Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
AW: Bundespolizei-Ukash

AW: Bundespolizei-Ukash


Log-Analyse und Auswertung: AW: Bundespolizei-Ukash

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 20.09.2011, 11:35   #1
CSS
 
AW: Bundespolizei-Ukash - Standard

AW: Bundespolizei-Ukash


Guten tag zusammen,
habe folgendes Problem den BKA Ukash Virus mir eingefangen etliche Schritte von euch befolgt mit OTL gescannt,gefixt doch Virus geht nicht weck hier ein kleiner Anhang hoffe auf eure Hilfe mfg CSS


Letzter OTL Scan:OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 20.09.2011 12:00:56 - Run 5
OTL by OldTimer - Version 3.2.26.7 Folder = F:\
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,67 Gb Available Physical Memory | 83,31% Memory free
4,00 Gb Paging File | 3,68 Gb Available in Paging File | 92,12% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 48,83 Gb Total Space | 3,54 Gb Free Space | 7,25% Space Free | Partition Type: NTFS
Drive D: | 62,96 Gb Total Space | 36,96 Gb Free Space | 58,70% Space Free | Partition Type: NTFS
Drive F: | 999,70 Mb Total Space | 998,83 Mb Free Space | 99,91% Space Free | Partition Type: FAT
 
Computer Name: ALEXANDER-PC | User Name: Alexander | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - F:\OTL.exe (OldTimer Tools)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\cmd.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (QuestService Service) -- File not found
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (TomTomHOMEService) -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
SRV - (ICQ Service) -- C:\Programme\ICQ6Toolbar\ICQ Service.exe ()
SRV - (HFGService) -- C:\Windows\System32\HFGService.dll (CSR, plc)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (StkSSrv) -- C:\Windows\System32\StkCSrv.exe (Syntek America Inc.)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (SCR3XX2K) -- C:\Windows\System32\drivers\SCR3XX2K.sys (SCM Microsystems Inc.)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (RTL8187) -- C:\Windows\System32\drivers\RTL8187.sys (Realtek Semiconductor Corporation )
DRV - (BthAudioHF) -- C:\Windows\System32\drivers\BthAudioHF.sys (CSR, plc)
DRV - (csr_a2dp) -- C:\Windows\System32\drivers\bthav.sys (CSR, plc)
DRV - (BthAvrcp) -- C:\Windows\System32\drivers\BthAvrcp.sys (CSR, plc)
DRV - (netw5v32) Intel(R) -- C:\Windows\System32\drivers\netw5v32.sys (Intel Corporation)
DRV - (FlashUSB) -- C:\Windows\System32\drivers\FlashUsb.sys (Danish Wireless Design A/S)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (MTsensor) -- C:\Windows\System32\drivers\ATKACPI.sys (ATK0100)
DRV - (StkCMini) -- C:\Windows\System32\drivers\StkCMini.sys (Syntek)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (BDA_Loader_225) -- C:\Windows\System32\drivers\BDA_Loader_225.sys (WideView Technology Inc.)
DRV - (BDA_Capture_225) -- C:\Windows\System32\drivers\BDA_Capture_225.sys (WideViewer Electronics CO., LTD)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (smserial) -- C:\Windows\System32\drivers\smserial.sys (Motorola Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\prxtbWin2.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
 
 
IE - HKU\.DEFAULT\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\S-1-5-18\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1074318070-1128809669-2621604759-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKU\S-1-5-21-1074318070-1128809669-2621604759-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1074318070-1128809669-2621604759-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-1074318070-1128809669-2621604759-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 88 5E 20 CA 6F 9C CA 01 [binary data]
IE - HKU\S-1-5-21-1074318070-1128809669-2621604759-1000\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-1074318070-1128809669-2621604759-1000\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\prxtbWin2.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-1074318070-1128809669-2621604759-1000\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKU\S-1-5-21-1074318070-1128809669-2621604759-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1074318070-1128809669-2621604759-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://start.icq.com/"
FF - prefs.js..extensions.enabledItems: {8141440E-08F0-4339-9959-5C31C6A69F23}:4.2.0.5360
FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.4.2b
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:3.3.3.2
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2
FF - prefs.js..keyword.URL: "chrome://browser-region/locale/region.properties"
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: D:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll ()
FF - HKCU\Software\MozillaPlugins\@www.flatcast.com/FlatViewer 5.2: C:\PROGRA~1\MOZILL~1\plugins\NpFv522.dll (1 mal 1 Software GmbH)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{E63605FC-D583-4C81-867F-9457BDB3EA1B}: C:\Program Files\Web Search Operator\4.2.0.2150\FF [2009.12.30 23:09:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{8141440E-08F0-4339-9959-5C31C6A69F23}: C:\Program Files\Automated Content Enhancer\4.2.0.5360\FF [2009.12.30 23:10:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{E889F097-B0BE-471B-89AD-B86B6F04B506}: C:\Program Files\Customized Platform Advancer\4.2.0.2050\FF [2009.12.30 23:10:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\support@predictad.com: C:\Program Files\AutocompletePro\support@predictad.com [2010.03.20 12:23:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.08.09 20:34:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2011.09.07 16:49:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2011.08.09 20:34:36 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2011.09.07 16:49:17 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2011.08.09 20:34:36 | 000,000,000 | ---D | M]
 
[2010.07.15 16:40:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alexander\AppData\Roaming\mozilla\Extensions
[2010.07.15 16:40:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alexander\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2011.08.19 20:25:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alexander\AppData\Roaming\mozilla\Firefox\Profiles\8c6qhwfb.default\extensions
[2011.08.19 20:25:54 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Alexander\AppData\Roaming\mozilla\Firefox\Profiles\8c6qhwfb.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011.08.15 18:36:50 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\Alexander\AppData\Roaming\mozilla\Firefox\Profiles\8c6qhwfb.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2010.11.30 21:08:04 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Alexander\AppData\Roaming\mozilla\Firefox\Profiles\8c6qhwfb.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.05.09 19:45:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alexander\AppData\Roaming\mozilla\Firefox\Profiles\9qi5rydk.default\extensions
[2011.05.09 19:45:03 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Alexander\AppData\Roaming\mozilla\Firefox\Profiles\9qi5rydk.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.11.30 18:03:21 | 000,000,000 | ---D | M] (DVDVideoSoftTB Toolbar) -- C:\Users\Alexander\AppData\Roaming\mozilla\Firefox\Profiles\9qi5rydk.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2010.11.30 21:08:04 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Alexander\AppData\Roaming\mozilla\Firefox\Profiles\9qi5rydk.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010.07.05 20:42:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alexander\AppData\Roaming\mozilla\Firefox\Profiles\9qi5rydk.default\extensions\{d04b0b40-3dab-4f0b-97a6-04ec3eddbfb0}
[2011.05.17 11:23:28 | 000,005,212 | ---- | M] () -- C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\8c6qhwfb.default\searchplugins\ecosia.xml
[2011.09.18 22:44:13 | 000,000,950 | ---- | M] () -- C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\8c6qhwfb.default\searchplugins\icqplugin-1.xml
[2011.08.28 10:14:09 | 000,000,950 | ---- | M] () -- C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\8c6qhwfb.default\searchplugins\icqplugin-2.xml
[2011.09.04 13:31:26 | 000,000,950 | ---- | M] () -- C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\8c6qhwfb.default\searchplugins\icqplugin-3.xml
[2011.09.07 16:49:29 | 000,000,950 | ---- | M] () -- C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\8c6qhwfb.default\searchplugins\icqplugin-4.xml
[2011.08.18 21:40:40 | 000,000,168 | ---- | M] () -- C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\8c6qhwfb.default\searchplugins\icqplugin.gif
[2011.08.18 21:40:40 | 000,000,618 | ---- | M] () -- C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\8c6qhwfb.default\searchplugins\icqplugin.src
[2011.06.15 08:20:08 | 000,001,056 | ---- | M] () -- C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\8c6qhwfb.default\searchplugins\icqplugin.xml
[2010.07.05 20:42:08 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010.01.09 20:22:28 | 000,000,000 | ---D | M] (QuestService) -- C:\Programme\Mozilla Firefox\extensions\{AAF6454A-4000-4015-84C1-6CD844C06B19}
() (No name found) -- C:\USERS\ALEXANDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8C6QHWFB.DEFAULT\EXTENSIONS\{D04B0B40-3DAB-4F0B-97A6-04EC3EDDBFB0}.XPI
() (No name found) -- C:\USERS\ALEXANDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8C6QHWFB.DEFAULT\EXTENSIONS\{EF4E370E-D9F0-4E00-B93E-A4F274CFDD5A}.XPI
[2009.09.21 12:00:44 | 001,447,328 | ---- | M] (1 mal 1 Software GmbH) -- C:\Program Files\mozilla firefox\plugins\NpFv522.dll
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (AC-Pro) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Programme\AutocompletePro\AutocompletePro.dll (SimplyGen)
O2 - BHO: (Automated Content Enhancer) - {1D74E9DD-8987-448b-B2CB-67FFF2B8A932} - File not found
O2 - BHO: (Ecosia Class) - {2273A9F3-9D90-47e6-8706-DA7AE77B1552} - C:\Programme\Ecosia\ecosia.dll ()
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\prxtbWin2.dll (Conduit Ltd.)
O2 - BHO: (Customized Platform Advancer) - {42C7C39F-3128-4a17-BDB7-91C46032B5B9} - File not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Content Management Wizard) - {B72681C0-A222-4b21-A0E2-53A5A5CA3D41} - File not found
O2 - BHO: (Textual Content Provider) - {CAC89FF9-34A9-4431-8CFE-292A47F843BC} - File not found
O2 - BHO: (kikin Plugin) - {E601996F-E400-41CA-804B-CD6373A7EEE2} - C:\Programme\kikin\ie_kikin.dll (kikin)
O2 - BHO: (Web Search Operator) - {EB4A577D-BCAD-4b1c-8AF2-9A74B8DD3431} - File not found
O3 - HKLM\..\Toolbar: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\prxtbWin2.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (no name) - {C8F48FC8-3CA1-42B9-8609-F75D7C8B4493} - No CLSID value found.
O3 - HKU\S-1-5-21-1074318070-1128809669-2621604759-1000\..\Toolbar\WebBrowser: (Winload Toolbar) - {40C3CC16-7269-4B32-9531-17F2950FB06F} - C:\Programme\Winload\prxtbWin2.dll (Conduit Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Google Quick Search Box] C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.)
O4 - HKLM..\Run: [HybridTM_A] C:\Programme\HybridTM_IR(A)\RC620_A.exe ()
O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [SMSERIAL] C:\Windows\sm56hlpr.exe (Motorola Inc.)
O4 - HKU\S-1-5-21-1074318070-1128809669-2621604759-1000..\Run: [avupdate] C:\Users\Alexander\AppData\Roaming\jashla.exe (Jason Rattle)
O4 - HKU\S-1-5-21-1074318070-1128809669-2621604759-1000..\Run: [ICQ] File not found
O4 - HKU\S-1-5-21-1074318070-1128809669-2621604759-1000..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Free YouTube Download - C:\Users\Alexander\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Alexander\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : My kikin - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - C:\Programme\kikin\ie_kikin.dll (kikin)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-1074318070-1128809669-2621604759-1000\..Trusted Domains: fritz.box ([]* in Local intranet)
O15 - HKU\S-1-5-21-1074318070-1128809669-2621604759-1000\..Trusted Ranges: Range1 ([*] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKU\S-1-5-21-1074318070-1128809669-2621604759-1000 Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O31 - SafeBoot: UseAlternatShell - 1
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{321f43fd-0866-11df-a468-0017310a68b2}\Shell - "" = AutoRun
O33 - MountPoints2\{321f43fd-0866-11df-a468-0017310a68b2}\Shell\AutoRun\command - "" = F:\USBAutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.09.18 17:37:06 | 000,207,872 | ---- | C] (Jason Rattle) -- C:\Users\Alexander\AppData\Roaming\jashla.exe
[2011.09.15 14:54:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RUBICon
[2011.08.28 02:24:04 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
 
========== Files - Modified Within 30 Days ==========
 
[2011.09.20 11:41:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.09.20 11:41:10 | 1610,162,176 | -HS- | M] () -- C:\hiberfil.sys
[2011.09.20 11:32:37 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.09.20 10:24:13 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.09.20 10:00:46 | 000,657,438 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.09.20 10:00:46 | 000,618,714 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.09.20 10:00:46 | 000,130,810 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.09.20 10:00:46 | 000,107,034 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.09.20 09:25:09 | 000,014,608 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.09.20 09:25:09 | 000,014,608 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.09.20 09:22:00 | 000,001,022 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2011.09.18 17:37:08 | 000,000,008 | ---- | M] () -- C:\Users\Alexander\AppData\Roaming\zdz4priy065rmqh5.dat
[2011.09.18 17:37:06 | 000,207,872 | ---- | M] (Jason Rattle) -- C:\Users\Alexander\AppData\Roaming\jashla.exe
[2011.09.15 20:26:56 | 000,041,948 | ---- | M] () -- C:\Users\Alexander\Desktop\Zwischenablage-31.jpg
[2011.09.15 20:26:34 | 000,010,621 | ---- | M] () -- C:\Users\Alexander\Desktop\e6363c35cd028ce1399801e67d66944ac14f270c_full.jpg
[2011.09.15 20:25:58 | 000,037,755 | ---- | M] () -- C:\Users\Alexander\Desktop\2060785_m3t1w564h376q75v60669_SWITCH_RELOADED_TAFF_HUND_3.jpg
[2011.09.15 14:54:13 | 000,002,573 | ---- | M] () -- C:\Users\Public\Desktop\RUBICon.lnk
[2011.09.11 19:23:16 | 000,197,032 | ---- | M] () -- C:\Users\Alexander\Desktop\IMG_2202.jpg
 
========== Files Created - No Company Name ==========
 
[2011.09.18 17:37:08 | 000,000,008 | ---- | C] () -- C:\Users\Alexander\AppData\Roaming\zdz4priy065rmqh5.dat
[2011.09.15 20:26:55 | 000,041,948 | ---- | C] () -- C:\Users\Alexander\Desktop\Zwischenablage-31.jpg
[2011.09.15 20:26:32 | 000,010,621 | ---- | C] () -- C:\Users\Alexander\Desktop\e6363c35cd028ce1399801e67d66944ac14f270c_full.jpg
[2011.09.15 20:25:56 | 000,037,755 | ---- | C] () -- C:\Users\Alexander\Desktop\2060785_m3t1w564h376q75v60669_SWITCH_RELOADED_TAFF_HUND_3.jpg
[2011.09.15 14:54:13 | 000,002,573 | ---- | C] () -- C:\Users\Public\Desktop\RUBICon.lnk
[2011.09.11 19:23:14 | 000,197,032 | ---- | C] () -- C:\Users\Alexander\Desktop\IMG_2202.jpg
[2011.03.21 13:22:06 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2010.12.05 21:56:11 | 000,000,010 | ---- | C] () -- C:\Windows\WININIT.INI
[2010.12.04 01:16:36 | 000,073,728 | ---- | C] () -- C:\Windows\StkUnist.exe
[2010.11.19 17:37:24 | 000,004,608 | ---- | C] () -- C:\Users\Alexander\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.03.19 14:14:16 | 000,274,432 | ---- | C] () -- C:\Windows\System32\EMRegSys.dll
[2010.03.05 23:45:19 | 000,695,578 | ---- | C] () -- C:\Windows\unins000.exe
[2010.03.05 23:45:19 | 000,000,869 | ---- | C] () -- C:\Windows\unins000.dat
[2010.01.24 22:14:28 | 000,053,248 | ---- | C] () -- C:\Windows\System32\CommonDL.dll
[2010.01.24 22:14:28 | 000,002,412 | ---- | C] () -- C:\Windows\System32\lgAxconfig.ini
[2010.01.16 19:57:25 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009.12.24 15:24:07 | 000,003,688 | ---- | C] () -- C:\Windows\ULEAD32.INI
[2009.12.23 10:11:12 | 003,190,784 | ---- | C] () -- C:\Windows\System32\libavcodec.dll
[2009.12.23 10:11:12 | 000,741,376 | ---- | C] () -- C:\Windows\System32\audxlib.dll
[2009.12.23 10:11:12 | 000,662,016 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009.12.23 10:11:12 | 000,511,488 | ---- | C] () -- C:\Windows\System32\ff_x264.dll
[2009.12.23 10:11:12 | 000,405,504 | ---- | C] () -- C:\Windows\System32\libmplayer.dll
[2009.12.23 10:11:12 | 000,245,760 | ---- | C] () -- C:\Windows\System32\ff_libfaad2.dll
[2009.12.23 10:11:12 | 000,221,184 | ---- | C] () -- C:\Windows\System32\ff_kernelDeint.dll
[2009.12.23 10:11:12 | 000,200,704 | ---- | C] () -- C:\Windows\System32\TomsMoComp_ff.dll
[2009.12.23 10:11:12 | 000,155,648 | ---- | C] () -- C:\Windows\System32\ff_libdts.dll
[2009.12.23 10:11:12 | 000,143,360 | ---- | C] () -- C:\Windows\System32\ff_theora.dll
[2009.12.23 10:11:12 | 000,122,880 | ---- | C] () -- C:\Windows\System32\ff_samplerate.dll
[2009.12.23 10:11:12 | 000,118,784 | ---- | C] () -- C:\Windows\System32\ff_libmad.dll
[2009.12.23 10:11:12 | 000,114,688 | ---- | C] () -- C:\Windows\System32\libmpeg2_ff.dll
[2009.12.23 10:11:12 | 000,097,280 | ---- | C] () -- C:\Windows\System32\ff_realaac.dll
[2009.12.23 10:11:12 | 000,079,872 | ---- | C] () -- C:\Windows\System32\ff_tremor.dll
[2009.12.23 10:11:12 | 000,040,960 | ---- | C] () -- C:\Windows\System32\ff_liba52.dll
[2009.12.23 10:11:12 | 000,038,400 | ---- | C] () -- C:\Windows\System32\ff_unrar.dll
[2009.12.23 10:11:12 | 000,026,624 | ---- | C] () -- C:\Windows\System32\ff_wmv9.dll
[2009.12.23 10:11:12 | 000,007,680 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009.11.30 18:31:54 | 000,040,960 | ---- | C] () -- C:\Windows\System32\HCWxds.dll
[2009.11.09 06:50:28 | 001,945,088 | ---- | C] () -- C:\Windows\System32\avcodec.dll
[2009.11.09 06:50:28 | 000,219,136 | ---- | C] () -- C:\Windows\System32\avformat.dll
[2009.11.09 06:50:28 | 000,022,528 | ---- | C] () -- C:\Windows\System32\avutil.dll
[2009.07.14 10:47:43 | 000,657,438 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2009.07.14 10:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2009.07.14 10:47:43 | 000,130,810 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2009.07.14 10:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009.07.14 06:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 06:33:53 | 000,453,272 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009.07.14 04:05:48 | 000,618,714 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009.07.14 04:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009.07.14 04:05:48 | 000,107,034 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009.07.14 04:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009.07.14 04:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009.07.14 04:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009.07.14 01:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2008.10.07 10:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008.10.07 10:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2006.05.13 22:39:13 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2006.02.08 23:06:00 | 001,662,976 | ---- | C] () -- C:\Windows\System32\nvwdmcpl.dll
[2006.02.08 23:06:00 | 001,519,616 | ---- | C] () -- C:\Windows\System32\nwiz.exe
[2006.02.08 23:06:00 | 001,466,368 | ---- | C] () -- C:\Windows\System32\nview.dll
[2006.02.08 23:06:00 | 001,339,392 | ---- | C] () -- C:\Windows\System32\nvdspsch.exe
[2006.02.08 23:06:00 | 001,019,904 | ---- | C] () -- C:\Windows\System32\nvwimg.dll
[2006.02.08 23:06:00 | 000,466,944 | ---- | C] () -- C:\Windows\System32\nvshell.dll
[2006.02.08 23:06:00 | 000,442,368 | ---- | C] () -- C:\Windows\System32\nvappbar.exe
[2005.05.26 17:12:26 | 000,065,536 | ---- | C] () -- C:\Windows\sm56spn.dll
[2005.05.26 17:12:26 | 000,065,536 | ---- | C] () -- C:\Windows\sm56itl.dll
[2005.05.26 17:12:26 | 000,065,536 | ---- | C] () -- C:\Windows\sm56ger.dll
[2005.05.26 17:12:26 | 000,065,536 | ---- | C] () -- C:\Windows\sm56fra.dll
[2005.05.26 17:12:26 | 000,065,536 | ---- | C] () -- C:\Windows\sm56eng.dll
[2005.05.26 17:12:26 | 000,065,536 | ---- | C] () -- C:\Windows\sm56brz.dll
[2005.05.26 17:12:26 | 000,049,152 | ---- | C] () -- C:\Windows\sm56jpn.dll
[2005.05.26 17:12:26 | 000,045,056 | ---- | C] () -- C:\Windows\sm56cht.dll
[2005.05.26 17:12:26 | 000,045,056 | ---- | C] () -- C:\Windows\sm56chs.dll
[2000.03.03 21:16:52 | 000,007,424 | R--- | C] () -- C:\Windows\System32\drivers\MMIOPORT.SYS
 
========== LOP Check ==========
 
[2010.04.10 20:13:43 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\AnvSoft
[2010.04.25 21:39:52 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\Any Video Converter
[2010.03.20 17:49:12 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\Ashampoo
[2010.03.20 12:27:45 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\Audio Record Edit Toolbox
[2010.03.20 12:23:26 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\Audio Recorder for Free
[2010.01.09 22:20:43 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\avidemux
[2009.11.28 19:06:45 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\Blitware
[2011.08.16 21:23:24 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\Canon
[2010.12.01 07:48:57 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\DVDVideoSoft
[2011.03.29 07:10:27 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.04.25 21:30:54 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\Engelmann Media
[2010.03.05 23:45:20 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\Flatcast
[2010.01.15 21:23:19 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\HandBrake
[2011.09.07 21:46:17 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\ICQ
[2010.04.29 20:48:38 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\kikin
[2009.12.27 01:06:00 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\LG Electronics
[2011.06.14 13:23:57 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\MagicMaps
[2010.03.31 15:37:59 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\SharePod
[2010.06.09 21:38:44 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\SparweltGutschein
[2010.07.15 16:40:52 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\TomTom
[2010.09.27 17:05:06 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\TubeBox
[2010.05.31 18:28:50 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\WeBrandes
[2010.03.31 15:56:27 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\Youtube Downloader HD
[2011.07.17 06:36:36 | 000,000,456 | ---- | M] () -- C:\Windows\Tasks\Driver Robot.job
[2011.08.19 15:14:53 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< :reg >
 
< [HKEY_Current_User\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] >
 
< "Shell"="explorer.exe" >
 
< >
 
< [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] >
 
< "Shell"="explorer.exe" >
 
< >
 
< :commands >
 
< [emptytemp] >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:30FD0CBD
 
< End of report >
--- --- ---
 

Themen zu AW: Bundespolizei-Ukash
alternate, autorun, avira, bho, black, bonjour, c:\windows\system32\cmd.exe, conduit, converter, defender, desktop, downloader, error, excel.exe, explorer, firefox, format, google earth, helper, home, host.exe, intranet, langs, logfile, mp3, nvlddmkm.sys, object, otl scan, plug-in, problem, realtek, registry, sched.exe, senden, software, version=1.0, virus, webcheck, windows, winload toolbar, youtube downloader


« Kein akuter Fund / Verdacht auf Trojaner / System verhält sich merkwürdig | netzwerkzusammenbrüche nach UDP FLOOD »


Ähnliche Themen: AW: Bundespolizei-Ukash


  1. Ukash Bundespolizei Trojaner
    Plagegeister aller Art und deren Bekämpfung - 05.12.2012 (35)
  2. Bundespolizei-Trojaner (Ukash etc.) auf Win XP
    Plagegeister aller Art und deren Bekämpfung - 27.11.2012 (15)
  3. Trojaner Ukash Bundespolizei
    Plagegeister aller Art und deren Bekämpfung - 20.11.2012 (27)
  4. GUV Trojaner / ukash / Bundespolizei
    Log-Analyse und Auswertung - 26.09.2012 (17)
  5. Ukash Bundespolizei
    Log-Analyse und Auswertung - 10.09.2012 (5)
  6. Bundespolizei Ukash Virus
    Plagegeister aller Art und deren Bekämpfung - 27.07.2012 (5)
  7. Bundespolizei Ukash
    Log-Analyse und Auswertung - 26.07.2012 (17)
  8. UKash Bundespolizei Trojaner
    Plagegeister aller Art und deren Bekämpfung - 26.07.2012 (1)
  9. Bundespolizei Ukash
    Plagegeister aller Art und deren Bekämpfung - 07.06.2012 (2)
  10. Bundespolizei Ukash
    Plagegeister aller Art und deren Bekämpfung - 25.11.2011 (7)
  11. Bundespolizei Ukash PC befallen
    Log-Analyse und Auswertung - 13.11.2011 (30)
  12. Ukash Bundespolizei Trojaner
    Plagegeister aller Art und deren Bekämpfung - 05.11.2011 (1)
  13. Bundespolizei-Ukash
    Log-Analyse und Auswertung - 24.10.2011 (31)
  14. Bundespolizei-Ukash
    Log-Analyse und Auswertung - 09.09.2011 (41)
  15. Bundespolizei und ukash
    Plagegeister aller Art und deren Bekämpfung - 30.07.2011 (1)
  16. Bundespolizei / UKASH
    Log-Analyse und Auswertung - 19.07.2011 (4)
  17. Bundespolizei / UKASH
    Log-Analyse und Auswertung - 05.06.2011 (3)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema AW: Bundespolizei-Ukash - Guten tag zusammen, habe folgendes Problem den BKA Ukash Virus mir eingefangen etliche Schritte von euch befolgt mit OTL gescannt,gefixt doch Virus geht nicht weck hier ein kleiner Anhang hoffe - AW: Bundespolizei-Ukash...
Archiv
Du betrachtest: AW: Bundespolizei-Ukash auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131