Found : C:\Program Files (x86)\Yontoo Layers Runtime

***** [Registry] *****

Key Found : HKCU\Software\Softonic
Key Found : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Layers
Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1
Key Found : HKLM\SOFTWARE\DT Soft
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
[x64] Key Found : HKCU\Software\Softonic
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
[x64] Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Api
[x64] Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
[x64] Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Layers
[x64] Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1
[x64] Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
[x64] Key Found : HKLM\SOFTWARE\Tarma Installer

***** [Registre - GUID] *****

Key Found : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DFEFCDEE-CF1A-4FC8-89AF-189327213627}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Found : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Found : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DFEFCDEE-CF1A-4FC8-89AF-189327213627}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DFEFCDEE-CF1A-4FC8-89AF-189327213627}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.7601.17514

[OK] Registry is clean.

-\\ Mozilla Firefox v14.0.1 (de)

Profile name : default
File : C:\Users\isa\AppData\Roaming\Mozilla\Firefox\Profiles\m6qbdun4.default\prefs.js

Found : user_pref("browser.search.defaultenginename", "Search the web");
Found : user_pref("browser.search.order.1", "Search the web");
Found : user_pref("browser.search.selectedEngine", "Search the web");

*************************

AdwCleaner[R1].txt - [5139 octets] - [10/08/2012 10:14:35]

########## EOF - C:\AdwCleaner[R1].txt - [5267 octets] ##########


Alt 10.08.2012, 13:23   #6
t'john
/// Helfer-Team
 
Bundestrojaner Ukash - Standard

Bundestrojaner Ukash



Sehr gut!


  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Delete.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.




danach:


Malware-Scan mit Emsisoft Anti-Malware

Lade die Gratisversion von => Emsisoft Anti-Malware herunter und installiere das Programm.
Lade über Jetzt Updaten die aktuellen Signaturen herunter.
Wähle den Freeware-Modus aus.

Wähle Detail Scan und starte über den Button Scan die Überprüfung des Computers.
Am Ende des Scans nichts loeschen lassen!. Mit Klick auf Bericht speichern das Logfile auf dem Desktop speichern und hier in den Thread posten.

Anleitung: http://www.trojaner-board.de/103809-...i-malware.html
__________________
--> Bundestrojaner Ukash

Alt 10.08.2012, 20:25   #7
Roman R
 
Bundestrojaner Ukash - Standard

Bundestrojaner Ukash



Hier die beiden logs

# AdwCleaner v1.800 - Logfile created 08/10/2012 at 13:56:54
# Updated 01/08/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : isa - ISA-VAIO
# Running from : C:\Users\isa\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Users\isa\AppData\LocalLow\boost_interprocess
Folder Deleted : C:\Users\isa\AppData\Roaming\Mozilla\Firefox\Profiles\m6qbdun4.default\extensions\plugin@yontoo.com
Folder Deleted : C:\Users\isa\AppData\Roaming\Mozilla\Firefox\Profiles\m6qbdun4.default\extensions\welcome@toolmin.com
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\Program Files (x86)\Yontoo Layers Runtime

***** [Registry] *****

Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1
Key Deleted : HKLM\SOFTWARE\DT Soft
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
[x64] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
[x64] Key Deleted : HKLM\SOFTWARE\Tarma Installer

***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DFEFCDEE-CF1A-4FC8-89AF-189327213627}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DFEFCDEE-CF1A-4FC8-89AF-189327213627}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.7601.17514

[OK] Registry is clean.

-\\ Mozilla Firefox v14.0.1 (de)

Profile name : default
File : C:\Users\isa\AppData\Roaming\Mozilla\Firefox\Profiles\m6qbdun4.default\prefs.js

C:\Users\isa\AppData\Roaming\Mozilla\Firefox\Profiles\m6qbdun4.default\user.js ... Deleted !

Deleted : user_pref("browser.search.defaultenginename", "Search the web");
Deleted : user_pref("browser.search.order.1", "Search the web");
Deleted : user_pref("browser.search.selectedEngine", "Search the web");

*************************

AdwCleaner[R1].txt - [5232 octets] - [10/08/2012 10:14:35]
AdwCleaner[R2].txt - [5292 octets] - [10/08/2012 10:25:12]
AdwCleaner[S1].txt - [264 octets] - [10/08/2012 10:25:21]
AdwCleaner[S2].txt - [264 octets] - [10/08/2012 13:56:34]
AdwCleaner[S3].txt - [4295 octets] - [10/08/2012 13:56:55]

########## EOF - C:\AdwCleaner[S3].txt - [4423 octets] ##########

Emsisoft Anti-Malware - Version 6.6
Letztes Update: 10.08.2012 14:08:15

Scan Einstellungen:

Scan Methode: Detail Scan
Objekte: Rootkits, Speicher, Traces, C:\
Archiv Scan: An
ADS Scan: An

Scan Beginn: 10.08.2012 14:09:31

C:\_OTL\MovedFiles\08082012_223822\C_ProgramData\noaffvhu.exe gefunden: Trojan.Win32.Weelsof.AMN!E1
C:\_OTL\MovedFiles\08082012_223822\C_Users\isa\AppData\Local\{ab7eaf32-1dfa-c3b2-a595-2832edd89764}\U\00000001.@ gefunden: Trojan.Win32.Agent.AMN!E1
C:\_OTL\MovedFiles\08082012_223822\C_Windows\Installer\{ab7eaf32-1dfa-c3b2-a595-2832edd89764}\U\00000001.@ gefunden: Trojan.Win32.Agent.AMN!E1
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP1BCA.tmp\System.Web.Abstractions.dll gefunden: Trojan-Spy.Win32.Zbot!E2

Gescannt 595556
Gefunden 4

Scan Ende: 10.08.2012 15:20:22
Scan Zeit: 1:10:51

Alt 10.08.2012, 20:32   #8
t'john
/// Helfer-Team
 
Bundestrojaner Ukash - Standard

Bundestrojaner Ukash



Sehr gut!

Lasse die Funde loeschen, dann:

Deinstalliere:
Emsisoft Anti-Malware


ESET Online Scanner

Vorbereitung

  • Schließe evtl. vorhandene externe Festplatten und/oder sonstigen Wechselmedien (z. B. evtl. vorhandene USB-Sticks) an den Rechner an.
  • Bitte während des Online-Scans Anti-Virus-Programm und Firewall deaktivieren.
  • Vista/Win7-User: Bitte den Browser unbedingt als Administrator starten.
Los geht's

  • Lade und starte Eset Smartinstaller
  • Haken setzen bei YES, I accept the Terms of Use.
  • Klick auf Start.
  • Haken setzen bei Remove found threads und Scan archives.
  • Klick auf Start.
  • Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Finish drücken.
  • Browser schließen.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (manchmal auch C:\Programme\Eset\log.txt) suchen und mit Deinem Editor öffnen.
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset
__________________
Mfg, t'john
Das TB unterstützen

Alt 11.08.2012, 16:14   #9
Roman R
 
Bundestrojaner Ukash - Standard

Bundestrojaner Ukash



Hier der Log, musste ihn 2 mal drüberlaufen lassen hatte beim 1. Mal das Programm deinstalliert und der Log war auch weg. So leider hier der 2.Log.:
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=3758dcc1ea45a4478fe52992755e92b5
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-08-11 11:51:12
# local_time=2012-08-11 01:51:12 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 66 94 3438959 96297484 0 0
# compatibility_mode=8192 67108863 100 0 36741 36741 0 0
# scanned=158829
# found=0
# cleaned=0
# scan_time=18239

Alt 11.08.2012, 16:21   #10
t'john
/// Helfer-Team
 
Bundestrojaner Ukash - Standard

Bundestrojaner Ukash



Scan durchfuehren: http://www.trojaner-board.de/114276-...s-remover.html
__________________
Mfg, t'john
Das TB unterstützen

Alt 11.08.2012, 18:47   #11
Roman R
 
Bundestrojaner Ukash - Standard

Bundestrojaner Ukash



Hier der Log

C:\Windows\system32\ntoskrnl.exe OK
C:\Windows\system32\hal.dll OK
C:\Windows\system32\kdcom.dll OK
C:\Windows\system32\mcupdate_GenuineIntel.dll OK
C:\Windows\system32\PSHED.dll OK
C:\Windows\system32\CLFS.SYS OK
C:\Windows\system32\CI.dll OK
C:\Windows\system32\drivers\Wdf01000.sys OK
C:\Windows\system32\drivers\WDFLDR.SYS OK
C:\Windows\system32\drivers\ACPI.sys OK
C:\Windows\system32\drivers\WMILIB.SYS OK
C:\Windows\system32\drivers\msisadrv.sys OK
C:\Windows\system32\drivers\pci.sys OK
C:\Windows\system32\drivers\vdrvroot.sys OK
C:\Windows\System32\drivers\partmgr.sys OK
C:\Windows\system32\drivers\compbatt.sys OK
C:\Windows\system32\drivers\BATTC.SYS OK
C:\Windows\system32\drivers\volmgr.sys OK
C:\Windows\System32\drivers\volmgrx.sys OK
C:\Windows\System32\drivers\mountmgr.sys OK
C:\Windows\system32\drivers\iaStor.sys OK
C:\Windows\system32\drivers\amdxata.sys OK
C:\Windows\system32\drivers\fltmgr.sys OK
C:\Windows\system32\drivers\fileinfo.sys OK
C:\Windows\System32\Drivers\PxHlpa64.sys OK
C:\Windows\System32\Drivers\Ntfs.sys OK
C:\Windows\System32\Drivers\msrpc.sys OK
C:\Windows\System32\Drivers\ksecdd.sys OK
C:\Windows\System32\Drivers\cng.sys OK
C:\Windows\System32\drivers\pcw.sys OK
C:\Windows\System32\Drivers\Fs_Rec.sys OK
C:\Windows\system32\drivers\ndis.sys OK
C:\Windows\system32\drivers\NETIO.SYS OK
C:\Windows\System32\Drivers\ksecpkg.sys OK
C:\Windows\System32\drivers\tcpip.sys OK
C:\Windows\System32\drivers\fwpkclnt.sys OK
C:\Windows\system32\drivers\volsnap.sys OK
C:\Windows\System32\Drivers\spldr.sys OK
C:\Windows\System32\drivers\rdyboost.sys OK
C:\Windows\System32\Drivers\mup.sys OK
C:\Windows\System32\drivers\hwpolicy.sys OK
C:\Windows\System32\DRIVERS\fvevol.sys OK
C:\Windows\system32\drivers\disk.sys OK
C:\Windows\system32\drivers\CLASSPNP.SYS OK
C:\Windows\system32\DRIVERS\dtsoftbus01.sys OK
C:\Windows\system32\drivers\cdrom.sys OK
C:\Windows\System32\Drivers\Null.SYS OK
C:\Windows\System32\Drivers\Beep.SYS OK
C:\Windows\System32\drivers\vga.sys OK
C:\Windows\System32\drivers\VIDEOPRT.SYS OK
C:\Windows\System32\drivers\watchdog.sys OK
C:\Windows\System32\DRIVERS\RDPCDD.sys OK
C:\Windows\system32\drivers\rdpencdd.sys OK
C:\Windows\system32\drivers\rdprefmp.sys OK
C:\Windows\System32\Drivers\Msfs.SYS OK
C:\Windows\System32\Drivers\Npfs.SYS OK
C:\Windows\system32\DRIVERS\tdx.sys OK
C:\Windows\system32\DRIVERS\TDI.SYS OK
C:\Windows\system32\drivers\afd.sys OK
C:\Windows\System32\DRIVERS\netbt.sys OK
C:\Windows\system32\DRIVERS\wfplwf.sys OK
C:\Windows\system32\DRIVERS\pacer.sys OK
C:\Windows\system32\DRIVERS\vwififlt.sys OK
C:\Windows\system32\DRIVERS\netbios.sys OK
C:\Windows\system32\DRIVERS\wanarp.sys OK
C:\Windows\system32\drivers\termdd.sys OK
C:\Windows\system32\DRIVERS\rdbss.sys OK
C:\Windows\system32\drivers\nsiproxy.sys OK
C:\Windows\system32\drivers\mssmbios.sys OK
C:\Windows\System32\drivers\discache.sys OK
C:\Windows\System32\Drivers\dfsc.sys OK
C:\Windows\system32\drivers\blbdrive.sys OK
C:\Windows\system32\DRIVERS\tunnel.sys OK
C:\Windows\system32\DRIVERS\igdkmd64.sys OK
C:\Windows\System32\drivers\dxgkrnl.sys OK
C:\Windows\System32\drivers\dxgmms1.sys OK
C:\Windows\system32\drivers\HECIx64.sys OK
C:\Windows\system32\drivers\usbehci.sys OK
C:\Windows\system32\drivers\USBPORT.SYS OK
C:\Windows\system32\drivers\HDAudBus.sys OK
C:\Windows\system32\DRIVERS\athrx.sys OK
C:\Windows\system32\DRIVERS\vwifibus.sys OK
C:\Windows\system32\drivers\sdbus.sys OK
C:\Windows\system32\drivers\rimssne64.sys OK
C:\Windows\system32\drivers\risdsne64.sys OK
C:\Windows\system32\DRIVERS\yk62x64.sys OK
C:\Windows\system32\drivers\i8042prt.sys OK
C:\Windows\system32\drivers\kbdclass.sys OK
C:\Windows\system32\drivers\Apfiltr.sys OK
C:\Windows\system32\drivers\mouclass.sys OK
C:\Windows\system32\drivers\SFEP.sys OK
C:\Windows\SysWOW64\drivers\Afc.sys OK
C:\Windows\system32\drivers\Impcd.sys OK
C:\Windows\system32\drivers\intelppm.sys OK
C:\Windows\system32\drivers\CmBatt.sys OK
C:\Windows\system32\drivers\CompositeBus.sys OK
C:\Windows\system32\DRIVERS\AgileVpn.sys OK
C:\Windows\system32\DRIVERS\rasl2tp.sys OK
C:\Windows\system32\DRIVERS\ndistapi.sys OK
C:\Windows\system32\DRIVERS\ndiswan.sys OK
C:\Windows\system32\DRIVERS\raspppoe.sys OK
C:\Windows\system32\DRIVERS\raspptp.sys OK
C:\Windows\system32\DRIVERS\rassstp.sys OK
C:\Windows\system32\DRIVERS\hamachi.sys OK
C:\Windows\system32\drivers\swenum.sys OK
C:\Windows\system32\drivers\ks.sys OK
C:\Windows\system32\drivers\umbus.sys OK
C:\Windows\system32\DRIVERS\usbhub.sys OK
C:\Windows\System32\Drivers\NDProxy.SYS OK
C:\Windows\system32\drivers\RTKVHD64.sys OK
C:\Windows\system32\drivers\portcls.sys OK
C:\Windows\system32\drivers\drmk.sys OK
C:\Windows\system32\drivers\ksthunk.sys OK
C:\Windows\system32\DRIVERS\IntcDAud.sys OK
C:\Windows\system32\DRIVERS\usbccgp.sys OK
C:\Windows\system32\DRIVERS\USBD.SYS OK
C:\Windows\System32\win32k.sys OK
C:\Windows\System32\drivers\Dxapi.sys OK
C:\Windows\System32\Drivers\usbvideo.sys OK
C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys OK
C:\Windows\System32\Drivers\crashdmp.sys OK
C:\Windows\System32\Drivers\dump_iaStor.sys Not Found
C:\Windows\System32\Drivers\dump_dumpfve.sys Not Found
C:\Windows\system32\drivers\hidusb.sys OK
C:\Windows\system32\drivers\HIDCLASS.SYS OK
C:\Windows\system32\drivers\HIDPARSE.SYS OK
C:\Windows\system32\DRIVERS\mouhid.sys OK
C:\Windows\system32\DRIVERS\monitor.sys OK
C:\Windows\System32\TSDDD.dll OK
C:\Windows\System32\cdd.dll OK
C:\Windows\system32\drivers\luafv.sys OK
C:\Windows\system32\drivers\WudfPf.sys OK
C:\Windows\system32\DRIVERS\lltdio.sys OK
C:\Windows\system32\DRIVERS\nwifi.sys OK
C:\Windows\system32\DRIVERS\ndisuio.sys OK
C:\Windows\system32\DRIVERS\rspndr.sys OK
C:\Windows\system32\drivers\HTTP.sys OK
C:\Windows\System32\DRIVERS\srvnet.sys OK
C:\Windows\system32\DRIVERS\bowser.sys OK
C:\Windows\system32\DRIVERS\mrxsmb.sys OK
C:\Windows\system32\DRIVERS\mrxsmb10.sys OK
C:\Windows\system32\DRIVERS\mrxsmb20.sys OK
C:\Windows\System32\DRIVERS\srv2.sys OK
C:\Windows\System32\DRIVERS\srv.sys OK
C:\Windows\system32\DRIVERS\vwifimp.sys OK
C:\Windows\system32\drivers\peauth.sys OK
C:\Windows\System32\Drivers\secdrv.SYS OK
C:\Windows\System32\drivers\tcpipreg.sys OK
C:\Windows\system32\drivers\tdtcp.sys OK
C:\Windows\System32\DRIVERS\tssecsrv.sys OK
C:\Windows\System32\Drivers\RDPWD.SYS OK
C:\Windows\system32\DRIVERS\WUDFRd.sys OK
C:\Windows\system32\drivers\mbam.sys OK
C:\Windows\system32\drivers\spsys.sys OK
C:\Windows\system32\drivers\rm.sys Not Found
C:\Windows\System32\ntdll.dll OK
C:\Windows\System32\smss.exe OK
C:\Windows\System32\apisetschema.dll OK
C:\Windows\System32\autochk.exe OK
C:\Windows\System32\shell32.dll OK
C:\Windows\System32\rpcrt4.dll OK
C:\Windows\System32\advapi32.dll OK
C:\Windows\System32\kernel32.dll OK
C:\Windows\System32\wininet.dll OK
C:\Windows\System32\imagehlp.dll OK
C:\Windows\System32\comdlg32.dll OK
C:\Windows\System32\lpk.dll OK
C:\Windows\System32\usp10.dll OK
C:\Windows\System32\normaliz.dll OK
C:\Windows\System32\iertutil.dll OK
C:\Windows\System32\psapi.dll OK
C:\Windows\System32\shlwapi.dll OK
C:\Windows\System32\clbcatq.dll OK
C:\Windows\System32\user32.dll OK
C:\Windows\System32\gdi32.dll OK
C:\Windows\System32\msctf.dll OK
C:\Windows\System32\Wldap32.dll OK
C:\Windows\System32\setupapi.dll OK
C:\Windows\System32\difxapi.dll OK
C:\Windows\System32\nsi.dll OK
C:\Windows\System32\sechost.dll OK
C:\Windows\System32\oleaut32.dll OK
C:\Windows\System32\urlmon.dll OK
C:\Windows\System32\ws2_32.dll OK
C:\Windows\System32\msvcrt.dll OK
C:\Windows\System32\imm32.dll OK
C:\Windows\System32\ole32.dll OK
C:\Windows\System32\crypt32.dll OK
C:\Windows\System32\KernelBase.dll OK
C:\Windows\System32\comctl32.dll OK
C:\Windows\System32\wintrust.dll OK
C:\Windows\System32\devobj.dll OK
C:\Windows\System32\cfgmgr32.dll OK
C:\Windows\System32\msasn1.dll OK
C:\Windows\SysWOW64\normaliz.dll OK
C:\Windows\system32\basesrv.dll OK
C:\Windows\system32\winsrv.dll OK
C:\Windows\system32\winsrv.dll OK
C:\Windows\system32\sxssrv.dll OK
C:\Windows\system32\basesrv.dll OK
C:\Windows\system32\winsrv.dll OK
C:\Windows\system32\winsrv.dll OK
C:\Windows\system32\sxssrv.dll OK
{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}\InprocServer32 OK
{31261F21-2B16-45EE-BEAB-07C4CFA18B65}\InprocServer32 OK
{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}\InprocServer32 OK
{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 OK
{BB6410D8-F879-4184-9C5C-6A02D16AE0B3}\InprocServer32 OK
{CA1073A2-5F3F-4445-8E5E-7109BDCEDDBE}\InprocServer32 OK
{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0014-0002-0020-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0014-0002-0020-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0014-0002-0021-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0014-0002-0021-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0014-0002-0022-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0014-0002-0022-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0014-0002-0023-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0014-0002-0023-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0014-0002-0024-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0014-0002-0024-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0014-0002-0025-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0014-0002-0025-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0014-0002-0026-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0014-0002-0026-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0014-0002-0027-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0014-0002-0027-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0014-0002-0028-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0014-0002-0028-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0014-0002-0029-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0014-0002-0029-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0014-0002-0030-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0014-0002-0030-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0014-0002-FFFF-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBC}\InprocServer32 OK
{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBC}\InprocServer32 OK
{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBC}\InprocServer32 OK
{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBC}\InprocServer32 OK
{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBC}\InprocServer32 OK
{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBC}\InprocServer32 OK
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}\InprocServer32 OK
{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBC}\InprocServer32 OK
{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBC}\InprocServer32 OK
{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBC}\InprocServer32 OK
{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBC}\InprocServer32 OK
{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBC}\InprocServer32 OK
{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBC}\InprocServer32 OK
{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBC}\InprocServer32 OK
{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBC}\InprocServer32 OK
{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBC}\InprocServer32 OK
{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBC}\InprocServer32 OK
{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBC}\InprocServer32 OK
{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBC}\InprocServer32 OK
{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBC}\InprocServer32 OK
{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBC}\InprocServer32 OK
{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBC}\InprocServer32 OK
{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBC}\InprocServer32 OK
{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBC}\InprocServer32 OK
{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBC}\InprocServer32 OK
{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBC}\InprocServer32 OK
{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBC}\InprocServer32 OK
{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBC}\InprocServer32 OK
{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBC}\InprocServer32 OK
{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBC}\InprocServer32 OK
{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBC}\InprocServer32 OK
{CAFEEFAC-0015-0000-FFFF-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC}\InprocServer32 OK
{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC}\InprocServer32 OK
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC}\InprocServer32 OK
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}\InprocServer32 OK
{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBC}\InprocServer32 OK
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC}\InprocServer32 OK
{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC}\InprocServer32 OK
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC}\InprocServer32 OK
{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBC}\InprocServer32 OK
{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBC}\InprocServer32 OK
{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBC}\InprocServer32 OK
{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBC}\InprocServer32 OK
{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBC}\InprocServer32 OK
{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBC}\InprocServer32 OK
{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBC}\InprocServer32 OK
{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBC}\InprocServer32 OK
{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBC}\InprocServer32 OK
{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBC}\InprocServer32 OK
{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBC}\InprocServer32 OK
{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBC}\InprocServer32 OK
{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBC}\InprocServer32 OK
{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBC}\InprocServer32 OK
{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBC}\InprocServer32 OK
{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBC}\InprocServer32 OK
{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBC}\InprocServer32 OK
{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBC}\InprocServer32 OK
{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBC}\InprocServer32 OK
{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBC}\InprocServer32 OK
{CAFEEFAC-0016-0000-0028-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0016-0000-0028-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0016-0000-0028-ABCDEFFEDCBC}\InprocServer32 OK
{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBC}\InprocServer32 OK
{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}\InprocServer32 OK
{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBC}\InprocServer32 OK
{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBB}\InprocServer32 OK
{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBC}\InprocServer32 OK
{CAFEEFAC-0016-0000-FFFF-ABCDEFFEDCBA}\InprocServer32 OK
{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}\InprocServer32 OK
{D5A55D2D-C59D-42C3-A5BF-4C08EEE74339}\InprocServer32 OK
{E19F9331-3110-11D4-991C-005004D3B3DB}\InprocServer32 OK
{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 OK
{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 OK
{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 OK
{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 OK
C:\Windows\system32\services.exe

-- EOF --

Alt 11.08.2012, 18:49   #12
t'john
/// Helfer-Team
 
Bundestrojaner Ukash - Standard

Bundestrojaner Ukash



Malware mit Combofix beseitigen

Lade Combofix von einem der folgenden Download-Spiegel herunter:

BleepingComputer.com - ForoSpyware.com

und speichere das Programm auf den Desktop, nicht woanders hin, das ist wichtig!
Beachte die ausführliche Original-Anleitung.

Zurzeit ist Combofix auf folgenden Windows-Versionen lauffähig:
  • Windows XP (nur 32-bit)
  • Windows Vista (32-bit/64-bit)
  • Windows 7 (32-bit/64-bit)


Vorbereitung und wichtige Hinweise

  • Bitte während des Scans mit Combofix Antiviren- sowie Antispy-Programme, die Firewall und evtl. vorhandenes Skript-Blocking (Norton) deaktivieren.
  • Liste der zu deaktivierenden Programme.
    Bei Unklarheiten bitte fragen.


  • ComboFix wird Deine Einstellungen in Bezug auf den Bildschirmschoner zurücksetzen.
  • Diese Einstellungen kannst Du nach Beendigung unserer Bereinigung wieder ändern.
  • Mache nichts anderes, wenn es Dir nicht gelungen ist, Combofix laufen zu lassen.
  • Teile uns das mit und warte auf unsere Anweisungen.


  • Starte die Combofix.exe mit Rechtsklick => Als Administrator ausführen und folge den Anweisungen.
  • Während des Laufs von Combofix nichts anderes am Computer machen!
  • Akzeptiere die Bedingungen (Disclaimer) mit "Ja".


  • Sollte Combofix eine aktuellere Version anbieten, Downlaod erlauben.
  • Klicke "Ja", um mit dem Suchlauf nach Malware fortzufahren.
  • Es erscheint eine blaue Eingabeaufforderung, Combofix wird für den Suchlauf vorbereitet.
  • Bitte nicht in dieses Combofix-Fenster klicken.
  • Das könnte Dein System einfrieren oder hängen bleiben lassen.
  • Es wird ein Backup Deiner Registry erstellt.
  • Nun werden die einzelnen Stufen des Programms abgearbeitet, das kann eine Weile dauern.


  • Wenn ComboFix fertig ist, wird es ein Log erstellen (bitte warten, das dauert einen Moment).
  • Unbedingt warten, bis sich das Combofix-Fenster geschlossen hat und das Logfile im Editor erscheint.
  • Bitte poste die Log-Dateien C:\ComboFix.txt und C:\Qoobox\Add-Remove Programs.txt in Code-Tags hier in den Thread.


  • Hinweis: Combofix macht aus verschiedenen Gründen den Internet Explorer zum Standard-Browser und erstellt ein IE-Icon auf dem Desktop.
  • Das IE-Desktop-Icon kannst Du nach der Bereinigung wieder löschen und Deinen bevorzugten Browser wieder als Standard-Browser einstellen.



Combofix nicht auf eigene Faust einsetzen. Wenn keine entsprechende Infektion vorliegt, kann das den Rechner lahmlegen und/oder nachhaltig schädigen!
__________________
Mfg, t'john
Das TB unterstützen

Alt 12.08.2012, 09:17   #13
Roman R
 
Bundestrojaner Ukash - Standard

Bundestrojaner Ukash



hier der Log
Combofix Logfile:
Code:
ATTFilter
ComboFix 12-08-10.02 - isa 12.08.2012   8:57.2.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.3758.2197 [GMT 2:00]
ausgeführt von:: c:\users\isa\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Vorheriger Suchlauf -------
.
c:\cflog\EPLog.txt
C:\install.exe
c:\program files (x86)\phonostar-Player\phonostarTimer.exe
c:\users\isa\Documents\~WRL0636.tmp
c:\users\isa\Documents\~WRL1072.tmp
c:\users\isa\Documents\~WRL1104.tmp
c:\users\isa\Documents\~WRL2769.tmp
c:\windows\iun6002.exe
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\pthreadVC.dll
c:\windows\SysWow64\WanPacket.dll
c:\windows\SysWow64\wpcap.dll
.
.
(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-07-12 bis 2012-08-12  ))))))))))))))))))))))))))))))
.
.
2012-08-12 07:03 . 2012-08-12 07:03	--------	d-----w-	c:\users\Mcx1-ISA-VAIO\AppData\Local\temp
2012-08-12 07:03 . 2012-08-12 07:03	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-08-11 16:40 . 2012-08-11 16:40	328704	----a-w-	c:\windows\system32\services.exe
2012-08-11 05:20 . 2012-08-11 05:20	--------	d-----w-	c:\users\isa\AppData\Local\Macromedia
2012-08-11 05:20 . 2012-08-11 05:27	426184	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-10 20:34 . 2012-08-10 20:34	--------	d-----w-	c:\program files (x86)\ESET
2012-08-10 12:06 . 2012-08-11 05:07	--------	d-----w-	c:\program files (x86)\Emsisoft Anti-Malware
2012-08-08 20:38 . 2012-08-08 20:38	--------	d-----w-	C:\_OTL
2012-08-08 06:01 . 2012-08-08 06:01	--------	d-----w-	C:\found.003
2012-08-03 19:28 . 2012-08-03 19:28	--------	d-----w-	C:\Quarantine
2012-07-28 19:47 . 2012-07-28 19:47	--------	d-----w-	c:\programdata\Kaspersky Lab
2012-07-25 17:05 . 2012-07-25 17:06	--------	d-----w-	C:\bcada991d0db960ebeace0c7af
2012-07-19 16:34 . 2012-07-19 16:34	--------	d-----w-	c:\program files (x86)\GUM7A3F.tmp
2012-07-19 16:34 . 2012-07-19 16:34	4024320	----a-w-	c:\program files (x86)\GUT7ADC.tmp
2012-07-15 08:51 . 2012-07-15 08:51	--------	d-----w-	C:\found.002
2012-07-14 19:26 . 2009-03-18 15:35	33856	---ha-w-	c:\windows\system32\hamachi.sys
2012-07-14 19:26 . 2012-07-14 19:26	--------	d-----w-	c:\program files (x86)\LogMeIn Hamachi
2012-07-14 09:57 . 2012-07-14 09:57	--------	d-----w-	c:\users\isa\AppData\Local\DDMSettings
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-11 05:27 . 2011-12-16 09:24	70344	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-29 18:39 . 2009-07-13 23:19	328704	----a-w-	c:\windows\system32\services.exe.000
2012-06-21 19:18 . 2011-03-28 16:36	19736	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-06-16 06:03 . 2010-04-25 10:26	58957832	----a-w-	c:\windows\system32\MRT.exe
2012-06-02 22:19 . 2012-06-21 11:30	38424	----a-w-	c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 11:30	2428952	----a-w-	c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-21 11:30	57880	----a-w-	c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 11:30	44056	----a-w-	c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 11:30	701976	----a-w-	c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-21 11:30	2622464	----a-w-	c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-21 11:30	99840	----a-w-	c:\windows\system32\wudriver.dll
2012-06-02 13:19 . 2012-06-21 11:29	186752	----a-w-	c:\windows\system32\wuwebv.dll
2012-06-02 13:15 . 2012-06-21 11:29	36864	----a-w-	c:\windows\system32\wuapp.exe
2012-05-31 04:04 . 2012-06-29 18:56	9013136	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{6D97AD5D-611F-437C-82A4-EDEE62E6502F}\mpengine.dll
2012-05-19 17:02 . 2012-05-19 17:02	163048	----a-w-	c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10141.bin
2012-05-18 12:31 . 2012-05-18 12:31	1409	----a-w-	c:\windows\QTFont.for
2012-05-18 06:42 . 2009-07-14 02:36	175616	----a-w-	c:\windows\system32\msclmd.dll
2012-05-18 06:42 . 2009-07-14 02:36	152576	----a-w-	c:\windows\SysWow64\msclmd.dll
2012-05-15 04:01 . 2012-06-14 10:33	1188864	----a-w-	c:\windows\system32\wininet.dll
2012-05-15 03:59 . 2012-06-14 10:33	64512	----a-w-	c:\windows\system32\jsproxy.dll
2012-05-15 03:03 . 2012-06-14 10:33	981504	----a-w-	c:\windows\SysWow64\wininet.dll
2012-05-15 01:32 . 2012-06-14 10:21	3146752	----a-w-	c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49	94208	----a-w-	c:\users\isa\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49	94208	----a-w-	c:\users\isa\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49	94208	----a-w-	c:\users\isa\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49	94208	----a-w-	c:\users\isa\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-04-11 3672384]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2009-11-20 284696]
"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2009-08-26 320880]
"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-06-17 538472]
"PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2009-10-24 597792]
"MarketingTools"="c:\program files (x86)\Sony\Marketing Tools\MarketingTools.exe" [2010-01-25 26624]
"QuickTime Task"="c:\program files (x86)\QuickTime\qttask.exe" [2006-09-01 282624]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-06-27 1996200]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2009-12-01 21:03	98304	----a-w-	c:\windows\System32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-25 133104]
R2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [2009-08-31 362992]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-11 250056]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2009-11-18 52264]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-11-18 35104]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-07-28 52584]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-25 133104]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-19 113120]
R3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2009-08-31 313840]
R3 SOHCImp;VAIO Media plus Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2009-10-15 120104]
R3 SOHDBSvr;VAIO Media plus Database Manager;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe [2009-10-15 70952]
R3 SOHDms;VAIO Media plus Digital Media Server;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2009-10-15 427304]
R3 SOHDs;VAIO Media plus Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2009-10-15 75048]
R3 SOHPlMgr;VAIO Media plus Playlist Manager;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe [2009-10-15 91432]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2009-09-01 361840]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2010-02-19 115568]
R3 X6va008;X6va008;c:\windows\SysWOW64\Drivers\X6va008 [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-08-12 55856]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-05-13 283200]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-06-27 2369960]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-11-20 13336]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2009-10-24 360224]
S2 rimspci;rimspci;c:\windows\system32\drivers\rimssne64.sys [2009-11-06 93696]
S2 risdsnpe;risdsnpe;c:\windows\system32\drivers\risdsne64.sys [2009-09-15 75776]
S2 SampleCollector;VAIO Care Performance Service;c:\program files\Sony\VAIO Care\VCPerfService.exe [2011-01-29 259192]
S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2010-11-30 2222376]
S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2008-09-18 104960]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-12-14 2320920]
S2 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2009-09-14 642416]
S2 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2010-02-19 529776]
S2 VSNService;VSNService;c:\program files\Sony\VAIO Smart Network\VSNService.exe [2009-11-25 821760]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [2009-05-26 19968]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\drivers\HECIx64.sys [2009-12-14 56344]
S3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2009-11-13 151936]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2009-12-16 244736]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [2009-08-19 11392]
S3 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2009-11-30 571248]
S3 VCService;VCService;c:\program files\Sony\VAIO Care\VCService.exe [2011-02-14 44736]
S3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update Common\VUAgent.exe [2012-01-13 1256040]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-11-12 395264]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-08-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-11 05:27]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49	97792	----a-w-	c:\users\isa\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49	97792	----a-w-	c:\users\isa\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49	97792	----a-w-	c:\users\isa\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49	97792	----a-w-	c:\users\isa\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-12-16 166424]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-12-16 390680]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-12-16 410136]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-12-16 9636896]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-01-25 171520]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mStart Page = hxxp://downloads.phpnuke.org/de/index.php?rvs=google
mLocal Page = c:\windows\SysWOW64\blank.htm
DPF: {4A0F5286-01EE-4345-B553-8902A9251E02} - hxxp://webgisrz03.kivbf.de/buehl/com/sp_ingweb_extern.cab
DPF: {C5DBAE84-700E-42B6-B93F-BC319F910573} - hxxp://webgisrz03.kivbf.de/buehl/com/sp_ingweb_crypt.cab
FF - ProfilePath - c:\users\isa\AppData\Roaming\Mozilla\Firefox\Profiles\m6qbdun4.default\
FF - prefs.js: browser.startup.homepage - www.google.de
FF - prefs.js: keyword.URL - hxxp://www.browsersafesearch.com?client=mozilla-firefox&cd=UTF-8&search=1&q=
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-phonostarTimer - c:\program files (x86)\phonostar-Player\phonostarTimer.exe
Wow6432Node-HKCU-Run-phonostar-PlayerTimer - c:\program files (x86)\phonostar-Player\phonostarTimer.exe
HKLM-Run-Apoint - c:\program files (x86)\Apoint\Apoint.exe
HKLM-Run-combofix - c:\combofix\CF30699.3XE
AddRemove-ESET Online Scanner - c:\program files (x86)\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe
AddRemove-HelixYUVCodecs - c:\windows\system32\uninstHelixYUV.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SampleCollector]
"ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=5000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\% C3 Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=c:\programdata\Sony Corporation\VAIO Care\inteldata\""
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va008]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va008"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-3783095568-3784273212-1696736825-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:44,a6,6a,af,da,13,a7,53,f3,33,5d,76,12,35,b0,62,2c,3f,81,3f,00,5a,2d,
   5d,bb,f5,0e,5b,09,58,66,17,16,a2,df,d9,dd,e5,e9,00,51,7f,37,f9,b0,86,e3,20,\
"??"=hex:7e,9e,d2,e8,43,4d,09,b8,b2,a0,72,9d,e7,92,2a,0b
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-08-12  09:06:08
ComboFix-quarantined-files.txt  2012-08-12 07:06
.
Vor Suchlauf: 29 Verzeichnis(se), 228.339.400.704 Bytes frei
Nach Suchlauf: 29 Verzeichnis(se), 227.939.442.688 Bytes frei
.
- - End Of File - - 7D6DDDC370C876B11BBA15BCC6D3E55F
         
--- --- ---

Alt 12.08.2012, 15:56   #14
t'john
/// Helfer-Team
 
Bundestrojaner Ukash - Standard

Bundestrojaner Ukash



Java aktualisieren

Dein Java ist nicht mehr aktuell. Älter Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.
  • Downloade dir bitte die neueste Java-Version von hier
  • Speichere die jxpiinstall.exe
  • Schließe alle laufenden Programme. Speziell deinen Browser.
  • Starte die jxpiinstall.exe. Diese wird den Installer für die neueste Java Version ( Java 7 Update 5 ) herunter laden.
  • Wenn die Installation beendet wurde
    Start --> Systemsteuerung --> Programme und deinstalliere alle älteren Java Versionen.
  • Starte deinen Rechner neu sobald alle älteren Versionen deinstalliert wurden.
Nach dem Neustart
  • Öffne erneut die Systemsteuerung --> Programme und klicke auf das Java Symbol.
  • Im Reiter Allgemein, klicke unter Temporäre Internetdateien auf Einstellungen.
  • Klicke auf Dateien löschen....
  • Gehe sicher das überall ein Hacken gesetzt ist und klicke OK.
  • Klicke erneut OK.


Dann so einstellen: http://www.trojaner-board.de/105213-...tellungen.html

Danach poste (kopieren und einfuegen) mir, was du hier angezeigt bekommst: PluginCheck
__________________
Mfg, t'john
Das TB unterstützen

Alt 12.08.2012, 17:20   #15
Roman R
 
Bundestrojaner Ukash - Standard

Bundestrojaner Ukash



Hallo Danke. Beim Plugincheck sind alle 4 aktuell und grün, musste adobe aktualisieren, jetzt aber sind alle 4 grün und aktuell.

Antwort

Themen zu Bundestrojaner Ukash
autorun, avira, bho, converter, desktop, excel, explorer, firefox, format, google earth, home, kaspersky, locker, logfile, mozilla, mp3, plug-in, programme, realtek, registry, rundll, scan, search the web, server, software, symantec, temp, virenscanner aus, virus, windows, yontoo



Ähnliche Themen: Bundestrojaner Ukash


  1. Bundestrojaner?
    Log-Analyse und Auswertung - 22.11.2013 (7)
  2. Mal wieder Ukash/Bundestrojaner
    Plagegeister aller Art und deren Bekämpfung - 20.06.2013 (7)
  3. Bundestrojaner
    Log-Analyse und Auswertung - 13.06.2013 (1)
  4. Bundestrojaner
    Plagegeister aller Art und deren Bekämpfung - 20.03.2013 (5)
  5. ukash virus - bundestrojaner - schweiz - windows xp
    Plagegeister aller Art und deren Bekämpfung - 03.12.2012 (15)
  6. GVU - Bundestrojaner
    Plagegeister aller Art und deren Bekämpfung - 02.12.2012 (15)
  7. Bundestrojaner, Ukash, Version 1.13
    Plagegeister aller Art und deren Bekämpfung - 23.10.2012 (1)
  8. UKASH-Bundestrojaner hat mich erwischt...
    Plagegeister aller Art und deren Bekämpfung - 18.10.2012 (9)
  9. Bundestrojaner? UKash Aufforderung mit Systemstillegung
    Log-Analyse und Auswertung - 13.10.2012 (45)
  10. UKASH Bundestrojaner - bitte um HILFE!!! Win 7
    Plagegeister aller Art und deren Bekämpfung - 13.10.2012 (1)
  11. Bundestrojaner und UKash
    Plagegeister aller Art und deren Bekämpfung - 28.09.2012 (2)
  12. Ukash Bundestrojaner --- kein Inet; kein Taskmanager
    Plagegeister aller Art und deren Bekämpfung - 25.09.2012 (19)
  13. Nach Entfernung von Ukash Bundestrojaner - Kein LAN mehr!
    Plagegeister aller Art und deren Bekämpfung - 12.08.2012 (18)
  14. Bundestrojaner UKASH auch bei mir :(( HILFE
    Plagegeister aller Art und deren Bekämpfung - 17.07.2012 (7)
  15. Virus blockiert PC! Gema Bundestrojaner Virus - 50 euro Ukash?
    Plagegeister aller Art und deren Bekämpfung - 06.05.2012 (4)
  16. UKash/Bundestrojaner sperrt System
    Log-Analyse und Auswertung - 02.04.2012 (1)
  17. Ukash 100€ Bundestrojaner Windows Vista sp 2
    Plagegeister aller Art und deren Bekämpfung - 17.03.2012 (2)

Zum Thema Bundestrojaner Ukash - Hallo hier mein OTL Log. Ich habe leider schon den 3. Run ich hoffe das geht auch so. Die Extra Datei habe ich auch nicht. Ich habe zu spät von - Bundestrojaner Ukash...
Archiv
Du betrachtest: Bundestrojaner Ukash auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.