Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Gema Ukash Virus Rechner gesperrt

Gema Ukash Virus Rechner gesperrt


Log-Analyse und Auswertung: Gema Ukash Virus Rechner gesperrt

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 09.12.2011, 14:20   #1
el_polloloco
 
Gema Ukash Virus Rechner gesperrt - Standard

Gema Ukash Virus Rechner gesperrt


Hallo, ich habe seit gestern den Gema-Virus auf meinem Rechner. Hab mich auch schon ein bisschen umgeschaut und die Lösung über REATOGO_X_PE gefunden. Bitte um weitere Anweisungen!
Der scan ergab mit OTLPE:

Zitat:
OTL logfile created on: 12/9/2011 1:31:48 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
64bit-Windows Vista (TM) Ultimate Service Pack 1 (Version = 6.0.6001) - Type = System
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 91.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 97.65 Gb Total Space | 24.53 Gb Free Space | 25.12% Space Free | Partition Type: NTFS
Drive D: | 135.22 Gb Total Space | 40.33 Gb Free Space | 29.82% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet003

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2008/01/20 21:50:23 | 000,195,584 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\appmgmts.dll -- (AppMgmt)
SRV - [2011/05/25 02:25:28 | 002,214,504 | ---- | M] (NVIDIA Corporation) [Auto] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/05/20 15:35:16 | 000,378,472 | ---- | M] (NVIDIA Corporation) [Auto] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010/12/22 10:12:29 | 000,028,762 | ---- | M] (MyWebSearch.com) [Auto] -- C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSSVC.EXE -- (MyWebSearchService)
SRV - [2010/07/30 00:51:50 | 000,095,568 | ---- | M] (Devguru Co., Ltd.) [Auto] -- C:\Windows\SysWOW64\dgdersvc.exe -- (dgdersvc)
SRV - [2010/01/03 11:07:48 | 000,246,520 | ---- | M] () [Auto] -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2009/11/01 17:21:57 | 000,107,832 | ---- | M] () [Auto] -- C:\Windows\SysWOW64\PnkBstrB.exe -- (PnkBstrB)
SRV - [2009/11/01 17:21:51 | 000,066,872 | ---- | M] () [Auto] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2009/07/21 08:34:28 | 000,185,089 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/05/13 10:48:18 | 000,108,289 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2008/07/27 13:03:13 | 000,069,632 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/08/24 23:43:54 | 000,203,320 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ssudmdm.sys -- (ssudmdm) SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.)
DRV:64bit: - [2011/08/24 23:43:54 | 000,095,544 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ssudbus.sys -- (dg_ssudbus) SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.)
DRV:64bit: - [2011/01/04 10:11:16 | 000,016,392 | ---- | M] (Teruten Inc) [File_System | On_Demand] -- C:\Windows\System32\drivers\TFsExDisk.sys -- (TFsExDisk)
DRV:64bit: - [2010/11/18 10:03:51 | 000,868,848 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010/07/30 00:51:52 | 000,020,552 | ---- | M] (Devguru Co., Ltd) [Kernel | On_Demand] -- C:\Windows\System32\drivers\dgderdrv.sys -- (dgderdrv)
DRV:64bit: - [2009/12/07 09:23:05 | 000,074,880 | ---- | M] (Avira GmbH) [File_System | Auto] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2008/01/20 21:46:34 | 000,046,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\WpdUsb.sys -- (WpdUsb)
DRV:64bit: - [2007/07/06 11:10:18 | 000,835,072 | ---- | M] (C-Media Inc) [Kernel | On_Demand] -- C:\Windows\System32\drivers\cmudax3.sys -- (cmuda3)
DRV:64bit: - [2007/06/29 08:48:06 | 000,039,424 | ---- | M] (AMD, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\AmdLLD64.sys -- (AmdLLD64)
DRV:64bit: - [2006/09/18 16:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand] -- C:\Windows\System32\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2006/09/18 16:26:37 | 000,034,176 | ---- | M] (ULi Electronics Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ULILAN64.SYS -- (ULi5261)
DRV:64bit: - [2005/07/01 03:22:56 | 000,322,560 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\rt61.sys -- (RT61)
DRV - [2010/07/30 00:51:50 | 000,018,120 | ---- | M] (Devguru Co., Ltd) [Kernel | On_Demand] -- C:\Windows\SysWOW64\drivers\dgderdrv.sys -- (dgderdrv)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Billy_Mayse_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050
IE - HKU\Billy_Mayse_ON_C\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\Billy_Mayse_ON_C\..\URLSearchHook: {00A6FAF6-072E-44cf-8957-5838F569A31D} - Reg Error: Key error. File not found
IE - HKU\Billy_Mayse_ON_C\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - Reg Error: Key error. File not found
IE - HKU\Billy_Mayse_ON_C\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found
IE - HKU\Billy_Mayse_ON_C\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - Reg Error: Key error. File not found
IE - HKU\Billy_Mayse_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0





========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Veoh Web Player Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2653012&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Veoh Web Player Customized Web Search"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.com/webhp?hl=de&tab=iw"
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24

FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@mywebsearch.com/Plugin: C:\Program Files (x86)\MyWebSearch\bar\1.bin\NPMYWEBS.DLL (MyWebSearch.com)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=1.1.9: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)

FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files (x86)\MyWebSearch\bar\1.bin [2010/12/22 10:12:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/09/08 11:25:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/12/07 07:47:15 | 000,000,000 | ---D | M]

[2009/10/13 09:51:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Billy Mayse\AppData\Roaming\Mozilla\Extensions
[2011/12/05 10:03:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Billy Mayse\AppData\Roaming\Mozilla\Firefox\Profiles\ammhwaew.default\extensions
[2011/09/12 05:41:08 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Billy Mayse\AppData\Roaming\Mozilla\Firefox\Profiles\ammhwaew.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011/12/05 10:03:38 | 000,000,000 | ---D | M] (Veoh Web Player Community Toolbar) -- C:\Users\Billy Mayse\AppData\Roaming\Mozilla\Firefox\Profiles\ammhwaew.default\extensions\{cd90bf73-20f6-44ef-993d-bb920303bd2e}
[2011/03/21 23:58:08 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Billy Mayse\AppData\Roaming\Mozilla\Firefox\Profiles\ammhwaew.default\extensions\engine@conduit.com
[2010/06/29 11:22:34 | 000,000,933 | ---- | M] () -- C:\Users\Billy Mayse\AppData\Roaming\Mozilla\Firefox\Profiles\ammhwaew.default\searchplugins\conduit.xml
[2009/10/13 09:54:28 | 000,002,921 | ---- | M] () -- C:\Users\Billy Mayse\AppData\Roaming\Mozilla\Firefox\Profiles\ammhwaew.default\searchplugins\daemon-search.xml
[2011/12/03 09:57:33 | 000,000,944 | ---- | M] () -- C:\Users\Billy Mayse\AppData\Roaming\Mozilla\Firefox\Profiles\ammhwaew.default\searchplugins\icqplugin.xml
[2011/06/08 05:40:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/01/31 15:18:26 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Program Files (x86)\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011/01/29 11:20:16 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/01/30 10:10:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/05/23 05:47:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
File not found (No name found) --
() (No name found) -- C:\USERS\BILLY MAYSE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AMMHWAEW.DEFAULT\EXTENSIONS\STEALTHYEXTENSION@GMAIL.COM.XPI
[2011/09/08 11:25:43 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/02/02 14:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/10/26 13:49:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2010/01/01 03:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010/01/01 03:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2010/01/01 03:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2010/01/01 03:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2010/01/01 03:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2010/01/01 03:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2006/09/18 16:37:24 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (MyWebSearch Search Assistant BHO) - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSSRCAS.DLL (MyWebSearch.com)
O2 - BHO: (mwsBar BHO) - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSBAR.DLL (MyWebSearch.com)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKLM\..\Toolbar: (My Web Search) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSBAR.DLL (MyWebSearch.com)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O3 - HKU\Billy_Mayse_ON_C\..\Toolbar\WebBrowser: (My Web Search) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSBAR.DLL (MyWebSearch.com)
O3:64bit: - HKU\Billy_Mayse_ON_C\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKU\Billy_Mayse_ON_C\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKU\Billy_Mayse_ON_C\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [CmPCIaudio] C:\Windows\Syswow64\CMICNFG3.cpl (C-Media Corporation)
O4 - HKLM..\Run: [6zvcaxR5ls4KB9Y] C:\Users\Billy Mayse\AppData\Roaming\hrt54is56ijfgte.exe (pizzo ripari)
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe (Samsung)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [My Web Search Bar Search Scope Monitor] C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3SRCHMN.EXE (MyWebSearch.com)
O4 - HKLM..\Run: [sysconfig32] File not found
O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKU\Billy_Mayse_ON_C..\Run: [6zvcaxR5ls4KB9Y] C:\Users\Billy Mayse\AppData\Roaming\hrt54is56ijfgte.exe (pizzo ripari)
O4 - HKU\Billy_Mayse_ON_C..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - HKU\Billy_Mayse_ON_C..\Run: [gsu5h5j] C:\Users\Billy Mayse\AppData\Roaming\aeuyh5ae4shye\seryhse5u.exe (pizzo ripari)
O4 - HKU\Billy_Mayse_ON_C..\Run: [ICQ] C:\Program Files (x86)\ICQ7.0\ICQ.exe (ICQ, LLC.)
O4 - HKU\Billy_Mayse_ON_C..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKU\Billy_Mayse_ON_C..\Run: [Microsoft® Windows Update] File not found
O4 - HKU\Billy_Mayse_ON_C..\Run: [SansaDispatch] C:\Users\Billy Mayse\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe (SanDisk Corporation)
O4 - HKU\Billy_Mayse_ON_C..\Run: [VeohPlugin] C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (Veoh Networks)
O4 - HKU\LocalService_ON_C..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\UpdatusUser_ON_C..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistrytools = 1
O7 - HKU\Billy_Mayse_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Billy_Mayse_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O7 - HKU\Billy_Mayse_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 1
O7 - HKU\Billy_Mayse_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\Billy_Mayse_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Billy Mayse\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Billy Mayse\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\Billy Mayse\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Billy Mayse\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files (x86)\ICQ7.0\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files (x86)\ICQ7.0\ICQ.exe (ICQ, LLC.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - File not found
O13:64bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ipp - No CLSID value found
O18:64bit: - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (C:\Users\Billy Mayse\AppData\Roaming\hrt54is56ijfgte.exe) - C:\Users\Billy Mayse\AppData\Roaming\hrt54is56ijfgte.exe (pizzo ripari)
O20 - HKLM Winlogon: UserInit - (C:\Windows\msnmgr.exe) - File not found
O20 - HKU\Billy_Mayse_ON_C Winlogon: Shell - (C:\Users\Billy Mayse\AppData\Roaming\hrt54is56ijfgte.exe) - C:\Users\Billy Mayse\AppData\Roaming\hrt54is56ijfgte.exe (pizzo ripari)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{248f47e0-b808-11de-945b-00161799f4db}\Shell - "" = AutoRun
O33 - MountPoints2\{248f47e0-b808-11de-945b-00161799f4db}\Shell\AutoRun\command - "" = I:\autorun.exe -auto
O33 - MountPoints2\{515182c6-b816-11de-86c6-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{515182c6-b816-11de-86c6-806e6f6e6963}\Shell\AutoRun\command - "" = E:\AUTORUN.EXE
O33 - MountPoints2\{691fbd52-b804-11de-8c0f-df38d91c3586}\Shell\AutoRun\command - "" = H:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe
O33 - MountPoints2\{691fbd52-b804-11de-8c0f-df38d91c3586}\Shell\open\command - "" = H:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe
O33 - MountPoints2\{c5b4fc68-e19d-11de-be11-00161799f4db}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL \RECYCLER\S-1-2-27-3876751312-7555153718-230520475-4131\tTKoxuDJ.exe
O33 - MountPoints2\{c5b4fc68-e19d-11de-be11-00161799f4db}\Shell\explore\command - "" = \RECYCLER\S-1-2-27-3876751312-7555153718-230520475-4131\tTKoxuDJ.exe
O33 - MountPoints2\{c5b4fc68-e19d-11de-be11-00161799f4db}\Shell\Open\command - "" = \RECYCLER\S-1-2-27-3876751312-7555153718-230520475-4131\tTKoxuDJ.exe
O33 - MountPoints2\{de5ab3f9-2bad-11e0-8e8a-00161799f4db}\Shell - "" = AutoRun
O33 - MountPoints2\{de5ab3f9-2bad-11e0-8e8a-00161799f4db}\Shell\AutoRun\command - "" = J:\SamsungKiesInstaller.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found
64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/08 22:52:59 | 002,237,440 | R--- | C] (OldTimer Tools) -- C:\OTLPE.exe
[2011/12/08 22:52:56 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/12/08 15:05:07 | 000,095,744 | ---- | C] (Kassl GmbH) -- C:\Users\Billy Mayse\AppData\Roaming\dwlGina3.dll
[2011/12/08 15:02:30 | 000,368,640 | ---- | C] (pizzo ripari) -- C:\Users\Billy Mayse\AppData\Roaming\hrt54is56ijfgte.exe
[2011/12/08 15:01:36 | 000,000,000 | ---D | C] -- C:\Users\Billy Mayse\AppData\Roaming\aeuyh5ae4shye
[2011/12/08 13:44:11 | 000,000,000 | ---D | C] -- C:\Windows\usgwmt
[2011/12/07 07:47:15 | 000,000,000 | ---D | C] -- C:\Users\Billy Mayse\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Winamp Erkennungs-Plug-in
[2011/12/07 07:47:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Winamp Detect
[2011/12/07 07:47:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Winamp
[2011/12/07 07:47:04 | 000,000,000 | ---D | C] -- C:\Users\Billy Mayse\AppData\Roaming\Winamp
[2011/11/30 11:47:33 | 000,232,464 | ---- | C] (Software FX, Inc.) -- C:\Windows\SysWow64\CHART2FX.VBX
[2011/11/30 11:47:33 | 000,081,920 | ---- | C] (Borland International) -- C:\Windows\SysWow64\BIVBX11.DLL
[2011/11/30 11:47:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Verlag Europa-Lehrmittel
[2011/11/30 11:47:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Europa
[2011/11/25 12:05:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SEGA
[2011/11/25 12:02:26 | 000,000,000 | ---D | C] -- C:\Users\Billy Mayse\AppData\Roaming\InstallShield
[2011/11/23 07:38:00 | 000,000,000 | ---D | C] -- C:\Users\Billy Mayse\Desktop\unfall
[2011/11/23 07:34:18 | 000,000,000 | ---D | C] -- C:\Users\Billy Mayse\Desktop\Neuer Ordner

========== Files - Modified Within 30 Days ==========

[2011/12/08 16:55:29 | 000,000,252 | -H-- | M] () -- C:\Windows\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2011/12/08 16:55:27 | 000,000,304 | -H-- | M] () -- C:\Windows\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job
[2011/12/08 16:55:24 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2011/12/08 16:55:21 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/08 16:55:21 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/08 16:55:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/12/08 15:45:50 | 000,618,192 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011/12/08 15:45:50 | 000,586,980 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/12/08 15:45:50 | 000,122,636 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011/12/08 15:45:50 | 000,101,052 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/12/08 15:05:07 | 000,095,744 | ---- | M] (Kassl GmbH) -- C:\Users\Billy Mayse\AppData\Roaming\dwlGina3.dll
[2011/12/08 15:01:36 | 000,368,640 | ---- | M] (pizzo ripari) -- C:\Users\Billy Mayse\AppData\Roaming\hrt54is56ijfgte.exe
[2011/12/07 07:47:15 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Winamp
[2011/12/04 11:58:39 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anno 1701
[2011/11/30 11:47:33 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Europa
[2011/11/30 11:47:31 | 000,000,168 | ---- | M] () -- C:\Windows\ptkfz.INI
[2011/11/28 17:22:47 | 382,523,408 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/11/27 08:56:39 | 000,000,000 | ---- | M] () -- C:\Users\Billy Mayse\AppData\Roaming\chrtmp
[2011/11/25 12:05:53 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SEGA

========== Files Created - No Company Name ==========

[2011/11/30 11:47:33 | 000,572,206 | ---- | C] () -- C:\Windows\SysWow64\_C6DBDLL.DLL
[2011/11/30 11:47:33 | 000,402,432 | ---- | C] () -- C:\Windows\SysWow64\C4fox.dll
[2011/11/30 11:47:33 | 000,216,064 | ---- | C] () -- C:\Windows\SysWow64\MDI16KH.DLL
[2011/11/30 11:47:31 | 000,000,168 | ---- | C] () -- C:\Windows\ptkfz.INI
[2011/11/27 08:56:39 | 000,000,000 | ---- | C] () -- C:\Users\Billy Mayse\AppData\Roaming\chrtmp
[2011/09/16 04:54:48 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011/05/22 17:34:38 | 000,013,060 | -HS- | C] () -- C:\Users\Billy Mayse\AppData\Local\3jt7304mh3
[2011/05/22 17:34:38 | 000,013,060 | -HS- | C] () -- C:\ProgramData\3jt7304mh3
[2011/05/20 15:35:28 | 000,304,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2010/10/26 11:31:29 | 000,000,510 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2010/06/24 07:59:32 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2010/06/24 07:59:32 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2010/06/24 07:59:32 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2010/06/24 07:59:32 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2010/05/29 10:29:57 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll
[2010/05/29 10:29:57 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll
[2010/05/29 10:29:57 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll
[2010/05/28 17:49:29 | 000,000,025 | ---- | C] () -- C:\Windows\SIERRA.INI
[2010/01/05 12:30:30 | 000,000,980 | ---- | C] () -- C:\Windows\eReg.dat
[2009/12/07 11:44:41 | 000,000,403 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/11/26 15:40:38 | 000,035,465 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/11/26 15:40:35 | 000,035,465 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/11/07 11:26:15 | 000,106,496 | ---- | C] () -- C:\Windows\Vmix.dll
[2009/11/07 11:26:15 | 000,000,167 | ---- | C] () -- C:\Windows\Cmicnfg3.ini.cfl
[2009/11/07 11:25:51 | 000,003,189 | ---- | C] () -- C:\Windows\Cmicnfg3.ini.cfg
[2009/11/07 11:25:51 | 000,000,725 | ---- | C] () -- C:\Windows\cmudax3.ini
[2009/11/07 11:25:51 | 000,000,194 | ---- | C] () -- C:\Windows\Cmicnfg3.ini.imi
[2009/11/01 12:23:03 | 000,107,832 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2009/11/01 12:22:52 | 002,337,865 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2009/11/01 12:22:52 | 000,066,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2009/10/27 17:11:05 | 000,000,040 | ---- | C] () -- C:\ProgramData\ra3.ini
[2009/10/18 10:26:32 | 000,000,169 | ---- | C] () -- C:\Windows\RtlRack.ini
[2009/10/13 14:44:01 | 000,000,680 | ---- | C] () -- C:\Users\Billy Mayse\AppData\Local\d3d9caps.dat
[2009/10/13 10:43:41 | 000,001,460 | ---- | C] () -- C:\Users\Billy Mayse\AppData\Local\d3d9caps64.dat
[2009/10/13 10:25:16 | 002,067,454 | R--- | C] () -- C:\Windows\VL3.EXE
[2009/10/13 10:25:16 | 000,017,920 | R--- | C] () -- C:\Windows\INSTALL.EXE
[2009/10/13 10:14:10 | 000,135,168 | R--- | C] () -- C:\Windows\SysWow64\RtlCPAPI.dll
[2009/10/13 10:14:10 | 000,040,960 | R--- | C] () -- C:\Windows\SysWow64\ChCfg.exe
[2009/10/13 10:08:34 | 000,000,164 | R--- | C] () -- C:\Windows\avrack.ini
[2009/10/13 10:02:57 | 000,000,552 | ---- | C] () -- C:\Users\Billy Mayse\AppData\Local\d3d8caps.dat
[2009/10/13 09:51:33 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009/10/13 09:50:55 | 000,210,432 | ---- | C] () -- C:\Users\Billy Mayse\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/07 12:51:34 | 000,178,430 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2008/09/16 01:25:32 | 000,000,065 | R--- | C] () -- C:\Windows\CmiOemConfig.ini
[2008/01/20 21:49:10 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2008/01/20 21:48:56 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2008/01/20 21:48:19 | 000,100,043 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2006/11/02 10:35:48 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 10:00:58 | 000,197,632 | ---- | C] () -- C:\Windows\SysWow64\ir32_32.dll
[2006/11/02 07:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006/11/02 07:26:55 | 000,018,271 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2006/11/02 07:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006/11/02 07:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006/11/02 04:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2004/12/20 05:08:28 | 000,155,648 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2004/12/20 05:03:26 | 000,679,936 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2002/12/14 16:46:02 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\oggDS.dll
[2002/12/14 16:46:02 | 000,188,416 | ---- | C] () -- C:\Windows\SysWow64\vorbis.dll
[2002/12/14 16:46:02 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\ogg.dll
[2002/12/14 15:46:04 | 000,921,600 | ---- | C] () -- C:\Windows\SysWow64\vorbisenc.dll
[2002/11/15 07:11:26 | 000,077,824 | ---- | C] () -- C:\Windows\SysWow64\MMSwitch.dll
[1999/04/29 17:00:00 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\MSRTEDIT.DLL

========== LOP Check ==========

[2011/12/08 15:02:30 | 000,000,000 | ---D | M] -- C:\Users\Billy Mayse\AppData\Roaming\aeuyh5ae4shye
[2009/12/27 12:15:47 | 000,000,000 | ---D | M] -- C:\Users\Billy Mayse\AppData\Roaming\Alarmstufe Rot 3 Der Aufstand
[2010/08/02 14:27:35 | 000,000,000 | ---D | M] -- C:\Users\Billy Mayse\AppData\Roaming\Capcom
[2009/10/13 09:51:57 | 000,000,000 | ---D | M] -- C:\Users\Billy Mayse\AppData\Roaming\DAEMON Tools
[2011/09/12 05:44:54 | 000,000,000 | ---D | M] -- C:\Users\Billy Mayse\AppData\Roaming\DVDVideoSoft
[2011/04/17 14:37:58 | 000,000,000 | ---D | M] -- C:\Users\Billy Mayse\AppData\Roaming\DVDVideoSoftIEHelpers
[2011/12/07 06:48:32 | 000,000,000 | ---D | M] -- C:\Users\Billy Mayse\AppData\Roaming\ICQ
[2009/12/15 15:03:33 | 000,000,000 | ---D | M] -- C:\Users\Billy Mayse\AppData\Roaming\IrfanView
[2010/11/27 16:15:54 | 000,000,000 | ---D | M] -- C:\Users\Billy Mayse\AppData\Roaming\Opera
[2010/06/13 07:53:08 | 000,000,000 | ---D | M] -- C:\Users\Billy Mayse\AppData\Roaming\PhotoScape
[2009/10/27 16:27:26 | 000,000,000 | ---D | M] -- C:\Users\Billy Mayse\AppData\Roaming\Red Alert 3
[2011/10/12 18:39:04 | 000,000,000 | ---D | M] -- C:\Users\Billy Mayse\AppData\Roaming\Samsung
[2011/07/28 05:21:36 | 000,000,000 | ---D | M] -- C:\Users\Billy Mayse\AppData\Roaming\SanDisk
[2011/06/13 14:37:22 | 000,000,000 | ---D | M] -- C:\Users\Billy Mayse\AppData\Roaming\SEGA Corporation
[2011/08/07 14:08:29 | 000,000,000 | ---D | M] -- C:\Users\Billy Mayse\AppData\Roaming\Sierra Entertainment
[2010/05/29 10:50:50 | 000,000,000 | ---D | M] -- C:\Users\Billy Mayse\AppData\Roaming\Stardock
[2010/03/11 10:40:04 | 000,000,000 | ---D | M] -- C:\Users\Billy Mayse\AppData\Roaming\The Creative Assembly
[2011/02/16 18:19:26 | 000,000,000 | ---D | M] -- C:\Users\Billy Mayse\AppData\Roaming\uTorrent
[2009/10/13 10:41:41 | 000,000,000 | -HSD | M] -- C:\ProgramData\Anwendungsdaten
[2006/11/02 10:41:02 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2006/11/02 10:41:02 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2006/11/02 10:41:02 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2009/10/13 10:41:41 | 000,000,000 | -HSD | M] -- C:\ProgramData\Dokumente
[2009/10/27 17:11:54 | 000,000,000 | ---D | M] -- C:\ProgramData\Electronic Arts
[2009/10/13 10:41:41 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favoriten
[2006/11/02 10:41:02 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2010/01/31 15:18:26 | 000,000,000 | ---D | M] -- C:\ProgramData\ICQ
[2011/10/12 18:39:16 | 000,000,000 | ---D | M] -- C:\ProgramData\Samsung
[2011/06/13 14:37:20 | 000,000,000 | ---D | M] -- C:\ProgramData\SEGA Corporation
[2010/05/29 10:50:11 | 000,000,000 | ---D | M] -- C:\ProgramData\Stardock
[2006/11/02 10:41:02 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2009/10/13 10:41:41 | 000,000,000 | -HSD | M] -- C:\ProgramData\Startmenü
[2011/05/24 19:16:37 | 000,000,000 | ---D | M] -- C:\ProgramData\TEMP
[2006/11/02 10:41:02 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
[2009/11/01 12:23:16 | 000,000,000 | ---D | M] -- C:\ProgramData\Ubisoft
[2009/10/13 10:41:41 | 000,000,000 | -HSD | M] -- C:\ProgramData\Vorlagen
[2010/05/29 10:50:31 | 000,000,000 | -H-D | M] -- C:\ProgramData\{EA77F737-0FEA-4800-BD99-D6AF1051C7A9}
[2011/12/08 15:49:23 | 000,032,534 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/12/08 16:55:29 | 000,000,252 | -H-- | M] () -- C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2011/12/08 16:55:27 | 000,000,304 | -H-- | M] () -- C:\Windows\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 55920 bytes -> C:\ProgramData\Application Data:$SS_DESCRIPTOR_LVVWVBGV0VFBTLX4D06YH7LVUTPXGJMBKE1R0WT1VH7E24F7PHCTVF4VMVFVVX4VM
@Alternate Data Stream - 55920 bytes -> C:\ProgramData\Anwendungsdaten:$SS_DESCRIPTOR_LVVWVBGV0VFBTLX4D06YH7LVUTPXGJMBKE1R0WT1VH7E24F7PHCTVF4VMVFVVX4VM
@Alternate Data Stream - 55920 bytes -> C:\ProgramData:$SS_DESCRIPTOR_LVVWVBGV0VFBTLX4D06YH7LVUTPXGJMBKE1R0WT1VH7E24F7PHCTVF4VMVFVVX4VM
@Alternate Data Stream - 304 bytes -> C:\Users\Billy Mayse\Desktop\-sci_fi_props.jpg:SummaryInformation
@Alternate Data Stream - 304 bytes -> C:\Users\Billy Mayse\Desktop\kirk-and-spock.jpg:SummaryInformation
@Alternate Data Stream - 304 bytes -> C:\Users\Billy Mayse\Desktop\how-to-draw-road-runner-step-61.jpg:SummaryInformation
@Alternate Data Stream - 304 bytes -> C:\Users\Billy Mayse\Desktop\180px-Kirk_dressed_in_Nazi_attire1.jpg:SummaryInformation
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMPFC5A2B2
< End of report >

Alt 09.12.2011, 14:45   #2
markusg
/// Malware-holic
 
Gema Ukash Virus Rechner gesperrt - Standard

Gema Ukash Virus Rechner gesperrt


auf deinem zweiten pc gehe auf start, programme zubehör editor, kopiere dort
rein:
Code:
ATTFilter
:OTL
O4 - HKLM..\Run: [6zvcaxR5ls4KB9Y] C:\Users\Billy Mayse\AppData\Roaming\hrt54is56ijfgte.exe (pizzo ripari)
O4 - HKU\Billy_Mayse_ON_C..\Run: [6zvcaxR5ls4KB9Y] C:\Users\Billy Mayse\AppData\Roaming\hrt54is56ijfgte.exe (pizzo ripari)
O4 - HKU\Billy_Mayse_ON_C..\Run: [gsu5h5j] C:\Users\Billy Mayse\AppData\Roaming\aeuyh5ae4shye\seryhse5u.exe (pizzo ripari)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistrytools = 1
O7 - HKU\Billy_Mayse_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 1
O7 - HKU\Billy_Mayse_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\Billy_Mayse_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O20 - HKLM Winlogon: Shell - (C:\Users\Billy Mayse\AppData\Roaming\hrt54is56ijfgte.exe) - C:\Users\Billy Mayse\AppData\Roaming\hrt54is56ijfgte.exe (pizzo
ripari)
O20 - HKU\Billy_Mayse_ON_C Winlogon: Shell - (C:\Users\Billy Mayse\AppData\Roaming\hrt54is56ijfgte.exe) - C:\Users\Billy Mayse\AppData\Roaming\hrt54is56ijfgte.exe
(pizzo ripari)
[2011/12/08 15:05:07 | 000,095,744 | ---- | C] (Kassl GmbH) -- C:\Users\Billy Mayse\AppData\Roaming\dwlGina3.dll
[2011/12/08 15:02:30 | 000,368,640 | ---- | C] (pizzo ripari) -- C:\Users\Billy Mayse\AppData\Roaming\hrt54is56ijfgte.exe
:Files
C:\Users\Billy Mayse\AppData\Roaming\hrt54is56ijfgte.exe
C:\Users\Billy Mayse\AppData\Roaming\aeuyh5ae4shye
:Commands
[purity]
[EMPTYFLASH] 
[emptytemp]
[Reboot]
dieses speicherst du auf nem usb stick als fix.txt
nutze nun wieder OTLPENet.exe (starte also von der erstellten cd) und hake alles an, wie es bereits im post zu OTLPENet.exe beschrieben ist.
• Klicke nun bitte auf den Fix Button.
es sollte nun eine meldung ähnlich dieser: "load fix from file" erscheinen, lade also die fix.txt von deinem stick.
wenn dies nicht funktioniert, bitte den fix manuell eintragen.
dann klicke erneut den fix buton. pc startet evtl. neu. wenn ja, nimm die cd aus dem laufwerk, windows sollte nun normal starten und die otl.txt öffnen,
log posten bitte.

öffne computer, öffne C: dann _OTL
dort rechtsklick auf moved files
wähle zu moved files.rar oder zip hinzufügen.
folge dem link, und lade das archiv im upload channel hoch
http://www.trojaner-board.de/54791-a...ner-board.html
__________________

__________________
Alt 09.12.2011, 16:32   #3
el_polloloco
 
Gema Ukash Virus Rechner gesperrt - Standard

Gema Ukash Virus Rechner gesperrt


super der rechner geht anscheinend wieder. danke! movedfiles.zip ist hochgeladen, hier noch die OTL.txt:

Code:
ATTFilter
OTL logfile created on: 12/9/2011 1:31:48 PM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
64bit-Windows Vista (TM) Ultimate Service Pack 1 (Version = 6.0.6001) - Type = System
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 91.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 97.65 Gb Total Space | 24.53 Gb Free Space | 25.12% Space Free | Partition Type: NTFS
Drive D: | 135.22 Gb Total Space | 40.33 Gb Free Space | 29.82% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet003
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2008/01/20 21:50:23 | 000,195,584 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\appmgmts.dll -- (AppMgmt)
SRV - [2011/05/25 02:25:28 | 002,214,504 | ---- | M] (NVIDIA Corporation) [Auto] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/05/20 15:35:16 | 000,378,472 | ---- | M] (NVIDIA Corporation) [Auto] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010/12/22 10:12:29 | 000,028,762 | ---- | M] (MyWebSearch.com) [Auto] -- C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSSVC.EXE -- (MyWebSearchService)
SRV - [2010/07/30 00:51:50 | 000,095,568 | ---- | M] (Devguru Co., Ltd.) [Auto] -- C:\Windows\SysWOW64\dgdersvc.exe -- (dgdersvc)
SRV - [2010/01/03 11:07:48 | 000,246,520 | ---- | M] () [Auto] -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2009/11/01 17:21:57 | 000,107,832 | ---- | M] () [Auto] -- C:\Windows\SysWOW64\PnkBstrB.exe -- (PnkBstrB)
SRV - [2009/11/01 17:21:51 | 000,066,872 | ---- | M] () [Auto] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2009/07/21 08:34:28 | 000,185,089 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/05/13 10:48:18 | 000,108,289 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2008/07/27 13:03:13 | 000,069,632 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011/08/24 23:43:54 | 000,203,320 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ssudmdm.sys -- (ssudmdm) SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.)
DRV:64bit: - [2011/08/24 23:43:54 | 000,095,544 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ssudbus.sys -- (dg_ssudbus) SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.)
DRV:64bit: - [2011/01/04 10:11:16 | 000,016,392 | ---- | M] (Teruten Inc) [File_System | On_Demand] -- C:\Windows\System32\drivers\TFsExDisk.sys -- (TFsExDisk)
DRV:64bit: - [2010/11/18 10:03:51 | 000,868,848 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010/07/30 00:51:52 | 000,020,552 | ---- | M] (Devguru Co., Ltd) [Kernel | On_Demand] -- C:\Windows\System32\drivers\dgderdrv.sys -- (dgderdrv)
DRV:64bit: - [2009/12/07 09:23:05 | 000,074,880 | ---- | M] (Avira GmbH) [File_System | Auto] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2008/01/20 21:46:34 | 000,046,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\WpdUsb.sys -- (WpdUsb)
DRV:64bit: - [2007/07/06 11:10:18 | 000,835,072 | ---- | M] (C-Media Inc) [Kernel | On_Demand] -- C:\Windows\System32\drivers\cmudax3.sys -- (cmuda3)
DRV:64bit: - [2007/06/29 08:48:06 | 000,039,424 | ---- | M] (AMD, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\AmdLLD64.sys -- (AmdLLD64)
DRV:64bit: - [2006/09/18 16:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand] -- C:\Windows\System32\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2006/09/18 16:26:37 | 000,034,176 | ---- | M] (ULi Electronics Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ULILAN64.SYS -- (ULi5261)
DRV:64bit: - [2005/07/01 03:22:56 | 000,322,560 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\rt61.sys -- (RT61)
DRV - [2010/07/30 00:51:50 | 000,018,120 | ---- | M] (Devguru Co., Ltd) [Kernel | On_Demand] -- C:\Windows\SysWOW64\drivers\dgderdrv.sys -- (dgderdrv)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\Billy_Mayse_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050
IE - HKU\Billy_Mayse_ON_C\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKU\Billy_Mayse_ON_C\..\URLSearchHook: {00A6FAF6-072E-44cf-8957-5838F569A31D} - Reg Error: Key error. File not found
IE - HKU\Billy_Mayse_ON_C\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - Reg Error: Key error. File not found
IE - HKU\Billy_Mayse_ON_C\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found
IE - HKU\Billy_Mayse_ON_C\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - Reg Error: Key error. File not found
IE - HKU\Billy_Mayse_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
 
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Veoh Web Player Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2653012&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Veoh Web Player Customized Web Search"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.com/webhp?hl=de&tab=iw"
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
 
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@mywebsearch.com/Plugin: C:\Program Files (x86)\MyWebSearch\bar\1.bin\NPMYWEBS.DLL (MyWebSearch.com)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=1.1.9: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
 
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files (x86)\MyWebSearch\bar\1.bin [2010/12/22 10:12:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/09/08 11:25:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/12/07 07:47:15 | 000,000,000 | ---D | M]
 
[2009/10/13 09:51:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Billy Mayse\AppData\Roaming\Mozilla\Extensions
[2011/12/05 10:03:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Billy Mayse\AppData\Roaming\Mozilla\Firefox\Profiles\ammhwaew.default\extensions
[2011/09/12 05:41:08 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Billy Mayse\AppData\Roaming\Mozilla\Firefox\Profiles\ammhwaew.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011/12/05 10:03:38 | 000,000,000 | ---D | M] (Veoh Web Player Community Toolbar) -- C:\Users\Billy Mayse\AppData\Roaming\Mozilla\Firefox\Profiles\ammhwaew.default\extensions\{cd90bf73-20f6-44ef-993d-bb920303bd2e}
[2011/03/21 23:58:08 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Billy Mayse\AppData\Roaming\Mozilla\Firefox\Profiles\ammhwaew.default\extensions\engine@conduit.com
[2010/06/29 11:22:34 | 000,000,933 | ---- | M] () -- C:\Users\Billy Mayse\AppData\Roaming\Mozilla\Firefox\Profiles\ammhwaew.default\searchplugins\conduit.xml
[2009/10/13 09:54:28 | 000,002,921 | ---- | M] () -- C:\Users\Billy Mayse\AppData\Roaming\Mozilla\Firefox\Profiles\ammhwaew.default\searchplugins\daemon-search.xml
[2011/12/03 09:57:33 | 000,000,944 | ---- | M] () -- C:\Users\Billy Mayse\AppData\Roaming\Mozilla\Firefox\Profiles\ammhwaew.default\searchplugins\icqplugin.xml
[2011/06/08 05:40:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/01/31 15:18:26 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Program Files (x86)\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011/01/29 11:20:16 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/01/30 10:10:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/05/23 05:47:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
File not found (No name found) -- 
() (No name found) -- C:\USERS\BILLY MAYSE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AMMHWAEW.DEFAULT\EXTENSIONS\STEALTHYEXTENSION@GMAIL.COM.XPI
[2011/09/08 11:25:43 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/02/02 14:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/10/26 13:49:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2010/01/01 03:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010/01/01 03:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2010/01/01 03:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2010/01/01 03:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2010/01/01 03:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2010/01/01 03:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006/09/18 16:37:24 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (MyWebSearch Search Assistant BHO) - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSSRCAS.DLL (MyWebSearch.com)
O2 - BHO: (mwsBar BHO) - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSBAR.DLL (MyWebSearch.com)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKLM\..\Toolbar: (My Web Search) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSBAR.DLL (MyWebSearch.com)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O3 - HKU\Billy_Mayse_ON_C\..\Toolbar\WebBrowser: (My Web Search) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSBAR.DLL (MyWebSearch.com)
O3:64bit: - HKU\Billy_Mayse_ON_C\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKU\Billy_Mayse_ON_C\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKU\Billy_Mayse_ON_C\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [CmPCIaudio] C:\Windows\Syswow64\CMICNFG3.cpl (C-Media Corporation)
O4 - HKLM..\Run: [6zvcaxR5ls4KB9Y] C:\Users\Billy Mayse\AppData\Roaming\hrt54is56ijfgte.exe (pizzo ripari)
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe (Samsung)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [My Web Search Bar Search Scope Monitor] C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3SRCHMN.EXE (MyWebSearch.com)
O4 - HKLM..\Run: [sysconfig32]  File not found
O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKU\Billy_Mayse_ON_C..\Run: [6zvcaxR5ls4KB9Y] C:\Users\Billy Mayse\AppData\Roaming\hrt54is56ijfgte.exe (pizzo ripari)
O4 - HKU\Billy_Mayse_ON_C..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - HKU\Billy_Mayse_ON_C..\Run: [gsu5h5j] C:\Users\Billy Mayse\AppData\Roaming\aeuyh5ae4shye\seryhse5u.exe (pizzo ripari)
O4 - HKU\Billy_Mayse_ON_C..\Run: [ICQ] C:\Program Files (x86)\ICQ7.0\ICQ.exe (ICQ, LLC.)
O4 - HKU\Billy_Mayse_ON_C..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKU\Billy_Mayse_ON_C..\Run: [Microsoft® Windows Update]  File not found
O4 - HKU\Billy_Mayse_ON_C..\Run: [SansaDispatch] C:\Users\Billy Mayse\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe (SanDisk Corporation)
O4 - HKU\Billy_Mayse_ON_C..\Run: [VeohPlugin] C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (Veoh Networks)
O4 - HKU\LocalService_ON_C..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\UpdatusUser_ON_C..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistrytools = 1
O7 - HKU\Billy_Mayse_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Billy_Mayse_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O7 - HKU\Billy_Mayse_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 1
O7 - HKU\Billy_Mayse_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\Billy_Mayse_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Billy Mayse\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Billy Mayse\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\Billy Mayse\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Billy Mayse\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files (x86)\ICQ7.0\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files (x86)\ICQ7.0\ICQ.exe (ICQ, LLC.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000003 [] -  File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000004 [] -  File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] -  File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] -  File not found
O13:64bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ipp - No CLSID value found
O18:64bit: - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (C:\Users\Billy Mayse\AppData\Roaming\hrt54is56ijfgte.exe) - C:\Users\Billy Mayse\AppData\Roaming\hrt54is56ijfgte.exe (pizzo ripari)
O20 - HKLM Winlogon: UserInit - (C:\Windows\msnmgr.exe) -  File not found
O20 - HKU\Billy_Mayse_ON_C Winlogon: Shell - (C:\Users\Billy Mayse\AppData\Roaming\hrt54is56ijfgte.exe) - C:\Users\Billy Mayse\AppData\Roaming\hrt54is56ijfgte.exe (pizzo ripari)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{248f47e0-b808-11de-945b-00161799f4db}\Shell - "" = AutoRun
O33 - MountPoints2\{248f47e0-b808-11de-945b-00161799f4db}\Shell\AutoRun\command - "" = I:\autorun.exe -auto
O33 - MountPoints2\{515182c6-b816-11de-86c6-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{515182c6-b816-11de-86c6-806e6f6e6963}\Shell\AutoRun\command - "" = E:\AUTORUN.EXE
O33 - MountPoints2\{691fbd52-b804-11de-8c0f-df38d91c3586}\Shell\AutoRun\command - "" = H:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe
O33 - MountPoints2\{691fbd52-b804-11de-8c0f-df38d91c3586}\Shell\open\command - "" = H:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe
O33 - MountPoints2\{c5b4fc68-e19d-11de-be11-00161799f4db}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL \RECYCLER\S-1-2-27-3876751312-7555153718-230520475-4131\tTKoxuDJ.exe
O33 - MountPoints2\{c5b4fc68-e19d-11de-be11-00161799f4db}\Shell\explore\command - "" = \RECYCLER\S-1-2-27-3876751312-7555153718-230520475-4131\tTKoxuDJ.exe
O33 - MountPoints2\{c5b4fc68-e19d-11de-be11-00161799f4db}\Shell\Open\command - "" = \RECYCLER\S-1-2-27-3876751312-7555153718-230520475-4131\tTKoxuDJ.exe
O33 - MountPoints2\{de5ab3f9-2bad-11e0-8e8a-00161799f4db}\Shell - "" = AutoRun
O33 - MountPoints2\{de5ab3f9-2bad-11e0-8e8a-00161799f4db}\Shell\AutoRun\command - "" = J:\SamsungKiesInstaller.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found
64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011/12/08 22:52:59 | 002,237,440 | R--- | C] (OldTimer Tools) -- C:\OTLPE.exe
[2011/12/08 22:52:56 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/12/08 15:05:07 | 000,095,744 | ---- | C] (Kassl GmbH) -- C:\Users\Billy Mayse\AppData\Roaming\dwlGina3.dll
[2011/12/08 15:02:30 | 000,368,640 | ---- | C] (pizzo ripari) -- C:\Users\Billy Mayse\AppData\Roaming\hrt54is56ijfgte.exe
[2011/12/08 15:01:36 | 000,000,000 | ---D | C] -- C:\Users\Billy Mayse\AppData\Roaming\aeuyh5ae4shye
[2011/12/08 13:44:11 | 000,000,000 | ---D | C] -- C:\Windows\usgwmt
[2011/12/07 07:47:15 | 000,000,000 | ---D | C] -- C:\Users\Billy Mayse\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Winamp Erkennungs-Plug-in
[2011/12/07 07:47:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Winamp Detect
[2011/12/07 07:47:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Winamp
[2011/12/07 07:47:04 | 000,000,000 | ---D | C] -- C:\Users\Billy Mayse\AppData\Roaming\Winamp
[2011/11/30 11:47:33 | 000,232,464 | ---- | C] (Software FX, Inc.) -- C:\Windows\SysWow64\CHART2FX.VBX
[2011/11/30 11:47:33 | 000,081,920 | ---- | C] (Borland International) -- C:\Windows\SysWow64\BIVBX11.DLL
[2011/11/30 11:47:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Verlag Europa-Lehrmittel
[2011/11/30 11:47:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Europa
[2011/11/25 12:05:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SEGA
[2011/11/25 12:02:26 | 000,000,000 | ---D | C] -- C:\Users\Billy Mayse\AppData\Roaming\InstallShield
[2011/11/23 07:38:00 | 000,000,000 | ---D | C] -- C:\Users\Billy Mayse\Desktop\unfall
[2011/11/23 07:34:18 | 000,000,000 | ---D | C] -- C:\Users\Billy Mayse\Desktop\Neuer Ordner
 
========== Files - Modified Within 30 Days ==========
 
[2011/12/08 16:55:29 | 000,000,252 | -H-- | M] () -- C:\Windows\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2011/12/08 16:55:27 | 000,000,304 | -H-- | M] () -- C:\Windows\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job
[2011/12/08 16:55:24 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2011/12/08 16:55:21 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/08 16:55:21 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/08 16:55:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/12/08 15:45:50 | 000,618,192 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011/12/08 15:45:50 | 000,586,980 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/12/08 15:45:50 | 000,122,636 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011/12/08 15:45:50 | 000,101,052 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/12/08 15:05:07 | 000,095,744 | ---- | M] (Kassl GmbH) -- C:\Users\Billy Mayse\AppData\Roaming\dwlGina3.dll
[2011/12/08 15:01:36 | 000,368,640 | ---- | M] (pizzo ripari) -- C:\Users\Billy Mayse\AppData\Roaming\hrt54is56ijfgte.exe
[2011/12/07 07:47:15 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Winamp
[2011/12/04 11:58:39 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anno 1701
[2011/11/30 11:47:33 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Europa
[2011/11/30 11:47:31 | 000,000,168 | ---- | M] () -- C:\Windows\ptkfz.INI
[2011/11/28 17:22:47 | 382,523,408 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/11/27 08:56:39 | 000,000,000 | ---- | M] () -- C:\Users\Billy Mayse\AppData\Roaming\chrtmp
[2011/11/25 12:05:53 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SEGA
 
========== Files Created - No Company Name ==========
 
[2011/11/30 11:47:33 | 000,572,206 | ---- | C] () -- C:\Windows\SysWow64\_C6DBDLL.DLL
[2011/11/30 11:47:33 | 000,402,432 | ---- | C] () -- C:\Windows\SysWow64\C4fox.dll
[2011/11/30 11:47:33 | 000,216,064 | ---- | C] () -- C:\Windows\SysWow64\MDI16KH.DLL
[2011/11/30 11:47:31 | 000,000,168 | ---- | C] () -- C:\Windows\ptkfz.INI
[2011/11/27 08:56:39 | 000,000,000 | ---- | C] () -- C:\Users\Billy Mayse\AppData\Roaming\chrtmp
[2011/09/16 04:54:48 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011/05/22 17:34:38 | 000,013,060 | -HS- | C] () -- C:\Users\Billy Mayse\AppData\Local\3jt7304mh3
[2011/05/22 17:34:38 | 000,013,060 | -HS- | C] () -- C:\ProgramData\3jt7304mh3
[2011/05/20 15:35:28 | 000,304,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2010/10/26 11:31:29 | 000,000,510 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2010/06/24 07:59:32 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2010/06/24 07:59:32 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2010/06/24 07:59:32 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2010/06/24 07:59:32 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2010/05/29 10:29:57 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll
[2010/05/29 10:29:57 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll
[2010/05/29 10:29:57 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll
[2010/05/28 17:49:29 | 000,000,025 | ---- | C] () -- C:\Windows\SIERRA.INI
[2010/01/05 12:30:30 | 000,000,980 | ---- | C] () -- C:\Windows\eReg.dat
[2009/12/07 11:44:41 | 000,000,403 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/11/26 15:40:38 | 000,035,465 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/11/26 15:40:35 | 000,035,465 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/11/07 11:26:15 | 000,106,496 | ---- | C] () -- C:\Windows\Vmix.dll
[2009/11/07 11:26:15 | 000,000,167 | ---- | C] () -- C:\Windows\Cmicnfg3.ini.cfl
[2009/11/07 11:25:51 | 000,003,189 | ---- | C] () -- C:\Windows\Cmicnfg3.ini.cfg
[2009/11/07 11:25:51 | 000,000,725 | ---- | C] () -- C:\Windows\cmudax3.ini
[2009/11/07 11:25:51 | 000,000,194 | ---- | C] () -- C:\Windows\Cmicnfg3.ini.imi
[2009/11/01 12:23:03 | 000,107,832 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2009/11/01 12:22:52 | 002,337,865 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2009/11/01 12:22:52 | 000,066,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2009/10/27 17:11:05 | 000,000,040 | ---- | C] () -- C:\ProgramData\ra3.ini
[2009/10/18 10:26:32 | 000,000,169 | ---- | C] () -- C:\Windows\RtlRack.ini
[2009/10/13 14:44:01 | 000,000,680 | ---- | C] () -- C:\Users\Billy Mayse\AppData\Local\d3d9caps.dat
[2009/10/13 10:43:41 | 000,001,460 | ---- | C] () -- C:\Users\Billy Mayse\AppData\Local\d3d9caps64.dat
[2009/10/13 10:25:16 | 002,067,454 | R--- | C] () -- C:\Windows\VL3.EXE
[2009/10/13 10:25:16 | 000,017,920 | R--- | C] () -- C:\Windows\INSTALL.EXE
[2009/10/13 10:14:10 | 000,135,168 | R--- | C] () -- C:\Windows\SysWow64\RtlCPAPI.dll
[2009/10/13 10:14:10 | 000,040,960 | R--- | C] () -- C:\Windows\SysWow64\ChCfg.exe
[2009/10/13 10:08:34 | 000,000,164 | R--- | C] () -- C:\Windows\avrack.ini
[2009/10/13 10:02:57 | 000,000,552 | ---- | C] () -- C:\Users\Billy Mayse\AppData\Local\d3d8caps.dat
[2009/10/13 09:51:33 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009/10/13 09:50:55 | 000,210,432 | ---- | C] () -- C:\Users\Billy Mayse\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/07 12:51:34 | 000,178,430 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2008/09/16 01:25:32 | 000,000,065 | R--- | C] () -- C:\Windows\CmiOemConfig.ini
[2008/01/20 21:49:10 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2008/01/20 21:48:56 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2008/01/20 21:48:19 | 000,100,043 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2006/11/02 10:35:48 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 10:00:58 | 000,197,632 | ---- | C] () -- C:\Windows\SysWow64\ir32_32.dll
[2006/11/02 07:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006/11/02 07:26:55 | 000,018,271 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2006/11/02 07:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006/11/02 07:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006/11/02 04:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2004/12/20 05:08:28 | 000,155,648 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2004/12/20 05:03:26 | 000,679,936 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2002/12/14 16:46:02 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\oggDS.dll
[2002/12/14 16:46:02 | 000,188,416 | ---- | C] () -- C:\Windows\SysWow64\vorbis.dll
[2002/12/14 16:46:02 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\ogg.dll
[2002/12/14 15:46:04 | 000,921,600 | ---- | C] () -- C:\Windows\SysWow64\vorbisenc.dll
[2002/11/15 07:11:26 | 000,077,824 | ---- | C] () -- C:\Windows\SysWow64\MMSwitch.dll
[1999/04/29 17:00:00 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\MSRTEDIT.DLL
 
========== LOP Check ==========
 
[2011/12/08 15:02:30 | 000,000,000 | ---D | M] -- C:\Users\Billy Mayse\AppData\Roaming\aeuyh5ae4shye
[2009/12/27 12:15:47 | 000,000,000 | ---D | M] -- C:\Users\Billy Mayse\AppData\Roaming\Alarmstufe Rot 3 Der Aufstand
[2010/08/02 14:27:35 | 000,000,000 | ---D | M] -- C:\Users\Billy Mayse\AppData\Roaming\Capcom
[2009/10/13 09:51:57 | 000,000,000 | ---D | M] -- C:\Users\Billy Mayse\AppData\Roaming\DAEMON Tools
[2011/09/12 05:44:54 | 000,000,000 | ---D | M] -- C:\Users\Billy Mayse\AppData\Roaming\DVDVideoSoft
[2011/04/17 14:37:58 | 000,000,000 | ---D | M] -- C:\Users\Billy Mayse\AppData\Roaming\DVDVideoSoftIEHelpers
[2011/12/07 06:48:32 | 000,000,000 | ---D | M] -- C:\Users\Billy Mayse\AppData\Roaming\ICQ
[2009/12/15 15:03:33 | 000,000,000 | ---D | M] -- C:\Users\Billy Mayse\AppData\Roaming\IrfanView
[2010/11/27 16:15:54 | 000,000,000 | ---D | M] -- C:\Users\Billy Mayse\AppData\Roaming\Opera
[2010/06/13 07:53:08 | 000,000,000 | ---D | M] -- C:\Users\Billy Mayse\AppData\Roaming\PhotoScape
[2009/10/27 16:27:26 | 000,000,000 | ---D | M] -- C:\Users\Billy Mayse\AppData\Roaming\Red Alert 3
[2011/10/12 18:39:04 | 000,000,000 | ---D | M] -- C:\Users\Billy Mayse\AppData\Roaming\Samsung
[2011/07/28 05:21:36 | 000,000,000 | ---D | M] -- C:\Users\Billy Mayse\AppData\Roaming\SanDisk
[2011/06/13 14:37:22 | 000,000,000 | ---D | M] -- C:\Users\Billy Mayse\AppData\Roaming\SEGA Corporation
[2011/08/07 14:08:29 | 000,000,000 | ---D | M] -- C:\Users\Billy Mayse\AppData\Roaming\Sierra Entertainment
[2010/05/29 10:50:50 | 000,000,000 | ---D | M] -- C:\Users\Billy Mayse\AppData\Roaming\Stardock
[2010/03/11 10:40:04 | 000,000,000 | ---D | M] -- C:\Users\Billy Mayse\AppData\Roaming\The Creative Assembly
[2011/02/16 18:19:26 | 000,000,000 | ---D | M] -- C:\Users\Billy Mayse\AppData\Roaming\uTorrent
[2009/10/13 10:41:41 | 000,000,000 | -HSD | M] -- C:\ProgramData\Anwendungsdaten
[2006/11/02 10:41:02 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2006/11/02 10:41:02 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2006/11/02 10:41:02 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2009/10/13 10:41:41 | 000,000,000 | -HSD | M] -- C:\ProgramData\Dokumente
[2009/10/27 17:11:54 | 000,000,000 | ---D | M] -- C:\ProgramData\Electronic Arts
[2009/10/13 10:41:41 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favoriten
[2006/11/02 10:41:02 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2010/01/31 15:18:26 | 000,000,000 | ---D | M] -- C:\ProgramData\ICQ
[2011/10/12 18:39:16 | 000,000,000 | ---D | M] -- C:\ProgramData\Samsung
[2011/06/13 14:37:20 | 000,000,000 | ---D | M] -- C:\ProgramData\SEGA Corporation
[2010/05/29 10:50:11 | 000,000,000 | ---D | M] -- C:\ProgramData\Stardock
[2006/11/02 10:41:02 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2009/10/13 10:41:41 | 000,000,000 | -HSD | M] -- C:\ProgramData\Startmenü
[2011/05/24 19:16:37 | 000,000,000 | ---D | M] -- C:\ProgramData\TEMP
[2006/11/02 10:41:02 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
[2009/11/01 12:23:16 | 000,000,000 | ---D | M] -- C:\ProgramData\Ubisoft
[2009/10/13 10:41:41 | 000,000,000 | -HSD | M] -- C:\ProgramData\Vorlagen
[2010/05/29 10:50:31 | 000,000,000 | -H-D | M] -- C:\ProgramData\{EA77F737-0FEA-4800-BD99-D6AF1051C7A9}
[2011/12/08 15:49:23 | 000,032,534 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/12/08 16:55:29 | 000,000,252 | -H-- | M] () -- C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2011/12/08 16:55:27 | 000,000,304 | -H-- | M] () -- C:\Windows\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 55920 bytes -> C:\ProgramData\Application Data:$SS_DESCRIPTOR_LVVWVBGV0VFBTLX4D06YH7LVUTPXGJMBKE1R0WT1VH7E24F7PHCTVF4VMVFVVX4VM
@Alternate Data Stream - 55920 bytes -> C:\ProgramData\Anwendungsdaten:$SS_DESCRIPTOR_LVVWVBGV0VFBTLX4D06YH7LVUTPXGJMBKE1R0WT1VH7E24F7PHCTVF4VMVFVVX4VM
@Alternate Data Stream - 55920 bytes -> C:\ProgramData:$SS_DESCRIPTOR_LVVWVBGV0VFBTLX4D06YH7LVUTPXGJMBKE1R0WT1VH7E24F7PHCTVF4VMVFVVX4VM
@Alternate Data Stream - 304 bytes -> C:\Users\Billy Mayse\Desktop\-sci_fi_props.jpg:SummaryInformation
@Alternate Data Stream - 304 bytes -> C:\Users\Billy Mayse\Desktop\kirk-and-spock.jpg:SummaryInformation
@Alternate Data Stream - 304 bytes -> C:\Users\Billy Mayse\Desktop\how-to-draw-road-runner-step-61.jpg:SummaryInformation
@Alternate Data Stream - 304 bytes -> C:\Users\Billy Mayse\Desktop\180px-Kirk_dressed_in_Nazi_attire1.jpg:SummaryInformation
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:DFC5A2B2
< End of report >
__________________
Alt 09.12.2011, 16:43   #4
markusg
/// Malware-holic
 
Gema Ukash Virus Rechner gesperrt - Standard

Gema Ukash Virus Rechner gesperrt


weiter gehts.
Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.

Bitte downloade dir Combofix.exe und speichere es unbedingt auf deinem Desktop.
  • Besuche folgende Seite für Downloadlinks und Anweisungen für dieses
    Tool

    Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Hinweis:
    Gehe sicher das all deine Anti Virus und Anti Malware Programme abgeschalten sind, damit diese Combofix nicht bei der Arbeit stören.
  • Poste bitte die C:\Combofix.txt in deiner nächsten Antwort.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Antwort

Themen zu Gema Ukash Virus Rechner gesperrt
0x00000001, alert, alternate, antivir, avira, bho, c:\windows\system32\rundll32.exe, converter, desktop, device driver, disabletaskmgr, download, error, explorer, firefox, format, gema-virus, gesperrt, helper, logfile, microsoft, monitor, mp3, nvidia, plug-in, rechner gesperrt, registry, rundll, scan, sched.exe, software, studio, ukash virus, usb, virus, vista


« BKA-Trojaner-Befall auf Laptop mit WinXP | TR/ATRAPS.Gen2, TR/Kryptik.FYC, TR/Kazy.47207.1 und andere Trojaner gefunden. »


Ähnliche Themen: Gema Ukash Virus Rechner gesperrt


  1. UKASH-Virus/ Ihr Computer wurde gesperrt!
    Plagegeister aller Art und deren Bekämpfung - 04.03.2013 (14)
  2. ukash-trojaner-Rechner gesperrt
    Plagegeister aller Art und deren Bekämpfung - 12.01.2013 (2)
  3. Trojan.FakeMS, Rechner gesperrt, GVU Trojaner (BSI) Webcam-Fake, Zahlung: PaysafeCard, UKash
    Log-Analyse und Auswertung - 30.11.2012 (1)
  4. Gema Virus, Der Rechner wurde gespeert
    Plagegeister aller Art und deren Bekämpfung - 30.09.2012 (15)
  5. (XPOST) Virus (angeblich GEMA) Computer wurde gesperrt. Was nun?
    Mülltonne - 12.09.2012 (1)
  6. GEMA-Virus Variante 2.06 (?) m. 2 Zahlfunktionen (paysave, ukash)
    Log-Analyse und Auswertung - 08.06.2012 (1)
  7. GEMA-Virus aufgetreten, PC bis zur Zahlung von 100 Euro gesperrt
    Plagegeister aller Art und deren Bekämpfung - 11.05.2012 (15)
  8. Virus blockiert PC! Gema Bundestrojaner Virus - 50 euro Ukash?
    Plagegeister aller Art und deren Bekämpfung - 06.05.2012 (4)
  9. GEMA Virus, Computer gesperrt
    Log-Analyse und Auswertung - 22.04.2012 (3)
  10. 50€ GEMA Virus, weißer Bildschirm, PC direkt nach Start gesperrt
    Plagegeister aller Art und deren Bekämpfung - 13.04.2012 (11)
  11. Gesperrt durch virus ( 100euro ukash)
    Log-Analyse und Auswertung - 04.04.2012 (9)
  12. Rechner gesperrt, Zahlung von 100,-€ an ukash und paysafe soll problem lösen...
    Log-Analyse und Auswertung - 01.04.2012 (1)
  13. Desktop gesperrt, ähnlich wie GEMA-Virus, Hilfe! nix geht mehr
    Plagegeister aller Art und deren Bekämpfung - 30.03.2012 (10)
  14. Win7 Starter Netbook durch GEMA Virus gesperrt.
    Plagegeister aller Art und deren Bekämpfung - 21.02.2012 (3)
  15. GEMA uKash Virus
    Log-Analyse und Auswertung - 04.01.2012 (13)
  16. BKA-Trojaner (Rechner gesperrt) / ukash / Tronjan.Dropper / PUP.VshareRedir - bin ich wieder clean?
    Log-Analyse und Auswertung - 17.12.2011 (7)
  17. GEMA ukash virus
    Log-Analyse und Auswertung - 11.12.2011 (54)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Gema Ukash Virus Rechner gesperrt - Hallo, ich habe seit gestern den Gema-Virus auf meinem Rechner. Hab mich auch schon ein bisschen umgeschaut und die Lösung über REATOGO_X_PE gefunden. Bitte um weitere Anweisungen! Der scan ergab - Gema Ukash Virus Rechner gesperrt...
Archiv
Du betrachtest: Gema Ukash Virus Rechner gesperrt auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55