| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Ukash VirusWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
17.05.2012, 16:46
| #1 |
| |  Ukash Virus Hallo, mein Vater hat sich auch den Ukash Virus eingefangen. Konnte nur noch über den abgesicherten Modus starten. Daraufhin habe ich alle mir merkwürdig erscheinenden Programme aus msconfig deaktiviert. dauraufhin konnte ich auch wieder normal starten und auf alles zugreifen. leider sind meine gesamten Datein von dem Virus befallen und wurden verschlüsselt in normale Dateien ohne Endung. Dazu haben sie verschlüsselte Dateinamen. Wie bekomme ich die wieder hin, da eine Dateisicherung fehlt... PS: Virus kam durch eine Email bzw. durch deren Anhang! Inhalt der Email: --------------------------------------------------------------------- Von: chrisamv@yahoo.co.in Betreff: 17.05.2012 Artikelerwerb 0191805497 Sehr geehrte/r Kunde/Kundin, Danke für Ihren Kauf bei CEWEFotobuch, nachfolgend finden Sie Ihre Vertragsbestätigung. Deine Antragsnummer: 669089716696 Artikel: IBM 3058771357 7495,11 Euro Rechnungsname: Wie in Vertragsdaten gekennzeichnet Zahlungsmethode: Paypal Versandadresse und detaillierte Zahlungsaufforderung finden Sie aus Vorsichtsmassnahmen in beigefügtem Anhang. Die Zahlung wurde autorisiert und wird innerhalb 4 Tage abgeschrieben. Kaufeinzelheiten und Widerruf Möglichkeiten finden Sie in beigefügtem Anhang. Ihr Kundenservice Mauers GmbH Bergmannring 41 01276 Bremen Telefon: (+49) 688 3060756 (Mo-Fr 8.00 bis 19.00 Uhr, Sa 9.00 bis 19.00 Uhr) Gesellschaftssitz ist Aichtal Umsatzsteuer-ID: DE673628230 Geschäftsfuehrer: Konstantin Kühn ------------------------------------------------------------------- Ich denke es ist klar dass er sich nie ein solches Fotobuch bestellt hat! :-D Nach dem Klick auf den Anhang ist es passiert! -------------------------------------------------------------------- .DDS Logfile: Code:
ATTFilter DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by *** at 17:03:36 on 2012-05-17
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.8109.5848 [GMT 2:00]
.
AV: McAfee Anti-Virus und Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus und Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Windows\system32\mfevtps.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\Explorer.EXE
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\McAfee\MAT\McPvTray.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files\McAfee\VirusScan\mcods.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Common Files\Lexware\LxWebAccess\LxWebAccess.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Users\Hans\Downloads\OTL.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\notepad.exe
C:\Windows\notepad.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.google.com
uStart Page = hxxp://www.google.de/
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120507163429.dll
BHO: Windows Live ID-Anmelde-Hilfsprogramm: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [LexwareInfoService] C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe /autostart
uPolicies-system: <NO NAME> =
uPolicies-system: DisableRegistryTools = 1 (0x1)
uPolicies-system: DisableRegedit = 1 (0x1)
uPolicies-system: DisableTaskMgr = 1 (0x1)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
IE: Nach Microsoft &Excel exportieren - C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://active.macromedia.com/flash2/cabs/swflash.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{563250DA-53DD-4DBB-AD49-5B89F481FEC6} : DhcpNameServer = 192.168.2.1
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\McAfee\MSC\McSnIePl.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
.
============= SERVICES / DRIVERS ===============
.
R0 McPvDrv;McPvDrv Driver;C:\Windows\system32\drivers\McPvDrv.sys --> C:\Windows\system32\drivers\McPvDrv.sys [?]
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]
R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]
R1 MOBKFilter;MOBKFilter;C:\Windows\system32\DRIVERS\MOBK.sys --> C:\Windows\system32\DRIVERS\MOBK.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-4-12 249936]
R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-4-12 249936]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-4-12 249936]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-4-12 249936]
R2 McShield;McAfee McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2012-4-12 199272]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2012-4-12 210584]
R2 mfevtp;McAfee Validation Trust Protection Service;"C:\Windows\system32\mfevtps.exe" --> C:\Windows\system32\mfevtps.exe [?]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-3-29 2655768]
R3 AVMCOWAN;AVM ISDN CoNDIS WAN CAPI Driver;C:\Windows\system32\DRIVERS\AVMCOWAN.sys --> C:\Windows\system32\DRIVERS\AVMCOWAN.sys [?]
R3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]
R3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;C:\Windows\system32\Drivers\EtronHub3.sys --> C:\Windows\system32\Drivers\EtronHub3.sys [?]
R3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;C:\Windows\system32\Drivers\EtronXHCI.sys --> C:\Windows\system32\Drivers\EtronXHCI.sys [?]
R3 FPCIBASE;AVM FRITZ!Card PCI;C:\Windows\system32\DRIVERS\fpcibase.sys --> C:\Windows\system32\DRIVERS\fpcibase.sys [?]
R3 IntcDAud;Intel(R) Display-Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?]
R3 MEIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]
R3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 StarMoney 8.0 OnlineUpdate;StarMoney 8.0 OnlineUpdate;C:\Program Files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe [2012-4-12 690352]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-5-14 257696]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S4 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-5-12 136176]
S4 gupdatem;Google Update-Dienst (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-5-12 136176]
S4 MOBKbackup;1%;C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe [2010-4-13 231224]
.
=============== Created Last 30 ================
.
2012-05-17 14:06:41 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{FE6B0E80-5643-4125-8A4F-95C58E7A9343}\offreg.dll
2012-05-17 12:31:51 -------- d-----w- C:\Users\***\AppData\Roaming\Flwpnghm
2012-05-15 08:24:03 -------- d-----w- C:\Users\***\AppData\Local\Thunderbird
2012-05-15 08:10:57 -------- d-----w- C:\Users\***\AppData\Local\{EC3DC68E-D8E8-437C-8147-AEE64C667811}
2012-05-15 08:10:34 -------- d-----w- C:\Users\***\AppData\Local\{874FA3B8-BE50-4950-8209-55BF585779ED}
2012-05-14 17:22:06 476960 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
2012-05-14 17:22:06 472864 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-05-14 17:09:33 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-14 17:09:33 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-05-14 09:19:34 -------- d-----w- C:\Users\***\AppData\Local\{7F0B4E88-53B6-4A08-B560-35C20B66298B}
2012-05-14 09:19:19 -------- d-----w- C:\Users\***\AppData\Local\{7CD53DE8-74FD-490E-A2C5-6CC26782EA0D}
2012-05-13 19:42:44 -------- d-----w- C:\Users\***\AppData\Local\{1D086628-0E9E-4991-AD18-F8CE35484B31}
2012-05-13 19:42:41 -------- d-----w- C:\Users\***\AppData\Local\{2502309F-9927-469E-8828-392612BCE3AB}
2012-05-12 05:57:18 -------- d-----w- C:\Users\***\AppData\Local\{3E3F6AF7-4D40-40BF-BC24-C1B8D18AEF01}
2012-05-12 05:57:13 -------- d-----w- C:\Users\***\AppData\Local\{B3645A4B-EF50-448D-8D5D-7FC3D0C48D0D}
2012-05-11 10:04:53 1544704 ----a-w- C:\Windows\System32\DWrite.dll
2012-05-11 10:04:53 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-05-11 10:04:36 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-11 10:04:36 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-11 10:04:36 3146240 ----a-w- C:\Windows\System32\win32k.sys
2012-05-11 10:04:35 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-05-11 09:43:14 75120 ----a-w- C:\Windows\System32\drivers\partmgr.sys
2012-05-11 08:59:09 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-05-11 08:58:35 1732096 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL
2012-05-11 08:58:35 1367552 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-11 08:58:33 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-11 08:58:33 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll
2012-05-11 08:58:33 1393664 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll
2012-05-11 07:48:32 -------- d-----w- C:\Users\***\AppData\Local\{559E002D-7436-45F9-A099-7E582359F95D}
2012-05-11 07:48:29 -------- d-----w- C:\Users\***\AppData\Local\{E8A460E4-F6D2-4BB0-8CD9-54C9B223C9A1}
2012-05-10 07:05:16 -------- d-----w- C:\Users\***\AppData\Local\{9B1E772A-9416-465C-8C52-403A981AE7F2}
2012-05-10 07:05:10 -------- d-----w- C:\Users\***\AppData\Local\{6FFF86C4-DFCC-4A8A-8481-2B7A2A008DB1}
2012-05-09 08:34:55 -------- d-----w- C:\Users\***\AppData\Local\{533391A0-01B6-4892-97BD-C04369334CDB}
2012-05-09 08:34:36 -------- d-----w- C:\Users\***\AppData\Local\{4F248E98-BB80-4320-AD5A-C13978A5667F}
2012-05-09 07:16:34 -------- d-----w- C:\Users\***\AppData\Local\{56EF824D-EF16-47E1-972A-D63205C2464F}
2012-05-08 19:42:20 -------- d-----w- C:\Users\***\AppData\Local\Microsoft Games
2012-05-08 18:56:08 -------- d-----w- C:\Users\***\AppData\Local\{3FEFCBEA-8AAE-4CA8-A374-0ED9C312E47F}
2012-05-08 09:42:13 -------- d-----w- C:\Users\***\AppData\Local\{7AE04051-96DF-4AC0-A456-B793653D8251}
2012-05-07 13:16:21 -------- d-----w- C:\Users\***\AppData\Local\{F5B34B15-C3DF-46C4-BBF2-83609E4693F1}
2012-04-24 16:54:54 -------- d-----w- C:\Program Files (x86)\Microsoft
2012-04-17 18:23:14 -------- d-----w- C:\gienger
.
==================== Find3M ====================
.
2012-03-29 17:02:02 627600 ----a-w- C:\Windows\System32\deployJava1.dll
2012-03-20 11:11:30 162192 ----a-w- C:\Windows\System32\mfevtps.exe
2012-03-01 06:46:16 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-03-01 06:38:27 220672 ----a-w- C:\Windows\System32\wintrust.dll
2012-03-01 06:33:50 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2012-03-01 06:28:47 5120 ----a-w- C:\Windows\System32\wmi.dll
2012-03-01 05:37:41 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-03-01 05:33:23 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-03-01 05:29:16 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-02-28 06:56:48 2311168 ----a-w- C:\Windows\System32\jscript9.dll
2012-02-28 06:49:56 1390080 ----a-w- C:\Windows\System32\wininet.dll
2012-02-28 06:48:57 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-02-28 06:42:55 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-02-28 01:18:55 1799168 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-02-28 01:11:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-02-28 01:11:07 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-02-28 01:03:16 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-02-23 08:18:36 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-02-22 11:29:46 75936 ----a-w- C:\Windows\System32\drivers\mfenlfk.sys
2012-02-22 11:29:46 65264 ----a-w- C:\Windows\System32\drivers\cfwids.sys
2012-02-22 11:29:46 647208 ----a-w- C:\Windows\System32\drivers\mfehidk.sys
2012-02-22 11:29:46 487296 ----a-w- C:\Windows\System32\drivers\mfefirek.sys
2012-02-22 11:29:46 289664 ----a-w- C:\Windows\System32\drivers\mfewfpk.sys
2012-02-22 11:29:46 229528 ----a-w- C:\Windows\System32\drivers\mfeavfk.sys
2012-02-22 11:29:46 160792 ----a-w- C:\Windows\System32\drivers\mfeapfk.sys
2012-02-22 11:29:46 10248 ----a-w- C:\Windows\System32\drivers\mfeclnk.sys
2012-02-22 11:29:46 100912 ----a-w- C:\Windows\System32\drivers\mferkdet.sys
.
============= FINISH: 17:10:33,33 ===============
-------------------------------------------------------------------------- . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 29.03.2012 18:57:13 System Uptime: 17.05.2012 15:36:06 (2 hours ago) . Motherboard: Gigabyte Technology Co., Ltd. | | H61M-D2H-USB3 Processor: Intel(R) Core(TM) i5-2500 CPU @ 3.30GHz | Socket 1155 | 3601/100mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 466 GiB total, 419,379 GiB free. D: is CDROM () E: is Removable F: is Removable G: is Removable H: is Removable . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . No restore point in system. . ==== Installed Programs ====================== . Adobe Reader X (10.1.3) - Deutsch Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver Compatibility Pack für 2007 Office System D3DX10 Etron USB3.0 Host Controller Google Toolbar for Internet Explorer Google Update Helper InfraRecorder Intel(R) Control Center Intel(R) Management Engine Components Intel(R) Processor Graphics Java Auto Updater Java(TM) 6 Update 2 Java(TM) 6 Update 32 Junk Mail filter update Lexware Info Service Lexware warenwirtschaft pro 2009 Lexware warenwirtschaft pro Servicepack Mai 2009, Version 9.50 Lexware warenwirtschaft pro Servicepack Systemdatum 2009 McAfee Online Backup McAfee Total Protection Microsoft Office File Validation Add-In Microsoft Office Live Add-in 1.5 Microsoft Office Professional Edition 2003 Microsoft Visual C++ 2005 Redistributable Mozilla Thunderbird 12.0.1 (x86 de) MSVCRT MSVCRT_amd64 MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) Picasa 3 Realtek High Definition Audio Driver RENESIS® Player Browser Plugins Security Update for CAPICOM (KB931906) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2518870) Servicepack Datumsaktualisierung StarMoney StarMoney 8.0 Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) VLC media player 2.0.0 Windows Live Communications Platform Windows Live Essentials Windows Live Installer Windows Live Mail Windows Live Photo Common Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources . ==== End Of File =========================== -------------------------------------------------------------------------- OTL Logfile: Code:
ATTFilter OTL logfile created on: 17.05.2012 16:52:16 - Run 2 OTL by OldTimer - Version 3.2.43.0 Folder = C:\Users\Hans\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,92 Gb Total Physical Memory | 5,69 Gb Available Physical Memory | 71,83% Memory free 15,84 Gb Paging File | 13,52 Gb Available in Paging File | 85,40% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 465,66 Gb Total Space | 419,39 Gb Free Space | 90,06% Space Free | Partition Type: NTFS Computer Name: ***-PC | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Hans\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe (Google Inc.) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Lexware GmbH & Co. KG) PRC - C:\Program Files (x86)\Common Files\Lexware\LxWebAccess\LxWebAccess.exe (Lexware GmbH & Co. KG) ========== Modules (No Company Name) ========== MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\626d0ac2f4ada682d7ca6c4ebf821469\CustomMarshalers.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Messaging\f1241239a9b8229f91ce55d230fad38c\System.Messaging.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\1a690902e9a6293de228c16fab21e2f7\System.Web.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\90555968565afd59bce4b0974e9903bd\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\69f6e582cb79f107c61308b468c1a215\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll () MOD - C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () ========== Win32 Services (SafeList) ========== SRV:64bit: - (mfevtp) -- C:\Windows\SysNative\mfevtps.exe (McAfee, Inc.) SRV:64bit: - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe () SRV:64bit: - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe () SRV:64bit: - (MSK80Service) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV:64bit: - (McProxy) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV:64bit: - (McNASvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV:64bit: - (McNaiAnn) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV:64bit: - (mcmscsvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV:64bit: - (McMPFSvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV:64bit: - (McAfee SiteAdvisor Service) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (McODS) -- C:\Programme\McAfee\VirusScan\mcods.exe (McAfee, Inc.) SRV - (StarMoney 8.0 OnlineUpdate) -- C:\Program Files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe (Star Finanz - Software Entwicklung und Vertriebs GmbH) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (UNS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (MOBKbackup) -- C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe (McAfee, Inc.) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (mfehidk) -- C:\Windows\SysNative\drivers\mfehidk.sys (McAfee, Inc.) DRV:64bit: - (mfefirek) -- C:\Windows\SysNative\drivers\mfefirek.sys (McAfee, Inc.) DRV:64bit: - (mfewfpk) -- C:\Windows\SysNative\drivers\mfewfpk.sys (McAfee, Inc.) DRV:64bit: - (mfeavfk) -- C:\Windows\SysNative\drivers\mfeavfk.sys (McAfee, Inc.) DRV:64bit: - (mfeapfk) -- C:\Windows\SysNative\drivers\mfeapfk.sys (McAfee, Inc.) DRV:64bit: - (mferkdet) -- C:\Windows\SysNative\drivers\mferkdet.sys (McAfee, Inc.) DRV:64bit: - (mfenlfk) -- C:\Windows\SysNative\drivers\mfenlfk.sys (McAfee, Inc.) DRV:64bit: - (cfwids) -- C:\Windows\SysNative\drivers\cfwids.sys (McAfee, Inc.) DRV:64bit: - (EtronXHCI) -- C:\Windows\SysNative\drivers\EtronXHCI.sys (Etron Technology Inc) DRV:64bit: - (EtronHub3) -- C:\Windows\SysNative\drivers\EtronHub3.sys (Etron Technology Inc) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (McPvDrv) -- C:\Windows\SysNative\drivers\McPvDrv.sys (McAfee, Inc.) DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (IntcDAud) Intel(R) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation) DRV:64bit: - (MEIx64) Intel(R) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (MOBKFilter) -- C:\Windows\SysNative\drivers\MOBK.sys (Mozy, Inc.) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (FPCIBASE) -- C:\Windows\SysNative\drivers\fpcibase.sys (AVM Berlin) DRV:64bit: - (AVMCOWAN) -- C:\Windows\SysNative\drivers\avmcowan.sys (AVM GmbH) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E5 16 B2 2A C3 18 CD 01 [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKCU\..\SearchScopes,DefaultScope = {621244B6-774C-4C5B-83BE-EE8A8433B662} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q={searchTerms}&src=IE-SearchBox IE - HKCU\..\SearchScopes\{621244B6-774C-4C5B-83BE-EE8A8433B662}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8&rlz=1I7ADFA_deDE483 IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL () FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~2\mcafee\msc\npmcsn~1.dll () FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2012.04.15 10:20:05 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files (x86)\Common Files\McAfee\SystemCore [2012.05.08 10:51:16 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.05.15 10:23:59 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2012.05.15 10:24:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hans\AppData\Roaming\mozilla\Extensions O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\Common Files\McAfee\SystemCore\ScriptSn.20120507163429.dll (McAfee, Inc.) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120507163429.dll (McAfee, Inc.) O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [McPvTray_exe] C:\Program Files\McAfee\MAT\McPvTray.exe (McAfee, Inc.) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [LexwareInfoService] C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Lexware GmbH & Co. KG) O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: = O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegedit = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1 O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 10.0.0) O16:64bit: - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02) O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://active.macromedia.com/flash2/cabs/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{563250DA-53DD-4DBB-AD49-5B89F481FEC6}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Programme\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.) O18:64bit: - Protocol\Filter\text/xml - No CLSID value found O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~2\mcafee\msc\mcsniepl.dll (McAfee, Inc.) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.05.17 14:31:51 | 000,000,000 | ---D | C] -- C:\Users\Hans\AppData\Roaming\Flwpnghm [2012.05.15 10:24:10 | 000,000,000 | ---D | C] -- C:\Users\Hans\AppData\Roaming\Mozilla [2012.05.15 10:24:03 | 000,000,000 | ---D | C] -- C:\Users\Hans\AppData\Roaming\Thunderbird [2012.05.15 10:24:03 | 000,000,000 | ---D | C] -- C:\Users\Hans\AppData\Local\Thunderbird [2012.05.15 10:23:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird [2012.05.15 10:10:57 | 000,000,000 | ---D | C] -- C:\Users\Hans\AppData\Local\{EC3DC68E-D8E8-437C-8147-AEE64C667811} [2012.05.15 10:10:34 | 000,000,000 | ---D | C] -- C:\Users\Hans\AppData\Local\{874FA3B8-BE50-4950-8209-55BF585779ED} [2012.05.14 19:22:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun [2012.05.14 19:22:06 | 000,476,960 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\npdeployJava1.dll [2012.05.14 19:22:06 | 000,472,864 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll [2012.05.14 19:09:49 | 000,000,000 | ---D | C] -- C:\Users\Hans\AppData\Roaming\Macromedia [2012.05.14 19:09:33 | 000,419,488 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012.05.14 19:09:33 | 000,070,304 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012.05.14 19:09:31 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed [2012.05.14 11:19:34 | 000,000,000 | ---D | C] -- C:\Users\Hans\AppData\Local\{7F0B4E88-53B6-4A08-B560-35C20B66298B} [2012.05.14 11:19:19 | 000,000,000 | ---D | C] -- C:\Users\Hans\AppData\Local\{7CD53DE8-74FD-490E-A2C5-6CC26782EA0D} [2012.05.13 21:42:44 | 000,000,000 | ---D | C] -- C:\Users\Hans\AppData\Local\{1D086628-0E9E-4991-AD18-F8CE35484B31} [2012.05.13 21:42:41 | 000,000,000 | ---D | C] -- C:\Users\Hans\AppData\Local\{2502309F-9927-469E-8828-392612BCE3AB} [2012.05.12 10:46:34 | 000,000,000 | ---D | C] -- C:\Users\Hans\AppData\Roaming\Google [2012.05.12 10:46:15 | 000,000,000 | ---D | C] -- C:\Program Files\Google [2012.05.12 10:31:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Google [2012.05.12 07:57:18 | 000,000,000 | ---D | C] -- C:\Users\Hans\AppData\Local\{3E3F6AF7-4D40-40BF-BC24-C1B8D18AEF01} [2012.05.12 07:57:13 | 000,000,000 | ---D | C] -- C:\Users\Hans\AppData\Local\{B3645A4B-EF50-448D-8D5D-7FC3D0C48D0D} [2012.05.11 12:04:53 | 001,544,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll [2012.05.11 12:04:36 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2012.05.11 12:04:36 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2012.05.11 12:04:35 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2012.05.11 09:48:32 | 000,000,000 | ---D | C] -- C:\Users\Hans\AppData\Local\{559E002D-7436-45F9-A099-7E582359F95D} [2012.05.11 09:48:29 | 000,000,000 | ---D | C] -- C:\Users\Hans\AppData\Local\{E8A460E4-F6D2-4BB0-8CD9-54C9B223C9A1} [2012.05.10 09:05:16 | 000,000,000 | ---D | C] -- C:\Users\Hans\AppData\Local\{9B1E772A-9416-465C-8C52-403A981AE7F2} [2012.05.10 09:05:10 | 000,000,000 | ---D | C] -- C:\Users\Hans\AppData\Local\{6FFF86C4-DFCC-4A8A-8481-2B7A2A008DB1} [2012.05.09 10:34:55 | 000,000,000 | ---D | C] -- C:\Users\Hans\AppData\Local\{533391A0-01B6-4892-97BD-C04369334CDB} [2012.05.09 10:34:36 | 000,000,000 | ---D | C] -- C:\Users\Hans\AppData\Local\{4F248E98-BB80-4320-AD5A-C13978A5667F} [2012.05.09 09:18:49 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live [2012.05.09 09:16:34 | 000,000,000 | ---D | C] -- C:\Users\Hans\AppData\Local\{56EF824D-EF16-47E1-972A-D63205C2464F} [2012.05.08 21:45:19 | 000,000,000 | R--D | C] -- C:\Users\Hans\Searches [2012.05.08 21:42:20 | 000,000,000 | ---D | C] -- C:\Users\Hans\AppData\Local\Microsoft Games [2012.05.08 20:56:08 | 000,000,000 | ---D | C] -- C:\Users\Hans\AppData\Local\{3FEFCBEA-8AAE-4CA8-A374-0ED9C312E47F} [2012.05.08 11:42:13 | 000,000,000 | ---D | C] -- C:\Users\Hans\AppData\Local\{7AE04051-96DF-4AC0-A456-B793653D8251} [2012.05.07 15:16:21 | 000,000,000 | ---D | C] -- C:\Users\Hans\AppData\Local\{F5B34B15-C3DF-46C4-BBF2-83609E4693F1} [2012.05.06 06:05:37 | 000,000,000 | ---D | C] -- C:\Windows\Sun [2012.04.24 18:54:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in [2012.04.24 18:54:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft [2012.04.23 18:12:27 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [2012.04.17 22:06:16 | 000,000,000 | ---D | C] -- C:\Users\Hans\Documents\deskcalc [2012.04.17 20:23:14 | 000,000,000 | ---D | C] -- C:\gienger [2012.04.17 17:23:49 | 000,000,000 | ---D | C] -- C:\Users\Hans\Documents\Bank Sicherung Raiba ========== Files - Modified Within 30 Days ========== [2012.05.17 16:37:00 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.05.17 16:20:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.05.17 15:43:38 | 000,021,856 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.05.17 15:43:38 | 000,021,856 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.05.17 15:43:23 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.05.17 15:43:23 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.05.17 15:43:23 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.05.17 15:43:23 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.05.17 15:43:23 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.05.17 15:40:12 | 000,001,828 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Total Protection.lnk [2012.05.17 15:36:29 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.05.17 15:36:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.05.17 15:36:13 | 2082,398,207 | -HS- | M] () -- C:\hiberfil.sys [2012.05.15 10:24:00 | 000,002,090 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk [2012.05.15 10:08:57 | 026,073,958 | ---- | M] () -- C:\Users\Hans\VAGsJajGjrXgentTJaJ [2012.05.14 19:21:57 | 000,476,960 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\npdeployJava1.dll [2012.05.14 19:21:57 | 000,472,864 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll [2012.05.14 19:21:57 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe [2012.05.14 19:21:57 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe [2012.05.14 19:21:57 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe [2012.05.14 19:09:33 | 000,419,488 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012.05.14 19:09:33 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012.05.14 17:37:33 | 453,044,537 | ---- | M] () -- C:\Windows\MEMORY.DMP [2012.05.12 05:41:22 | 000,367,120 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.05.11 21:50:50 | 000,481,078 | ---- | M] () -- C:\Windows\SysWow64\winsh323 [2012.05.11 21:50:40 | 000,481,078 | ---- | M] () -- C:\Windows\SysWow64\winsh322 [2012.05.11 21:50:32 | 000,481,078 | ---- | M] () -- C:\Windows\SysWow64\winsh321 [2012.05.11 21:50:22 | 000,481,078 | ---- | M] () -- C:\Windows\SysWow64\winsh320 [2012.05.07 14:04:49 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2012.05.06 12:36:14 | 003,433,984 | ---- | M] () -- C:\Users\Hans\Documents\rTOQpUtLaQtTsyoslQE [2012.05.01 13:01:37 | 026,023,460 | ---- | M] () -- C:\Users\Hans\egXNlvsAdpuaExD [2012.04.26 18:38:10 | 000,481,078 | ---- | M] () -- C:\Windows\SysWow64\winsh325 [2012.04.26 18:37:48 | 000,481,078 | ---- | M] () -- C:\Windows\SysWow64\winsh324 [2012.04.23 17:47:21 | 026,020,885 | ---- | M] () -- C:\Users\Hans\gqQpJeqGqOXJtjdsNTLGy [2012.04.18 18:36:45 | 026,008,467 | ---- | M] () -- C:\Users\Hans\AsEUotlOtjfLuXqGqVsOf [2012.04.17 22:06:20 | 000,000,031 | ---- | M] () -- C:\Windows\DESKCALC.INI ========== Files Created - No Company Name ========== [2012.05.17 14:32:30 | 000,481,078 | ---- | C] () -- C:\Windows\SysWow64\winsh325 [2012.05.17 14:32:30 | 000,481,078 | ---- | C] () -- C:\Windows\SysWow64\winsh324 [2012.05.17 14:32:30 | 000,481,078 | ---- | C] () -- C:\Windows\SysWow64\winsh323 [2012.05.17 14:32:30 | 000,481,078 | ---- | C] () -- C:\Windows\SysWow64\winsh322 [2012.05.17 14:32:30 | 000,481,078 | ---- | C] () -- C:\Windows\SysWow64\winsh321 [2012.05.17 14:32:30 | 000,481,078 | ---- | C] () -- C:\Windows\SysWow64\winsh320 [2012.05.15 10:24:00 | 000,002,102 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk [2012.05.15 10:24:00 | 000,002,090 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk [2012.05.14 19:09:34 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.05.12 10:46:08 | 000,001,106 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.05.12 10:46:07 | 000,001,102 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.05.07 14:04:49 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2012.04.23 18:12:26 | 453,044,537 | ---- | C] () -- C:\Windows\MEMORY.DMP [2012.04.17 22:06:20 | 000,000,031 | ---- | C] () -- C:\Windows\DESKCALC.INI [2012.04.13 11:06:38 | 000,016,629 | ---- | C] () -- C:\Windows\LxFrame.ini [2012.04.13 11:01:21 | 000,000,198 | ---- | C] () -- C:\Windows\ODBCINST.ini [2012.03.29 19:08:34 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\drivers\IntelMEFWVer.dll [2012.03.29 19:05:54 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll [2012.03.29 19:05:53 | 013,906,944 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll [2012.03.29 19:05:53 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin [2012.03.29 19:05:53 | 000,218,304 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin [2012.03.29 19:05:53 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin [2012.03.29 19:03:22 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2012.03.29 19:03:02 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini [2010.10.27 14:55:30 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\FKStampPainter20.dll ========== LOP Check ========== [2012.05.17 14:31:51 | 000,000,000 | ---D | M] -- C:\Users\Hans\AppData\Roaming\Flwpnghm [2012.05.17 14:40:48 | 000,000,000 | ---D | M] -- C:\Users\Hans\AppData\Roaming\InfraRecorder [2012.04.13 11:34:25 | 000,000,000 | ---D | M] -- C:\Users\Hans\AppData\Roaming\Lexware [2012.05.15 10:24:03 | 000,000,000 | ---D | M] -- C:\Users\Hans\AppData\Roaming\Thunderbird [2012.04.26 22:24:13 | 000,000,000 | ---D | M] -- C:\Users\Hans\AppData\Roaming\Windows Live Writer [2009.07.14 07:08:49 | 000,023,814 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > ------------------------------------------------------------------------ OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 17.05.2012 16:52:16 - Run 2
OTL by OldTimer - Version 3.2.43.0 Folder = C:\Users\Hans\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
7,92 Gb Total Physical Memory | 5,69 Gb Available Physical Memory | 71,83% Memory free
15,84 Gb Paging File | 13,52 Gb Available in Paging File | 85,40% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,66 Gb Total Space | 419,39 Gb Free Space | 90,06% Space Free | Partition Type: NTFS
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0786EDB3-7C34-4F2A-890B-1173ABC41430}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{0E5D0F20-DFAB-4896-8BA8-5965A2227F5F}" = lport=2869 | protocol=6 | dir=in | app=system |
"{35F81879-F363-45F7-A9A5-51909F76EAB2}" = lport=10243 | protocol=6 | dir=in | app=system |
"{45A4E810-6843-4211-9F9D-89B4307050E9}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{49BB0048-073A-4474-A80F-3CF33F03511C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4A263D44-7DA5-4537-A8B0-82EAA1D553B7}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{5198D093-4E8C-4063-B288-2D741CDB87A2}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{51AC4ACA-5EE9-4E72-B4D2-ADF9647B3ECF}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{580B28BE-B332-4589-89F7-F5251B43D863}" = rport=137 | protocol=17 | dir=out | app=system |
"{5EE13CF4-2C26-4BD8-A4F6-FDC0AB1380A5}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{63D3785C-D091-4B02-8B92-D40D1C8489F3}" = rport=10243 | protocol=6 | dir=out | app=system |
"{69800712-9FAA-4C88-A1FC-B3B996243EE1}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6E553499-CFB9-496D-ADD5-002381B33FA7}" = lport=139 | protocol=6 | dir=in | app=system |
"{712BAE5F-4559-4CDD-A1E8-0D7ED766347C}" = lport=445 | protocol=6 | dir=in | app=system |
"{7205CCDD-C466-4AD1-955B-304C8332A60D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{74522A33-C37E-4D12-BA4C-19971631025A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{797DB5D3-2C84-4823-AF79-1DD8D19010A6}" = lport=138 | protocol=17 | dir=in | app=system |
"{8AD1E656-6D1F-40FC-89C1-10EC3D477463}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8C3CC8C3-8BAF-4A6E-A85A-56E8810E608E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{96FF29F4-09AB-4C30-88F9-7476D87E22E0}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{9AFBF07C-262F-41D6-9DCE-DA79F1E7B5B3}" = rport=139 | protocol=6 | dir=out | app=system |
"{9FAE45B7-E9B7-456F-9CE3-58B74E24D1E3}" = rport=138 | protocol=17 | dir=out | app=system |
"{C2E3596C-1CE0-40B7-AD0B-A14CB7C106B8}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DFEA57BE-14F6-4AD4-B7BC-22CC0CB25D1C}" = lport=137 | protocol=17 | dir=in | app=system |
"{EDCFCA27-2080-4663-92E7-5F04CFC605A3}" = rport=445 | protocol=6 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{016C8076-B003-4FAB-B295-6DF83CAB0950}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{10DC47C2-025F-4BD9-95F9-011AF33AEA74}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{15167430-7227-4B1F-87A8-3CD3FABA9C45}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{1AB4969A-410D-4ED6-BF5B-E407DA9E3233}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{26324441-D7DD-49E9-8E20-0BF73C2F1950}" = protocol=17 | dir=in | app=c:\program files (x86)\starmoney 8.0\app\starmoney.exe |
"{332D0FA2-FEC0-4826-9084-AE16796B2D19}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6668BFC7-2B26-4ECE-B425-8B88F2A78342}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{680C9A3E-86D7-4DC3-AC4C-772E34A86A43}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{93775BA9-250A-4A12-9A36-82E0FD36734F}" = protocol=17 | dir=in | app=c:\program files (x86)\starmoney 8.0\ouservice\starmoneyonlineupdate.exe |
"{991DB5CB-48E0-43AB-8A17-1DD82A9D383A}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{9F6ED1C6-9E71-4371-B51B-03EFE4F94FA8}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{A2BBA8C7-556B-48CB-BDC6-3862FFD87D74}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{B94C8605-5B28-4A13-A0EB-D5053583F5EE}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{C53CD739-E33E-4913-A466-E4649CA0F4A4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{CB1E4401-4E29-4875-91FD-F9D0C314AD5B}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{CE8A2A0D-8259-4F72-ADF0-103E6603DE5A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{CEE14D10-1131-4D9C-86EC-1F959BF051B9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D276884C-9527-44F6-9119-A0FC23E6D87B}" = protocol=6 | dir=in | app=c:\program files (x86)\starmoney 8.0\ouservice\starmoneyonlineupdate.exe |
"{E22CC2FF-F5B2-4522-8F6E-1938695CA4D3}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{E36541AE-723D-46CF-ACB8-D16494D21BAA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{E50368A9-0F0F-4D96-B8DE-99ED35AAE454}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E6FB3781-0DAD-4B1E-BD99-03087B809AB6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{EB66E2A7-AD98-457F-A0E3-3783D1C21456}" = protocol=6 | dir=out | app=system |
"{F0BE0072-6CCA-49BD-B597-D682C0EAEDFA}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{F43C89CD-93ED-492D-BC11-0F30D317196C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FCD4BB4C-01FB-4480-96C7-6ABB7588958D}" = protocol=6 | dir=in | app=c:\program files (x86)\starmoney 8.0\app\starmoney.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{26A24AE4-039D-4CA4-87B4-2F86417000FF}" = Java(TM) 7 (64-bit)
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{CFF4500E-C5D6-695D-A027-B3D4DDED2CC3}" = McAfee Online Backup
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"CANONIJINBOXADDON100" = Canon Inkjet Printer Driver Add-On Module
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java(TM) 6 Update 32
"{27C467F8-F8EF-4f68-BD72-D63632B2096C}" = McAfee Online Backup
"{2E290305-56EB-4F91-A7A4-8EB9C6AAA0C3}" = Lexware warenwirtschaft pro Servicepack Systemdatum 2009
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{34D99953-2606-432C-AEE7-B391C6C68474}" = Lexware warenwirtschaft pro 2009
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4F66CF90-778F-49CB-A320-43919B73A156}" = Lexware warenwirtschaft pro Servicepack Mai 2009, Version 9.50
"{59624372-3B85-47f4-9B04-4911E551DF1E}" = Lexware Info Service
"{5B12C1F2-A0BC-40E8-97F8-A4854C5F494E}" = StarMoney
"{62B7C52C-CAB6-48B1-8245-52356C141C92}" = RENESIS® Player Browser Plugins
"{63B9224A-89C9-44E6-8252-5F2F73A71C54}" = StarMoney
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{7016EC53-EE81-42B6-B4FF-18BB103B0AA3}" = Lexware warenwirtschaft pro Servicepack Mai 2009, Version 9.50
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7895E7FF-C210-4C01-88EB-8B902140B22D}" = StarMoney
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{879C52A2-FF9A-4CB5-BB74-B0DA994ABB2A}" = StarMoney
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B398F256-CA15-4D8D-BCF1-DCAFF000198D}" = Lexware warenwirtschaft pro 2009
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{CD1C148D-4E12-4D5E-935A-84D6603D1D08}" = StarMoney 8.0
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}" = Etron USB3.0 Host Controller
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{EC2F8A30-787F-4DA5-9A8F-8E7DFE777CC2}" = Servicepack Datumsaktualisierung
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F5BB8FAD-2BA1-4BA5-A5B5-607676118C47}" = Lexware warenwirtschaft pro Servicepack Systemdatum 2009
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"InfraRecorder" = InfraRecorder
"Mozilla Thunderbird 12.0.1 (x86 de)" = Mozilla Thunderbird 12.0.1 (x86 de)
"MSC" = McAfee Total Protection
"Picasa 3" = Picasa 3
"VLC media player" = VLC media player 2.0.0
"WinLiveSuite" = Windows Live Essentials
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 17.05.2012 08:50:35 | Computer Name = Hans-PC | Source = SignInAssistant | ID = 0
Description =
Error - 17.05.2012 08:52:07 | Computer Name = Hans-PC | Source = WinMgmt | ID = 10
Description =
Error - 17.05.2012 08:52:41 | Computer Name = Hans-PC | Source = VSS | ID = 8194
Description =
Error - 17.05.2012 09:22:30 | Computer Name = Hans-PC | Source = SignInAssistant | ID = 0
Description =
Error - 17.05.2012 09:24:03 | Computer Name = Hans-PC | Source = WinMgmt | ID = 10
Description =
Error - 17.05.2012 09:24:39 | Computer Name = Hans-PC | Source = VSS | ID = 8194
Description =
Error - 17.05.2012 09:31:47 | Computer Name = Hans-PC | Source = WinMgmt | ID = 10
Description =
Error - 17.05.2012 09:36:31 | Computer Name = Hans-PC | Source = SignInAssistant | ID = 0
Description =
Error - 17.05.2012 09:38:07 | Computer Name = Hans-PC | Source = WinMgmt | ID = 10
Description =
Error - 17.05.2012 10:17:52 | Computer Name = Hans-PC | Source = MsiInstaller | ID = 11706
Description =
[ System Events ]
Error - 17.05.2012 09:30:13 | Computer Name = Hans-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "SMB 2.0-Miniredirector" ist vom Dienst "SMB-Miniredirector-Wrapper
und -Modul" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 17.05.2012 09:30:13 | Computer Name = Hans-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "NLA (Network Location Awareness)" ist vom Dienst "Netzwerkspeicher-Schnittstellendienst"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 17.05.2012 09:30:13 | Computer Name = Hans-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "McAfee McShield" ist vom Dienst "McAfee Validation Trust
Protection Service" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
Error - 17.05.2012 09:30:13 | Computer Name = Hans-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "McAfee Firewall Core Service" ist vom Dienst "McAfee Validation
Trust Protection Service" abhängig, der aufgrund folgenden Fehlers nicht gestartet
wurde: %%1068
Error - 17.05.2012 09:30:13 | Computer Name = Hans-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "McAfee Anti-Spam Service" ist vom Dienst "McAfee Firewall
Core Service" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 17.05.2012 09:30:13 | Computer Name = Hans-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "McAfee Proxy Service" ist vom Dienst "McAfee Firewall
Core Service" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 17.05.2012 09:30:13 | Computer Name = Hans-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
AFD DfsC discache mfehidk mfenlfk MOBKFilter NetBIOS NetBT nsiproxy Psched rdbss spldr tdx Wanarpv6
WfpLwf
Error - 17.05.2012 09:34:17 | Computer Name = Hans-PC | Source = DCOM | ID = 10005
Description =
Error - 17.05.2012 09:34:58 | Computer Name = Hans-PC | Source = DCOM | ID = 10005
Description =
Error - 17.05.2012 09:36:28 | Computer Name = Hans-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
StarMoney 8.0 OnlineUpdate erreicht.
< End of report >
------------------------------------------------------------------------- CCleaner ausgeführt ach ja weder McAfee noch sämtliche anderen Sicherheitseinrichtungen haben bemerkt, dass es sich bei der Email um einen Virus handelt! Auch t-online nicht über die das Email konto lief! so denke das war alles... Vielen dank im Vorraus mfg Geändert von cross89 (17.05.2012 um 16:55 Uhr) |
|
17.05.2012, 16:48
| #2 |
| /// Malware-holic   | Ukash Virus hi,
__________________an solchen mails mit rechnung, mahnung und sonstigen anhängen, von unbekannten absendern bin ich interessiert. wenn du ein mail programm nutzt, dann mail markieren, rechtsklick, speichern unter, typ: .eml einstellen. dann mail an: http://markusg.trojaner-board.de dort die soeben erstellte datei anhängen. wenn du deine mails über den browser abrufst, sag mir mal welchen anbieter du nutzt, dann geht das ein bisschen anders. bitte warne freunde, bekannte, verwante etc vor dieser masche, und lasse ihnen ruhig diese mail adresse zukommen. sie können dann dorthin solche verdächtigen mails senden. diese helfen uns dann, angemessen auf neue bedrohungen zu reagieren, da diese schadsoftware auch updates erhält ist das wichtig. welche programme hast du in msconfig deaktiviert? wie ist das datei namens chema der verschlüsselten dateien?
__________________ |
|
17.05.2012, 17:30
| #3 |
| | Ukash Virus Thunderbird wurde komplett deaktiviert... und die Emails verschlüsselt oder so...
__________________Anbieter ist T-online.de Habe folgende Funktionen in der msconfig deaktiviert, da ich diese nicht installierte oder die Funktion als Verdächtig hielt. deaktivierte dienste: sämtliche google dienste, 1% von McAfee, Microsoft Software Schattenanbieter, Server für Treadsortierung, volumeschattenkopie deaktivierte systemstartprogramme: Code::Blocks von The Code::BlocksTeam und swg ein google toolbar programm weiteres ist mir aufgefallen, dass Taskmanager und die Registry deaktiviert wurden! Würde mich um Hilfe echt freuen! Namesschema der Verschlüsselten dateien: z.b. AsEUotlOtjfLuXqGqVsOf oder EdjdqOerGyxAJlLVEragf alles wirre Namen... Das war ein wichtiger Büro-PC dessen Daten nun verschlüsselt sind... Wenn ich diese entschlüsseln kann erfolgt sofort eine Sicherung und dann eine formatierung! Vielen Dank im Vorraus mfg Geändert von cross89 (17.05.2012 um 17:37 Uhr) |
|
22.05.2012, 18:52
| #4 |
| /// Malware-holic | Ukash Virus
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
| Themen zu Ukash Virus |
| acrobat update, autorun, browser, cpu, disabletaskmgr, email, error, excel, firefox, flash player, format, google, helper, home, install.exe, langs, lexware, logfile, mcafee firewall, msiinstaller, notification, object, plug-in, proxy, realtek, rundll, searchscopes, security, siteadvisor, software, starmoney, svchost.exe, system, ukash virus, usb, usb 3.0, virus, windows, windows 7 home |
Linear-Darstellung
