| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Ukash 100€ Bundestrojaner Windows Vista sp 2Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
17.03.2012, 12:32
| #1 |
 |  Ukash 100€ Bundestrojaner Windows Vista sp 2 Hi, Ich habe seit heute morgen diesen Virus/Trojaner auf meinem Notebook. Ich besitze folgende Einschränkungen: Kein internetzugang mehr (konnte Malware trotzdem auf aktuelle Datenbank patchen) und lediglich abgesicherter Modus funktioniert (bin an meinem Notebook zur Zeit mit zusätzlichen Netzwerktreibern und abgesicherten MOdus dran - online bin ich gerade über einen Computer) Ich habe mich hier natürlich ein wenig informiert. Ich habe zunächst Malwarebytes installiert und ausgeführt (ohne aktualisierte Datenbank) und den Trojaner entfernt. Er hiess sdvhalp.exe (oder so ähnlich..) und dachte damit wär das Problem erledigt. Malwarebyte wollte einen reboot nach dem entfernen der bösartigen software und ich wusste nicht, ob ich wieder in den abgesicherten Modus sollte oder ins normale WIndows. Ich bin in das normale WIndows und hatte wieder das Problem mit der BKA Meldung etc... Dann bin ich wieder in den ABgesicherten Modus (jetzt ging für eine kurze Zeit das Internet womit ich Malwarebyte aktualisiert habe, jetzt geht das Internet wieder nicht mehr...) und habe OBL gestartet mit den standart einstellungen. Allerdings hat OTL nichts gefunden... Ich habe jetzt einen neuen DUrchlauf mit Malware und aktualisierter Datenbank gestartet der zur Zeit noch läuft... Hier die Logs die ich bisher mit OTL bekommen habe (wäre nett wenn mir einer sagen könnte wo malwarebyte seine Logs speichert, würde ich auch gerne hier posten aber finde es nicht im installationordner von Malwarebyte):OTL Logfile: Code:
ATTFilter OTL logfile created on: 17.03.2012 11:57:00 - Run 1 OTL by OldTimer - Version 3.2.38.0 Folder = F:\ Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19088) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,99 Gb Total Physical Memory | 2,13 Gb Available Physical Memory | 71,18% Memory free 6,18 Gb Paging File | 5,49 Gb Available in Paging File | 88,91% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 222,79 Gb Total Space | 10,49 Gb Free Space | 4,71% Space Free | Partition Type: NTFS Drive D: | 10,00 Gb Total Space | 1,75 Gb Free Space | 17,50% Space Free | Partition Type: NTFS Drive F: | 1,89 Gb Total Space | 1,44 Gb Free Space | 76,32% Space Free | Partition Type: FAT Computer Name: KAIZ-PC | User Name: kaiz | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.03.17 10:23:46 | 000,594,944 | ---- | M] (OldTimer Tools) -- F:\OTL.exe PRC - [2012.03.14 14:43:26 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe PRC - [2012.01.13 14:53:16 | 000,981,680 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbam.exe PRC - [2011.05.28 07:09:21 | 000,638,232 | ---- | M] (Microsoft Corporation) -- C:\Programme\Internet Explorer\iexplore.exe PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe ========== Modules (No Company Name) ========== MOD - [2012.03.16 17:29:59 | 000,181,656 | ---- | M] () -- C:\Users\kaiz\AppData\Roaming\01015\components\AcroFF015.dll MOD - [2012.03.14 14:43:26 | 001,014,744 | ---- | M] () -- C:\Programme\Mozilla Firefox\js3250.dll MOD - [2011.06.12 13:42:56 | 006,271,136 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll ========== Win32 Services (SafeList) ========== SRV - [2012.01.13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2011.06.07 16:53:33 | 003,246,040 | ---- | M] (Acronis) [Auto | Stopped] -- C:\Programme\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv) SRV - [2011.05.24 22:18:02 | 000,805,032 | ---- | M] (Acronis) [Auto | Stopped] -- C:\Programme\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc) SRV - [2010.12.08 14:31:06 | 000,628,736 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2010.04.16 16:10:58 | 000,036,864 | ---- | M] (Realtek) [Auto | Stopped] -- C:\Programme\Realtek\11n USB Wireless LAN Utility\RtlService.exe -- (Realtek11nSU) SRV - [2008.11.04 00:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2008.10.25 10:44:08 | 000,065,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service) SRV - [2008.08.21 20:41:32 | 002,405,776 | ---- | M] (Check Point Software Technologies LTD) [Auto | Stopped] -- C:\Windows\System32\ZoneLabs\vsmon.exe -- (vsmon) SRV - [2008.07.29 09:11:00 | 000,071,512 | ---- | M] (O2Micro International) [Auto | Stopped] -- C:\Windows\System32\drivers\o2flash.exe -- (o2flash) SRV - [2008.02.04 13:47:00 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) [Auto | Stopped] -- C:\Windows\System32\AERTSrv.exe -- (AERTFilters) SRV - [2008.01.21 03:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2006.10.26 13:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\splitcam.sys -- (SPLITCAM) DRV - File not found [Kernel | System | Stopped] -- C:\Windows\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - [2012.03.17 11:50:27 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy) DRV - [2011.12.20 03:46:50 | 000,021,504 | ---- | M] (hxxp://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\libusb0.sys -- (libusb0) DRV - [2011.12.10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2011.06.07 16:53:35 | 000,167,968 | ---- | M] (Acronis) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\afcdp.sys -- (afcdp) DRV - [2011.06.07 16:53:26 | 000,752,128 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tdrpm273.sys -- (tdrpman273) Acronis Try&Decide and Restore Points filter (build 273) DRV - [2011.06.07 16:53:16 | 000,600,928 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\timntr.sys -- (timounter) DRV - [2011.06.07 16:52:48 | 000,170,528 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\snapman.sys -- (snapman) DRV - [2011.03.30 09:37:21 | 000,218,688 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV - [2010.11.05 11:13:08 | 000,541,800 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rtl8192su.sys -- (RTL8192su) DRV - [2009.01.20 14:36:12 | 000,018,424 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\bcm42rly.sys -- (BCM42RLY) DRV - [2008.08.26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2008.08.21 20:42:58 | 000,294,288 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\System32\drivers\vsdatant.sys -- (Vsdatant) DRV - [2008.07.29 09:10:14 | 000,051,288 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\o2media.sys -- (O2MDRDR) DRV - [2008.06.12 08:28:56 | 000,043,608 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\o2sd.sys -- (O2SDRDR) DRV - [2008.02.14 17:44:00 | 000,106,496 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) DRV - [2007.05.11 09:40:42 | 000,329,728 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Dr71WU.sys -- (RT73) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.youtube.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\SearchScopes,DefaultScope = {621002F0-960A-4379-979B-CAEAE1E83C77} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC IE - HKCU\..\SearchScopes\{1316BFB3-DB15-4152-B90D-158711C178C4}: "URL" = hxxp://de.wikipedia.org/wiki/Spezial:Search?search={searchTerms} IE - HKCU\..\SearchScopes\{621002F0-960A-4379-979B-CAEAE1E83C77}: "URL" = hxxp://www.google.de/search?q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.suggest.enabled: false FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "https://elearning.uni-bremen.de/" FF - prefs.js..extensions.enabledItems: web2pdfextension@web2pdf.adobedotcom:1.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:3.0.0.2 FF - prefs.js..extensions.enabledItems: {75656794-AB59-4712-BFBC-5D816D56F3BC}:1.1.6 FF - prefs.js..extensions.enabledItems: {33e0daa6-3af3-d8b5-6752-10e949c61516}:1.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29 FF - prefs.js..extensions.enabledItems: {184AA5E6-741D-464a-820E-94B3ABC2F3B4}:1.0 FF - prefs.js..network.proxy.backup.ftp: "proxy.zfn.uni-bremen.de" FF - prefs.js..network.proxy.backup.ftp_port: 3128 FF - prefs.js..network.proxy.backup.gopher: "proxy.zfn.uni-bremen.de" FF - prefs.js..network.proxy.backup.gopher_port: 3128 FF - prefs.js..network.proxy.backup.socks: "proxy.zfn.uni-bremen.de" FF - prefs.js..network.proxy.backup.socks_port: 3128 FF - prefs.js..network.proxy.backup.ssl: "proxy.zfn.uni-bremen.de" FF - prefs.js..network.proxy.backup.ssl_port: 3128 FF - prefs.js..network.proxy.ftp: "proxy.zfn.uni-bremen.de" FF - prefs.js..network.proxy.ftp_port: 3128 FF - prefs.js..network.proxy.gopher: "proxy.zfn.uni-bremen.de" FF - prefs.js..network.proxy.gopher_port: 3128 FF - prefs.js..network.proxy.http: "proxy.zfn.uni-bremen.de" FF - prefs.js..network.proxy.http_port: 3128 FF - prefs.js..network.proxy.share_proxy_settings: true FF - prefs.js..network.proxy.socks: "proxy.zfn.uni-bremen.de" FF - prefs.js..network.proxy.socks_port: 3128 FF - prefs.js..network.proxy.ssl: "proxy.zfn.uni-bremen.de" FF - prefs.js..network.proxy.ssl_port: 3128 FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.3088: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.3146: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.11.3006: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2011.11.04 09:54:04 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2011.03.07 06:27:11 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.28\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.03.17 12:03:15 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.28\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.03.14 14:43:29 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\Users\kaiz\AppData\Roaming\01015 [2012.03.16 17:29:59 | 000,000,000 | ---D | M] [2009.09.26 18:34:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\kaiz\AppData\Roaming\mozilla\Extensions [2012.03.16 14:14:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\kaiz\AppData\Roaming\mozilla\Firefox\Profiles\vlk4svcp.default\extensions [2011.03.11 18:18:41 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\kaiz\AppData\Roaming\mozilla\Firefox\Profiles\vlk4svcp.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011.08.19 18:32:53 | 000,000,000 | ---D | M] (Complitly - Speed up your search with your personal search suggestions tool) -- C:\Users\kaiz\AppData\Roaming\mozilla\Firefox\Profiles\vlk4svcp.default\extensions\{33e0daa6-3af3-d8b5-6752-10e949c61516} [2011.03.11 18:18:41 | 000,000,000 | ---D | M] (PDF Download) -- C:\Users\kaiz\AppData\Roaming\mozilla\Firefox\Profiles\vlk4svcp.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250} [2011.08.19 18:01:58 | 000,000,000 | ---D | M] (Splitcam Toolbar) -- C:\Users\kaiz\AppData\Roaming\mozilla\Firefox\Profiles\vlk4svcp.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC} [2011.03.07 06:19:16 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\kaiz\AppData\Roaming\mozilla\Firefox\Profiles\vlk4svcp.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2011.06.18 13:28:30 | 000,001,755 | ---- | M] () -- C:\Users\kaiz\AppData\Roaming\Mozilla\Firefox\Profiles\vlk4svcp.default\searchplugins\googlede-pws.xml [2011.10.23 16:32:51 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2010.05.21 15:56:02 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2011.01.16 19:18:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011.03.26 10:59:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011.09.14 11:19:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [2011.10.23 16:32:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} [2011.11.04 09:54:04 | 000,000,000 | ---D | M] (Adobe Acrobat - Create PDF) -- C:\PROGRAM FILES\ADOBE\ACROBAT 10.0\ACROBAT\BROWSER\WCFIREFOXEXTN [2009.12.02 09:10:43 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [2010.05.21 15:56:02 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2011.01.16 19:18:40 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011.03.26 10:59:00 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011.09.14 11:19:10 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [2011.10.23 16:32:51 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} [2012.03.16 17:29:59 | 000,000,000 | ---D | M] (Java String Helper) -- C:\USERS\KAIZ\APPDATA\ROAMING\01015 [2011.10.03 04:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2009.11.26 12:03:41 | 000,024,673 | ---- | M] (Check Point Software Technologies Ltd.) -- C:\Program Files\mozilla firefox\plugins\NPZoneSB.dll [2011.08.24 08:02:05 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.08.24 08:02:05 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2011.08.24 08:02:05 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2011.08.24 08:02:05 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2011.08.24 08:02:05 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Programme\TechSmith\Snagit 9\SnagitBHO.dll (TechSmith Corporation) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Programme\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (no name) - {CF070CB8-F02F-4af4-A7B7-8D45CAD4BB54} - No CLSID value found. O2 - BHO: (Complitly) - {D27FC31C-6E3D-4305-8D53-ACDAEFA5F862} - C:\Users\kaiz\AppData\Roaming\Complitly\Complitly.dll (SimplyGen) O2 - BHO: (ZoneAlarm Spy Blocker BHO) - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Programme\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL (ZoneAlarm) O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (SMTTB2009 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Programme\Splitcam Toolbar\tbcore3.dll () O3 - HKLM\..\Toolbar: (Splitcam Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Programme\Splitcam Toolbar\tbcore3.dll () O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Programme\TechSmith\Snagit 9\SnagitIEAddin.dll (TechSmith Corporation) O3 - HKLM\..\Toolbar: (ZoneAlarm Spy Blocker) - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Programme\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL (ZoneAlarm) O3 - HKCU\..\Toolbar\WebBrowser: (Splitcam Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Programme\Splitcam Toolbar\tbcore3.dll () O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.) O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis) O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [MPlayerForWindows_UpdateReminder] C:\Program Files\MPlayer für Windows\AutoUpdate.exe () O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [SAOB Monitor] C:\Programme\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe (Acronis) O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD) O4 - HKCU..\Run: [Adobe Acrobat Synchronizer] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe (Adobe Systems Incorporated) O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKCU..\Run: [Userinit] C:\Users\kaiz\AppData\Roaming\appconf32.exe File not found O4 - HKCU..\Run: [VeohPlugin] C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (Veoh Networks) O4 - Startup: C:\Users\kaiz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\kaiz\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) F3 - HKCU WinNT: Load - (C:\Users\kaiz\LOCALS~1\Temp\msierbu.com) - C:\Users\kaiz\LOCALS~1\Temp\msierbu.com () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Save Page As PDF ... - C:\Program Files\Nitro PDF\PDF Download\nitroweb.htm () O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{13FD8F68-8067-4579-B2BB-FAE5C38C1CA6}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2290004B-F9A2-40B2-A3DF-8868823A9FB9}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DF0A3C12-0C5A-45B3-91D5-A314264D216E}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EB221257-DBDE-4DC8-9FB7-5C5DC793F78B}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F5DD2154-5D71-4021-BBE1-B3C134565235}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FF5A0625-21B9-468D-A62C-DB6341A859D4}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img36.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img36.jpg O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2012.03.17 11:43:28 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2012.03.17 11:43:25 | 000,000,000 | ---D | C] -- C:\Users\kaiz\AppData\Roaming\Malwarebytes [2012.03.17 11:35:01 | 000,192,512 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxres.dll [2012.03.17 10:20:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.03.17 10:20:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.03.17 10:20:23 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.03.17 10:20:23 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.03.17 10:10:53 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA% [2012.03.17 08:03:14 | 000,000,000 | ---D | C] -- C:\Users\kaiz\AppData\Roaming\kodak [2012.03.16 17:29:59 | 000,000,000 | ---D | C] -- C:\Users\kaiz\AppData\Roaming\01015 [2012.03.16 15:23:19 | 000,000,000 | ---D | C] -- C:\Users\kaiz\AppData\Roaming\UAs [2012.03.16 14:44:51 | 000,000,000 | ---D | C] -- C:\Users\kaiz\AppData\Roaming\01014 [2012.03.16 14:37:00 | 000,000,000 | ---D | C] -- C:\Users\kaiz\Local Settings [2012.03.16 14:36:59 | 000,000,000 | ---D | C] -- C:\Users\kaiz\AppData\Roaming\xmldm [2012.03.16 14:36:59 | 000,000,000 | ---D | C] -- C:\Users\kaiz\AppData\Roaming\kock [2012.03.04 09:40:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Blizzard Entertainment [2012.03.03 23:37:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Battle.net [2012.02.25 19:57:30 | 000,000,000 | ---D | C] -- C:\Users\kaiz\Documents\My Digital Editions [2012.02.25 19:52:52 | 000,000,000 | ---D | C] -- C:\Users\kaiz\AppData\Local\Kobo [2012.02.25 19:52:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kobo [2012.02.25 19:49:05 | 000,000,000 | ---D | C] -- C:\Program Files\Kobo [2012.02.23 10:50:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\REALTEK 11n USB Wireless LAN Utility [2012.02.23 10:47:23 | 000,541,800 | ---- | C] (Realtek Semiconductor Corporation ) -- C:\Windows\System32\drivers\rtl8192su.sys [2012.02.23 10:47:13 | 000,614,400 | ---- | C] (Realtek Semiconductor Corp. ) -- C:\Windows\System32\Rtlihvs.dll [2012.02.23 10:47:13 | 000,380,928 | ---- | C] (Realtek) -- C:\Windows\RtlUI2.exe [2012.02.23 10:47:13 | 000,188,416 | ---- | C] (Realtek Semiconductor Corp. ) -- C:\Windows\System32\RTLExtUI.dll [1 C:\Users\kaiz\AppData\Roaming\*.tmp files -> C:\Users\kaiz\AppData\Roaming\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.03.17 11:51:56 | 000,617,456 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.03.17 11:51:56 | 000,586,568 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.03.17 11:51:56 | 000,122,258 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.03.17 11:51:56 | 000,100,640 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.03.17 11:50:27 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2012.03.17 11:47:55 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl [2012.03.17 11:45:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.03.17 11:43:44 | 000,004,112 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.03.17 11:43:44 | 000,004,112 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.03.17 10:20:24 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.03.17 08:20:53 | 000,070,144 | ---- | M] () -- C:\Users\kaiz\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.03.17 08:03:10 | 000,000,016 | ---- | M] () -- C:\Users\kaiz\AppData\Roaming\blckdom.res [2012.03.16 14:44:58 | 000,005,624 | ---- | M] () -- C:\Users\kaiz\AppData\Roaming\BAcroIEHelpe.dll [2012.03.16 14:44:57 | 000,390,648 | ---- | M] () -- C:\Users\kaiz\AppData\Roaming\AcroIEHelpe.dll [2012.03.16 12:31:16 | 001,756,160 | ---- | M] () -- C:\Users\kaiz\Documents\Biatch test.avi [2012.03.15 16:36:56 | 000,000,152 | ---- | M] () -- C:\Users\kaiz\Mario.vcf [2012.03.15 16:02:44 | 000,000,173 | ---- | M] () -- C:\Users\kaiz\Niko Finder.vcf [2012.03.14 08:28:24 | 002,036,872 | ---- | M] () -- C:\Users\kaiz\Durchsicht.zip [2012.03.14 00:28:04 | 002,036,722 | ---- | M] () -- C:\Users\kaiz\Betaversion Durchsicht.pdf [2012.03.10 18:22:02 | 000,001,024 | ---- | M] () -- C:\Windows\System32\AutoPartNt.let [2012.03.10 18:19:48 | 002,088,288 | ---- | M] (Acronis) -- C:\Windows\System32\AutoPartNt.exe [2012.03.08 07:53:50 | 000,000,521 | ---- | M] () -- C:\Users\kaiz\Desktop\24 Di miri 12uhr.rtf [2012.02.27 11:07:51 | 000,000,918 | ---- | M] () -- C:\Users\kaiz\Desktop\Dropbox.lnk [2012.02.27 11:07:51 | 000,000,898 | ---- | M] () -- C:\Users\kaiz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2012.02.26 19:38:48 | 000,000,198 | ---- | M] () -- C:\Users\kaiz\Desktop\games ab 3tem Semester...rtf [2012.02.25 19:52:47 | 000,000,826 | ---- | M] () -- C:\Users\Public\Desktop\Kobo.lnk [2012.02.23 10:50:07 | 000,001,943 | ---- | M] () -- C:\Users\Public\Desktop\REALTEK 11n USB Wireless LAN Utility.lnk [2012.02.19 18:31:30 | 000,003,466 | ---- | M] () -- C:\Windows\System32\savedkey.reg [2012.02.16 17:51:55 | 000,001,383 | ---- | M] () -- C:\Users\kaiz\Desktop\Essay Quellen.rtf [1 C:\Users\kaiz\AppData\Roaming\*.tmp files -> C:\Users\kaiz\AppData\Roaming\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.03.17 10:20:24 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.03.16 14:44:58 | 000,005,624 | ---- | C] () -- C:\Users\kaiz\AppData\Roaming\BAcroIEHelpe.dll [2012.03.16 14:44:57 | 000,390,648 | ---- | C] () -- C:\Users\kaiz\AppData\Roaming\AcroIEHelpe.dll [2012.03.16 14:44:47 | 000,000,016 | ---- | C] () -- C:\Users\kaiz\AppData\Roaming\blckdom.res [2012.03.16 12:30:51 | 001,756,160 | ---- | C] () -- C:\Users\kaiz\Documents\Biatch test.avi [2012.03.15 16:36:53 | 000,000,152 | ---- | C] () -- C:\Users\kaiz\Mario.vcf [2012.03.15 16:02:37 | 000,000,173 | ---- | C] () -- C:\Users\kaiz\Niko Finder.vcf [2012.03.14 08:28:32 | 002,036,722 | ---- | C] () -- C:\Users\kaiz\Betaversion Durchsicht.pdf [2012.03.14 08:28:20 | 002,036,872 | ---- | C] () -- C:\Users\kaiz\Durchsicht.zip [2012.02.25 19:52:47 | 000,000,826 | ---- | C] () -- C:\Users\Public\Desktop\Kobo.lnk [2012.02.23 10:50:07 | 000,001,943 | ---- | C] () -- C:\Users\Public\Desktop\REALTEK 11n USB Wireless LAN Utility.lnk [2012.02.23 10:47:13 | 000,451,072 | ---- | C] () -- C:\Windows\System32\ISSRemoveSP.exe [2012.02.19 18:31:30 | 000,003,466 | ---- | C] () -- C:\Windows\System32\savedkey.reg [2011.12.13 20:46:10 | 002,523,136 | ---- | C] () -- C:\Windows\System32\svdhalp.exe.ini64 [2010.12.22 01:48:11 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll [2010.08.04 15:18:36 | 000,000,000 | ---- | C] () -- C:\Users\kaiz\AppData\Roaming\chrtmp < End of report > Und jetzt ExtrasOTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 17.03.2012 11:57:00 - Run 1
OTL by OldTimer - Version 3.2.38.0 Folder = F:\
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,99 Gb Total Physical Memory | 2,13 Gb Available Physical Memory | 71,18% Memory free
6,18 Gb Paging File | 5,49 Gb Available in Paging File | 88,91% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222,79 Gb Total Space | 10,49 Gb Free Space | 4,71% Space Free | Partition Type: NTFS
Drive D: | 10,00 Gb Total Space | 1,75 Gb Free Space | 17,50% Space Free | Partition Type: NTFS
Drive F: | 1,89 Gb Total Space | 1,44 Gb Free Space | 76,32% Space Free | Partition Type: FAT
Computer Name: KAIZ-PC | User Name: kaiz | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1B91A6FF-1F88-41FB-A21B-09B322B34574}" = lport=139 | protocol=6 | dir=in | app=system |
"{1EED4826-72F3-4E85-B27C-2462B1071FF0}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{3BD4F2EC-1AD3-4BC1-A95D-845FDD0731C6}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{5FA6D5A1-99BD-411D-9B98-0E4AD60C88E4}" = lport=137 | protocol=17 | dir=in | app=system |
"{63FC8562-F726-4F9C-9C42-6BDF65967335}" = lport=138 | protocol=17 | dir=in | app=system |
"{71AF5A10-E3FA-4805-BF2B-8F2F8C1F183E}" = lport=1542 | protocol=6 | dir=in | name=realtek wps tcp prot |
"{7A98A573-C016-4240-8478-043438AB0527}" = rport=137 | protocol=17 | dir=out | app=system |
"{7A9FE9FA-AE4B-431C-A63F-007164587C29}" = lport=445 | protocol=6 | dir=in | app=system |
"{87757F63-7545-4D5F-9300-45CF20B42F95}" = rport=139 | protocol=6 | dir=out | app=system |
"{A3B2425C-0B97-42B7-A149-D135831E7296}" = lport=1542 | protocol=17 | dir=in | name=realtek wps udp prot |
"{AAFF772F-717B-4383-BEB0-48C85073D13D}" = rport=138 | protocol=17 | dir=out | app=system |
"{B3A18AF6-0047-4FD9-8002-2ECE16BCEFEB}" = rport=445 | protocol=6 | dir=out | app=system |
"{C71CEB81-52EA-4CCD-87C8-D97F9373AB14}" = lport=2869 | protocol=6 | dir=in | app=system |
"{D69C868E-27D2-482F-90BB-D6BF83D271BC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{DEF5C67C-D2D6-4017-B30D-8666B214D849}" = lport=53 | protocol=17 | dir=in | name=realtek ap udp prot |
"{FAC8A56F-C7A9-40BC-9BC7-64DE8C6B0CDE}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0DD4FD72-EAB9-4857-A8A5-FF01AB45A14B}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{0FEAAD2F-B523-4BAC-A392-C1AF8548FB9B}" = protocol=17 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"{150DF990-C5A0-41FE-8DA3-43F2445D151B}" = protocol=17 | dir=in | app=c:\program files\diablo iii beta\diablo iii.exe |
"{1B949941-34A6-48E8-9BE5-F0C9AAA411CF}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{213353F8-CA9F-457E-BD89-334A442A4A11}" = protocol=6 | dir=in | app=c:\users\kaiz\appdata\roaming\dropbox\bin\dropbox.exe |
"{2AA42179-727C-4481-B83C-E5CB22686882}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{3409BA34-E750-4FD0-B976-083672B94CCC}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{3590FFA2-A670-4DF4-811A-3AEA66CDA777}" = protocol=6 | dir=in | app=c:\program files\diablo iii beta\diablo iii.exe |
"{504FF864-62B6-46C7-B4A8-F3051B8A5C18}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{5E90CA77-B5F2-41D0-B386-6C6579A859EB}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{6A27CBC7-C76F-4E1A-8164-7C90067CCC3C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8B359222-2378-410B-8E3E-22575366CA9E}" = protocol=6 | dir=in | app=c:\program files\realtek\11n usb wireless lan utility\rtwlan.exe |
"{923BBAF1-0CF6-4B1E-8999-F751BEC283F2}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{977D0C1E-A161-4604-9B3B-00C77BDE44B4}" = protocol=17 | dir=in | app=c:\users\kaiz\appdata\roaming\dropbox\bin\dropbox.exe |
"{C6426A90-B778-4650-B984-36D0A2C92BC8}" = protocol=6 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"{CFFF9AB8-45D6-4871-AC8F-439CC26DA27F}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{F6502F9E-973C-4EF6-8704-C0F87E0DE79D}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{F8DF007A-55E1-4CF7-9D6A-B66A0DC9323F}" = protocol=17 | dir=in | app=c:\program files\realtek\11n usb wireless lan utility\rtwlan.exe |
"TCP Query User{6109D686-BEF9-4D9D-9812-E6C5C39AC7B6}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{7CE20C06-E6A9-439E-B12E-87182BDEC066}C:\program files\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files\mirc\mirc.exe |
"TCP Query User{FF2DAD41-4B3F-4DC7-83AF-3D94D7BFE2C3}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{51EF4548-2D46-41EE-9199-4AC9BE0D1FCA}C:\program files\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files\mirc\mirc.exe |
"UDP Query User{C8B2E6A3-3615-4026-9045-8A80632D5E92}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{FD5E49A0-0441-4DC2-AA7B-021D20B187AC}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{00718491-55BF-46C6-83EF-4B3B95AC807A}" = SplitCam
"{04A3A6B0-8E19-49BB-82FF-65C5A55F917D}" = Acronis*True*Image*Home 2011
"{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1" = Core Temp version 0.99.8
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 29
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2CAB55FA-A147-4215-81A6-E9A9038B7970}" = Plus Pack für Acronis True Image Home 2011
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C049499-055C-4a0c-A916-1D8CA1FF45EB}" = REALTEK Wireless LAN Driver and Utility
"{A040AC77-C1AA-4CC9-8931-9F648AF178F6}" = VC 9.0 Runtime
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC76BA86-1033-F400-7760-000000000005}" = Adobe Acrobat X Pro - English, Français, Deutsch
"{AC76BA86-7AD7-1031-7B44-A91000000001}" = Adobe Reader 9.1 - Deutsch
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B43A3C5D-7F74-4493-840E-D7B74520BC19}" = PDF Download for Internet Explorer
"{B440D659-FECA-4BDD-A12B-5C9F05790FF3}" = Snagit 9.1.2
"{C9736F27-3CFC-4AF9-B2A7-5B1A54B1A84F}" = SFV Checker
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D4AEC53C-1720-41D9-B6D7-6A60DE62D444}" = PC Connectivity Solution
"{DB9E4EAB-2717-499F-8D56-4CC8A644AB60}" = MPlayer für Windows (Full Package)
"{E2867240-F889-4D76-9AAF-252D9A1A623E}" = O2Micro Flash Memory Card Reader Driver (x86)
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}" = Vista Codec Package
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Broadcom 802.11b Network Adapter" = Dienstprogramm für Dell Wireless WLAN Karte
"Complitly_is1" = Complitly
"DAEMON Tools Lite" = DAEMON Tools Lite
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX-Setup
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"EPSON SX218 Series" = Druckerdeinstallation für EPSON SX218 Series
"Everything" = Everything 1.2.1.371
"ffdshow_is1" = ffdshow v1.1.3562 [2010-09-07]
"Free FLV Converter_is1" = Free FLV Converter V 7.0.0
"Free PDF to Word Doc Converter_is1" = Free PDF to Word Doc Converter v1.1
"Free Video to MP3 Converter_is1" = Free Video to MP3 Converter version 3.2
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"IrfanView" = IrfanView (remove only)
"JDownloader" = JDownloader
"Kobo" = Kobo
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.1.1000
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"mIRC" = mIRC
"Mozilla Firefox (3.6.28)" = Mozilla Firefox (3.6.28)
"MP3 Recorder Studio_is1" = MP3 Recorder Studio 6.0
"Notepad++" = Notepad++
"RealPlayer 6.0" = RealPlayer
"Splitcam Toolbar" = Splitcam Toolbar
"Uninstall_is1" = Uninstall 1.0.0.1
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"XP Codec Pack" = XP Codec Pack
"ZoneAlarm" = ZoneAlarm
"ZoneAlarmSB Uninstall" = ZoneAlarm Spy Blocker
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"309a46b1dc89b774" = Dell Driver Download Manager
"Dropbox" = Dropbox
"Gnumeric" = Gnumeric Spreadsheet 1.10.16-20110616
"WinSetupFromUSB" = WinSetupFromUSB
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 17.03.2012 04:57:32 | Computer Name = kaiz-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung zlclient.exe, Version 8.0.20.0, Zeitstempel
0x48ae34b9, fehlerhaftes Modul kernel32.dll, Version 6.0.6002.18005, Zeitstempel
0x49e037dd, Ausnahmecode 0xc0000096, Fehleroffset 0x000c92a5, Prozess-ID 0xd14,
Anwendungsstartzeit 01cd041bd54541d3.
Error - 17.03.2012 05:09:55 | Computer Name = kaiz-PC | Source = Microsoft-Windows-CAPI2 | ID = 131329
Description =
Error - 17.03.2012 05:10:04 | Computer Name = kaiz-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung svchost.exe_EapHost, Version 6.0.6001.18000,
Zeitstempel 0x47918b89, fehlerhaftes Modul ole32.dll, Version 6.0.6002.18277, Zeitstempel
0x4c28d53e, Ausnahmecode 0xc0000006, Fehleroffset 0x0003b7ee, Prozess-ID 0x45c,
Anwendungsstartzeit 01cd041d5d91dc5f.
Error - 17.03.2012 05:10:04 | Computer Name = kaiz-PC | Source = Application Error | ID = 1005
Description = Aus einem der folgenden Gründe kann nicht auf die Datei "C:\Windows\System32\ole32.dll"
zugegriffen werden: Es besteht ein Problem mit der Netzwerkverbindung, dem Datenträger
mit der gespeicherten Datei bzw. den auf dem Computer installierten Speichertreibern;
oder der Datenträger fehlt. Das Programm Hostprozess für Windows-Dienste wurde
wegen dieses Fehlers geschlossen. Programm: Hostprozess für Windows-Dienste Datei:
C:\Windows\System32\ole32.dll Der Fehlerwert ist im Abschnitt "Zusätzliche Dateien"
aufgelistet. Benutzeraktion 1. Öffnen Sie die Datei erneut. Diese Situation ist eventuell
ein temporäres Problem, das selbstständig behoben wird, wenn das Programm erneut
ausgeführt wird. 2. Wenn Sie weiterhin nicht auf die Datei zugreifen können und -
diese sich im Netzwerk befindet, dann sollte der Netzwerkadministrator überprüfen,
dass kein Netzwerkproblem besteht und dass eine Verbindung mit dem Server hergestellt
werden kann. - diese sich auf einem Wechseldatenträger, wie z. B. einer Diskette
oder einer CD, befindet, überprüfen Sie, ob der Datenträger richtig in der Computer
eingelegt ist. 3. Überprüfen und reparieren Sie das Dateisystem, indem Sie CHKDSK
ausführen. Klicken Sie dazu im Menü "Start" auf "Ausführen", geben Sie CMD ein,
und klicken Sie auf "OK". Geben Sie an der Eingabeaufforderung CHKDSK /F ein, und
drücken Sie die EINGABETASTE. 4. Stellen Sie die Datei von einer Sicherungskopie
wieder her, wenn das Problem weiterhin besteht. 5. Überprüfen Sie, ob andere Dateien
auf demselben Datenträger geöffnet werden können. Falls dies nicht möglich ist,
ist der Datenträger eventuell beschädigt. Wenden Sie sich an den Administrator
oder den Hersteller der Computerhardware, um weitere Unterstützung zu erhalten,
wenn es sich um eine Festplatte handelt. Zusätzliche Daten Fehlerwert: C0000185 Datenträgertyp:
3
Error - 17.03.2012 05:10:41 | Computer Name = kaiz-PC | Source = EventSystem | ID = 4609
Description =
Error - 17.03.2012 06:43:33 | Computer Name = kaiz-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 17.03.2012 06:43:33 | Computer Name = kaiz-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 17.03.2012 06:47:51 | Computer Name = kaiz-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung winlogon.exe, Version 6.0.6002.18005, Zeitstempel
0x49e01d05, fehlerhaftes Modul winlogon.exe, Version 6.0.6002.18005, Zeitstempel
0x49e01d05, Ausnahmecode 0xc0000006, Fehleroffset 0x0000f708, Prozess-ID 0x2c0,
Anwendungsstartzeit 01cd042afca72494.
Error - 17.03.2012 06:47:51 | Computer Name = kaiz-PC | Source = Application Error | ID = 1005
Description = Aus einem der folgenden Gründe kann nicht auf die Datei "C:\Windows\System32\winlogon.exe"
zugegriffen werden: Es besteht ein Problem mit der Netzwerkverbindung, dem Datenträger
mit der gespeicherten Datei bzw. den auf dem Computer installierten Speichertreibern;
oder der Datenträger fehlt. Das Programm Windows-Anmeldeanwendung wurde wegen dieses
Fehlers geschlossen. Programm: Windows-Anmeldeanwendung Datei: C:\Windows\System32\winlogon.exe
Der
Fehlerwert ist im Abschnitt "Zusätzliche Dateien" aufgelistet. Benutzeraktion 1.
Öffnen Sie die Datei erneut. Diese Situation ist eventuell ein temporäres Problem,
das selbstständig behoben wird, wenn das Programm erneut ausgeführt wird. 2. Wenn
Sie weiterhin nicht auf die Datei zugreifen können und - diese sich im Netzwerk
befindet, dann sollte der Netzwerkadministrator überprüfen, dass kein Netzwerkproblem
besteht und dass eine Verbindung mit dem Server hergestellt werden kann. - diese
sich auf einem Wechseldatenträger, wie z. B. einer Diskette oder einer CD, befindet,
überprüfen Sie, ob der Datenträger richtig in der Computer eingelegt ist. 3. Überprüfen
und reparieren Sie das Dateisystem, indem Sie CHKDSK ausführen. Klicken Sie dazu
im Menü "Start" auf "Ausführen", geben Sie CMD ein, und klicken Sie auf "OK". Geben
Sie an der Eingabeaufforderung CHKDSK /F ein, und drücken Sie die EINGABETASTE.
4.
Stellen Sie die Datei von einer Sicherungskopie wieder her, wenn das Problem weiterhin
besteht. 5. Überprüfen Sie, ob andere Dateien auf demselben Datenträger geöffnet
werden können. Falls dies nicht möglich ist, ist der Datenträger eventuell beschädigt.
Wenden Sie sich an den Administrator oder den Hersteller der Computerhardware,
um weitere Unterstützung zu erhalten, wenn es sich um eine Festplatte handelt. Zusätzliche
Daten Fehlerwert: C0000185 Datenträgertyp: 3
Error - 17.03.2012 06:48:22 | Computer Name = kaiz-PC | Source = EventSystem | ID = 4609
Description =
[ Broadcom Wireless LAN Events ]
Error - 05.03.2012 19:02:52 | Computer Name = kaiz-PC | Source = WLAN-Tray | ID = 0
Description = 00:02:52, Tue, Mar 06, 12 Error - User "" does not have administrative
privileges on this system
Error - 06.03.2012 17:16:26 | Computer Name = kaiz-PC | Source = WLAN-Tray | ID = 0
Description = 22:16:26, Tue, Mar 06, 12 Error - User "" does not have administrative
privileges on this system
Error - 06.03.2012 17:16:26 | Computer Name = kaiz-PC | Source = WLAN-Tray | ID = 0
Description = 22:16:26, Tue, Mar 06, 12 Error - User "" does not have administrative
privileges on this system
Error - 07.03.2012 18:47:22 | Computer Name = kaiz-PC | Source = WLAN-Tray | ID = 0
Description = 23:47:22, Wed, Mar 07, 12 Error - User "" does not have administrative
privileges on this system
Error - 10.03.2012 13:20:17 | Computer Name = kaiz-PC | Source = WLAN-Tray | ID = 0
Description = 18:20:17, Sat, Mar 10, 12 Error - User "" does not have administrative
privileges on this system
Error - 10.03.2012 13:20:17 | Computer Name = kaiz-PC | Source = WLAN-Tray | ID = 0
Description = 18:20:17, Sat, Mar 10, 12 Error - User "" does not have administrative
privileges on this system
Error - 13.03.2012 18:57:12 | Computer Name = kaiz-PC | Source = WLAN-Tray | ID = 0
Description = 23:57:12, Tue, Mar 13, 12 Error - User "" does not have administrative
privileges on this system
Error - 13.03.2012 18:57:12 | Computer Name = kaiz-PC | Source = WLAN-Tray | ID = 0
Description = 23:57:12, Tue, Mar 13, 12 Error - User "" does not have administrative
privileges on this system
Error - 17.03.2012 03:22:04 | Computer Name = kaiz-PC | Source = WLAN-Tray | ID = 0
Description = 08:22:04, Sat, Mar 17, 12 Error - User "" does not have administrative
privileges on this system
Error - 17.03.2012 03:22:04 | Computer Name = kaiz-PC | Source = WLAN-Tray | ID = 0
Description = 08:22:04, Sat, Mar 17, 12 Error - User "" does not have administrative
privileges on this system
[ OSession Events ]
Error - 30.03.2011 05:47:02 | Computer Name = kaiz-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 129
seconds with 120 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 17.03.2012 06:48:14 | Computer Name = kaiz-PC | Source = DCOM | ID = 10005
Description =
Error - 17.03.2012 06:48:14 | Computer Name = kaiz-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description =
Error - 17.03.2012 06:48:22 | Computer Name = kaiz-PC | Source = DCOM | ID = 10005
Description =
Error - 17.03.2012 06:48:24 | Computer Name = kaiz-PC | Source = DCOM | ID = 10005
Description =
Error - 17.03.2012 06:48:40 | Computer Name = kaiz-PC | Source = Service Control Manager | ID = 7022
Description =
Error - 17.03.2012 06:48:40 | Computer Name = kaiz-PC | Source = Service Control Manager | ID = 7023
Description =
Error - 17.03.2012 06:48:40 | Computer Name = kaiz-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 17.03.2012 06:48:40 | Computer Name = kaiz-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 17.03.2012 06:48:40 | Computer Name = kaiz-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 17.03.2012 06:48:56 | Computer Name = kaiz-PC | Source = DCOM | ID = 10005
Description =
< End of report >
wichtiger edit: Ich besitze KEIN CD/DVD Laufwerk am Laptop, nur USB Schnittstellen. Geändert von Yuumura (17.03.2012 um 12:40 Uhr) |
|
17.03.2012, 13:33
| #2 |
| | Ukash 100€ Bundestrojaner Windows Vista sp 2 Hier die logs von Malware nach dem 2ten durchlauf vor dem Löschen
__________________Malwarebytes Anti-Malware (Trial) 1.60.1.1000 www.malwarebytes.org Database version: v2012.03.17.04 Windows Vista Service Pack 2 x86 NTFS (Safe Mode/Networking) Internet Explorer 8.0.6001.19088 kaiz :: KAIZ-PC [administrator] Protection: Disabled 17.03.2012 12:16:26 mbam-log-2012-03-17 (12-16-26).txt Scan type: Full scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 402377 Time elapsed: 1 hour(s), 10 minute(s), 15 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 3 HKCR\CLSID\{975670D0-7EFB-4fa8-90FA-3AE575B9FB77} (Trojan.Banker) -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{975670D0-7EFB-4FA8-90FA-3AE575B9FB77} (Trojan.Banker) -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{975670D0-7EFB-4FA8-90FA-3AE575B9FB77} (Trojan.Banker) -> Quarantined and deleted successfully. Registry Values Detected: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Userinit (Trojan.Agent) -> Data: C:\Users\kaiz\AppData\Roaming\appconf32.exe -> Quarantined and deleted successfully. Registry Data Items Detected: 1 HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (Spyware.Zeus) -> Bad: (C:\Users\kaiz\LOCALS~1\Temp\msierbu.com) Good: () -> Delete on reboot. Folders Detected: 0 (No malicious items detected) Files Detected: 2 C:\Users\kaiz\Local Settings\Temp\msierbu.com (Spyware.Zeus) -> Quarantined and deleted successfully. C:\Users\kaiz\AppData\Roaming\AcroIEHelpe.dll (Trojan.Banker) -> Quarantined and deleted successfully. (end) und hier nach dem Löschen Malwarebytes Anti-Malware (Trial) 1.60.1.1000 www.malwarebytes.org Database version: v2012.03.17.04 Windows Vista Service Pack 2 x86 NTFS (Safe Mode/Networking) Internet Explorer 8.0.6001.19088 kaiz :: KAIZ-PC [administrator] Protection: Disabled 17.03.2012 12:16:26 mbam-log-2012-03-17 (13-29-08).txt Scan type: Full scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 402377 Time elapsed: 1 hour(s), 10 minute(s), 15 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 3 HKCR\CLSID\{975670D0-7EFB-4fa8-90FA-3AE575B9FB77} (Trojan.Banker) -> No action taken. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{975670D0-7EFB-4FA8-90FA-3AE575B9FB77} (Trojan.Banker) -> No action taken. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{975670D0-7EFB-4FA8-90FA-3AE575B9FB77} (Trojan.Banker) -> No action taken. Registry Values Detected: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Userinit (Trojan.Agent) -> Data: C:\Users\kaiz\AppData\Roaming\appconf32.exe -> No action taken. Registry Data Items Detected: 1 HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (Spyware.Zeus) -> Bad: (C:\Users\kaiz\LOCALS~1\Temp\msierbu.com) Good: () -> No action taken. Folders Detected: 0 (No malicious items detected) Files Detected: 2 C:\Users\kaiz\Local Settings\Temp\msierbu.com (Spyware.Zeus) -> No action taken. C:\Users\kaiz\AppData\Roaming\AcroIEHelpe.dll (Trojan.Banker) -> No action taken. (end) |
|
17.03.2012, 15:16
| #3 |
| | Ukash 100€ Bundestrojaner Windows Vista sp 2 So, hab jetzt mit der aktuellen Version von Malwarebyte alles gelöscht und jetzt funktioniert wieder alles normal...
__________________Gibt es irgendwelche Tipps mit denen ich potentielle Reste beseitigen könnte ? CCcleaner habe ich schon ausgeführt. |
|
| Themen zu Ukash 100€ Bundestrojaner Windows Vista sp 2 |
| 0xc0000006, 7-zip, bho, chkdsk /f, dateisystem, desktop, entfernen, error, festplatte, firefox, flash player, home, hängen, install.exe, jdownloader, libusb0.sys, logfile, malware, mbamservice.exe, microsoft office word, mozilla, mp3, nicht möglich, object, office 2007, plug-in, problem, realtek, registry, scan, searchscopes, security, security update, senden, software, svchost.exe, ukash 100€, usb, virus/trojaner, vista, windows |
Linear-Darstellung
