| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: gvu / ukash-trojanerWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
04.08.2012, 23:18
| #1 |
 |  gvu / ukash-trojaner hallo, bin nun schon zum zweiten mal opfer des ukash-trojaners - jetzt aber in einer anderen version (ist die schon bekannt?), siehe anlage. was kann/soll ich tun? danke schon mal für die hilfe, flo. |
|
05.08.2012, 01:35
| #2 |
| /// Helfer-Team  | gvu / ukash-trojaner Von einem sauberen PC OTL.exe runterladen auf USB Stick. Infizierten Rechner ohne Internet starten. OTL.exe auf Desktop kopieren und Log erstellen. Systemscan mit OTL (bebilderte Anleitung)
__________________ |
|
06.08.2012, 09:24
| #3 |
| | gvu / ukash-trojaner ok, habe ich gemacht. hier die logfiles:
__________________otl.txt OTL Logfile: Code:
ATTFilter OTL logfile created on: 06.08.2012 10:09:08 - Run 2 OTL by OldTimer - Version 3.2.56.0 Folder = C:\Dokumente und Einstellungen\flo\Desktop Windows XP Tablet PC Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.5512) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,99 Gb Total Physical Memory | 0,89 Gb Available Physical Memory | 44,48% Memory free 3,84 Gb Paging File | 2,81 Gb Available in Paging File | 73,12% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 18,62 Gb Total Space | 0,90 Gb Free Space | 4,85% Space Free | Partition Type: NTFS Drive D: | 18,63 Gb Total Space | 1,03 Gb Free Space | 5,55% Space Free | Partition Type: NTFS Drive F: | 1,81 Gb Total Space | 0,43 Gb Free Space | 23,65% Space Free | Partition Type: FAT Drive I: | 931,51 Gb Total Space | 352,44 Gb Free Space | 37,84% Space Free | Partition Type: NTFS Drive M: | 7,40 Gb Total Space | 7,40 Gb Free Space | 100,00% Space Free | Partition Type: FAT32 Computer Name: FLOPTOP | User Name: flo | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Dokumente und Einstellungen\flo\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Programme\CDBurnerXP\NMSAccessU.exe () PRC - C:\Dokumente und Einstellungen\flo\Anwendungsdaten\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) PRC - C:\Programme\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe (Nitro PDF Software) PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) PRC - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe (Adobe Systems) PRC - C:\Programme\Join Air\UIExec.exe () PRC - C:\Programme\Join Air\AssistantServices.exe () PRC - C:\WINDOWS\system32\HPSIsvc.exe (HP) PRC - C:\WINDOWS\system32\Crypserv.exe (CrypKey (Canada) Ltd.) PRC - C:\WINDOWS\system32\hasplms.exe (Aladdin Knowledge Systems Ltd.) PRC - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Ink\tcserver.exe (Microsoft Corporation) PRC - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Ink\tabtip.exe (Microsoft Corporation) PRC - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Ink\keyboardsurrogate.exe (Microsoft Corporation) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software) PRC - C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) PRC - C:\Programme\WIDCOMM\Bluetooth Software\BTStackServer.exe (Broadcom Corporation.) PRC - C:\Programme\Syncrosoft\POS\H2O\cledx.exe (Team H2O) PRC - C:\Programme\Adobe\Adobe Photoshop CS2\Photoshop.exe (Adobe Systems, Incorporated) ========== Modules (No Company Name) ========== MOD - C:\Dokumente und Einstellungen\flo\Lokale Einstellungen\temp\Adobelm_Cleanup.0001.dir.0002\~df394b.tmp () MOD - C:\Dokumente und Einstellungen\flo\Lokale Einstellungen\temp\Adobelm_Cleanup.0001.dir.0001\~df394b.tmp () MOD - C:\Dokumente und Einstellungen\flo\Lokale Einstellungen\temp\abby0_tar.exe () MOD - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_270.dll () MOD - C:\Programme\Mozilla Firefox\mozjs.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\01abbadafaf265d9f4ac9bbb247acb98\System.Windows.Forms.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\d86f2038209a4cf0d0f5b30f6375c9b2\System.Drawing.ni.dll () MOD - c:\windows\assembly\nativeimages1_v1.0.3705\system\1.0.3300.0__b77a5c561934e089_9b74dfc2\system.dll () MOD - c:\windows\assembly\nativeimages1_v1.0.3705\mscorlib\1.0.3300.0__b77a5c561934e089_9c17092b\mscorlib.dll () MOD - C:\Programme\CDBurnerXP\NMSAccessU.exe () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d5b7368bde0f65aa15d9f46b498cc89\System.Configuration.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\016444dfc5f7e3d11c776f2fbc7a4594\Accessibility.ni.dll () MOD - c:\windows\assembly\gac\system\1.0.3300.0__b77a5c561934e089\system.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll () MOD - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.DEU () MOD - C:\WINDOWS\assembly\GAC\SoftKeyboardLogic\1.7.2600.5512__31bf3856ad364e35\SoftKeyboardLogic.dll () MOD - C:\WINDOWS\assembly\GAC\SKLibrary\1.7.2600.5512__31bf3856ad364e35\SKLibrary.dll () MOD - C:\WINDOWS\assembly\GAC\Interop.SoftKeyboardInterface\1.7.2600.5512__31bf3856ad364e35\Interop.SoftKeyboardInterface.dll () MOD - c:\windows\assembly\gac\interop.tipcomponents\1.7.2600.2180__31bf3856ad364e35\interop.tipcomponents.dll () MOD - c:\windows\assembly\gac\mscorlib.resources\1.0.3300.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Programme\Join Air\UIExec.exe () MOD - C:\Programme\Join Air\AssistantServices.exe () MOD - C:\WINDOWS\system32\HP1100LM.DLL () MOD - C:\WINDOWS\system32\spool\prtprocs\w32x86\HP1100PP.dll () MOD - C:\WINDOWS\system32\msdmo.dll () MOD - C:\Programme\WIDCOMM\Bluetooth Software\BTKeyInd.dll () MOD - C:\WINDOWS\system32\sfklg.dll () MOD - C:\Programme\Exifer\ExiferShellExt.dll () ========== Win32 Services (SafeList) ========== SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (NMSAccess) -- C:\Programme\CDBurnerXP\NMSAccessU.exe () SRV - (FLEXnet Licensing Service) -- C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.) SRV - (NitroReaderDriverReadSpool2) -- C:\Programme\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe (Nitro PDF Software) SRV - (ServiceLayer) -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe (Nokia) SRV - (Adobe LM Service) -- C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe (Adobe Systems) SRV - (UI Assistant Service) -- C:\Programme\Join Air\AssistantServices.exe () SRV - (HPSIService) -- C:\WINDOWS\system32\HPSIsvc.exe (HP) SRV - (Crypkey License) -- C:\WINDOWS\System32\Crypserv.exe (CrypKey (Canada) Ltd.) SRV - (hasplms) -- C:\WINDOWS\system32\hasplms.exe (Aladdin Knowledge Systems Ltd.) SRV - (StarWindServiceAE) -- C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software) SRV - (odserv) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation) SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (WDICA) -- File not found DRV - (PDRFRAME) -- File not found DRV - (PDRELI) -- File not found DRV - (PDFRAME) -- File not found DRV - (PDCOMP) -- File not found DRV - (PCIDump) -- File not found DRV - (Mnlicnxdmw) -- File not found DRV - (lbrtfdc) -- File not found DRV - (i2omgmt) -- File not found DRV - (Changer) -- File not found DRV - (catchme) -- C:\DOKUME~1\flo\LOKALE~1\Temp\catchme.sys File not found DRV - (appliandMP) -- system32\DRIVERS\appliand.sys File not found DRV - (ajt0mnte) -- File not found DRV - (AgereSoftModem) -- system32\DRIVERS\AGRSM.sys File not found DRV - (omyivm) -- C:\WINDOWS\system32\drivers\psma.sys () DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (StarOpen) -- C:\WINDOWS\System32\drivers\StarOpen.sys () DRV - (Haspnt) -- C:\WINDOWS\system32\drivers\Haspnt.sys (Aladdin Knowledge Systems) DRV - (nmwcd) -- C:\WINDOWS\system32\drivers\ccdcmb.sys (Nokia) DRV - (UsbserFilt) -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys (Nokia) DRV - (upperdev) -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys (Nokia) DRV - (nmwcdc) -- C:\WINDOWS\system32\drivers\ccdcmbo.sys (Nokia) DRV - (sptd) -- C:\WINDOWS\system32\drivers\sptd.sys () DRV - (mvusbews) -- C:\WINDOWS\system32\drivers\mvusbews.sys (Marvell Semiconductor, Inc.) DRV - (ZTEusbser6k) -- C:\WINDOWS\system32\drivers\ZTEusbser6k.sys (ZTE Incorporated) DRV - (ZTEusbnmea) -- C:\WINDOWS\system32\drivers\ZTEusbnmea.sys (ZTE Incorporated) DRV - (ZTEusbmdm6k) -- C:\WINDOWS\system32\drivers\ZTEusbmdm6k.sys (ZTE Incorporated) DRV - (massfilter) -- C:\WINDOWS\system32\drivers\massfilter.sys (ZTE Incorporated) DRV - (pccsmcfd) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia) DRV - (HBtnKey) -- C:\WINDOWS\system32\drivers\CPQBttn.sys (Hewlett-Packard Development Company, L.P.) DRV - (aksfridge) -- C:\WINDOWS\system32\drivers\aksfridge.sys (Aladdin Knowledge Systems Ltd.) DRV - (NetworkX) -- C:\WINDOWS\system32\Ckldrv.sys () DRV - (NETw4x32) -- C:\WINDOWS\system32\drivers\NETw4x32.sys (Intel Corporation) DRV - (Hardlock) -- C:\WINDOWS\system32\drivers\hardlock.sys (Aladdin Knowledge Systems Ltd.) DRV - (tifm21) -- C:\WINDOWS\system32\drivers\tifm21.sys (Texas Instruments) DRV - (ATSWPDRV) -- C:\WINDOWS\system32\drivers\atswpdrv.sys (AuthenTec, Inc.) DRV - (HpqKbFiltr) -- C:\WINDOWS\system32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.) DRV - (motmodem) -- C:\WINDOWS\system32\drivers\motmodem.sys (Motorola) DRV - (GTIPCI21) -- C:\WINDOWS\system32\drivers\gtipci21.sys (Texas Instruments) DRV - (wisdpen) -- C:\WINDOWS\system32\drivers\wisdpen.sys (Wacom Technology) DRV - (BTKRNL) -- C:\WINDOWS\system32\drivers\btkrnl.sys (Broadcom Corporation.) DRV - (BTDriver) -- C:\WINDOWS\system32\drivers\btport.sys (Broadcom Corporation.) DRV - (btwmodem) -- C:\WINDOWS\system32\drivers\btwmodem.sys (Broadcom Corporation.) DRV - (BTWUSB) -- C:\WINDOWS\system32\drivers\btwusb.sys (Broadcom Corporation.) DRV - (BTWDNDIS) -- C:\WINDOWS\system32\drivers\btwdndis.sys (Broadcom Corporation.) DRV - (b57w2k) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation) DRV - (eabusb) -- C:\WINDOWS\system32\drivers\EabUsb.sys (Hewlett-Packard Development Company, L.P.) DRV - (CLEDX) -- C:\WINDOWS\system32\drivers\cledx.sys (Team H2O) DRV - (Ca536av) -- C:\WINDOWS\system32\drivers\Ca536av.sys (Digital Camera) DRV - (USBCamera) -- C:\WINDOWS\system32\drivers\Bulk536.sys (USB BULK) DRV - (SMCIRDA) -- C:\WINDOWS\system32\drivers\smcirda.sys (SMC) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = IE - HKCU\..\SearchScopes,DefaultScope = IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "" FF - prefs.js..browser.search.param.yahoo-fr: "" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.update: false FF - prefs.js..browser.startup.homepage: "about:blank" FF - prefs.js..extensions.enabledItems: {ad48108d-92a6-4eb9-87e4-978aca1dbae4}:1.1.7 FF - prefs.js..extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.1.2 FF - prefs.js..network.proxy.backup.ftp: "10.1.0.0" FF - prefs.js..network.proxy.backup.ftp_port: "" FF - prefs.js..network.proxy.backup.socks: "" FF - prefs.js..network.proxy.backup.socks_port: "" FF - prefs.js..network.proxy.backup.ssl: "" FF - prefs.js..network.proxy.backup.ssl_port: "" FF - prefs.js..network.proxy.ftp: "10.1.0.0" FF - prefs.js..network.proxy.ftp_port: 8080 FF - prefs.js..network.proxy.http: "10.1.0.0" FF - prefs.js..network.proxy.http_port: 8080 FF - prefs.js..network.proxy.no_proxies_on: "localhost, 127.0.0.1, 10.3.0.64, 10.1.0.0/8080" FF - prefs.js..network.proxy.share_proxy_settings: true FF - prefs.js..network.proxy.socks: "10.1.0.0" FF - prefs.js..network.proxy.socks_port: 8080 FF - prefs.js..network.proxy.ssl: "10.1.0.0" FF - prefs.js..network.proxy.ssl_port: 8080 FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_270.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Programme\Nitro PDF\Reader 2\npnitromozilla.dll ( ) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@www.flatcast.com/FlatViewer 5.2: C:\DOKUME~1\flo\ANWEND~1\Mozilla\plugins\NpFv530.dll (1 mal 1 Software GmbH) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{5FE7198A-5950-4068-9FBF-1A60395CC4E9}: C:\Programme\1&1\1&1 SoftPhone\Firefox [2011.03.16 14:01:18 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fe_10.0@nokia.com: C:\Programme\Nokia\Nokia Suite\Connectors\Bookmarks Connector\FirefoxExtension_10.0 FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.07.31 13:37:54 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.05.21 00:29:17 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\te_9.0@nokia.com: C:\Programme\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_9.0 [2012.02.29 11:24:00 | 000,000,000 | ---D | M] [2011.03.15 13:42:23 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\Mozilla\Extensions [2012.08.05 10:22:40 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\Mozilla\Firefox\Profiles\h2h6cuos.default\extensions [2011.11.23 01:59:37 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\Mozilla\Firefox\Profiles\h2h6cuos.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2012.08.02 22:10:47 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\Mozilla\Firefox\Profiles\h2h6cuos.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [2011.03.16 01:29:10 | 000,002,062 | ---- | M] () -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\Mozilla\Firefox\Profiles\h2h6cuos.default\searchplugins\qip-search.xml [2012.03.20 10:17:12 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.01.10 17:47:36 | 000,292,116 | ---- | M] () (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\FLO\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\H2H6CUOS.DEFAULT\EXTENSIONS\{AD48108D-92A6-4EB9-87E4-978ACA1DBAE4}.XPI [2012.01.21 00:49:31 | 000,025,781 | ---- | M] () (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\FLO\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\H2H6CUOS.DEFAULT\EXTENSIONS\ADD-TO-SEARCHBOX@MALTEKRAUS.DE.XPI [2012.07.31 13:37:54 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll [2012.03.06 01:16:18 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll [2011.09.23 15:41:48 | 002,557,440 | ---- | M] (1 mal 1 Software GmbH) -- C:\Programme\mozilla firefox\plugins\NpFp530.dll [2009.09.21 12:00:44 | 001,447,328 | ---- | M] (1 mal 1 Software GmbH) -- C:\Programme\mozilla firefox\plugins\NpFv522.dll [2011.09.23 15:43:02 | 001,623,552 | ---- | M] (1 mal 1 Software GmbH) -- C:\Programme\mozilla firefox\plugins\NpFv530.dll [2012.06.25 10:38:46 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.06.25 10:38:46 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml [2012.06.25 10:38:46 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml [2012.06.25 10:38:46 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.25 10:38:46 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.25 10:38:46 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2012.03.11 03:52:58 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Programme\Orbitdownloader\orbitcth.dll (Orbitdownloader.com) O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Programme\Orbitdownloader\GrabPro.dll () O3 - HKCU\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Programme\Orbitdownloader\GrabPro.dll () O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [H2O] C:\Programme\Syncrosoft\POS\H2O\cledx.exe (Team H2O) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [UIExec] C:\Programme\Join Air\UIExec.exe () O4 - HKCU..\Run: [Infium] "C:\Programme\QIP 2012\qip.exe" /autorun File not found O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware (cleanup)] C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\BTTray.lnk = C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: &Download by Orbit - C:\Programme\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: &Grab video by Orbit - C:\Programme\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Programme\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Down&load all by Orbit - C:\Programme\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: In 1&&1 SoftPhone wählen - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\1&1\1&1 SoftPhone\ContextMenuHandler.html () O8 - Extra context menu item: Senden an &Bluetooth - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1112610A-13BC-453D-BD87-A101219290C4}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (sfklg.dll) - C:\WINDOWS\System32\sfklg.dll () O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\loginkey: DllName - (C:\Programme\Gemeinsame Dateien\Microsoft Shared\Ink\loginkey.dll) - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Ink\loginkey.dll (Microsoft Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\flo\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\flo\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 0 O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.08.06 10:08:29 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\flo\Desktop\OTL.exe [2012.08.06 01:58:50 | 000,000,000 | ---D | C] -- C:\Programme\Dropbox [2012.07.08 18:35:25 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Canneverbe Limited [2012.07.08 18:35:24 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\flo\Anwendungsdaten\Canneverbe Limited [2012.07.08 18:35:00 | 000,000,000 | ---D | C] -- C:\Programme\CDBurnerXP [2012.04.22 00:28:39 | 000,319,248 | ---- | C] (Autodesk, Inc.) -- C:\Programme\UPI32.dll [2012.04.22 00:28:36 | 000,674,664 | ---- | C] (Autodesk, Inc.) -- C:\Programme\SetupUi.dll [2012.04.22 00:28:35 | 000,672,616 | ---- | C] (Autodesk, Inc.) -- C:\Programme\SetupAcadUi.dll [2012.04.22 00:28:30 | 001,049,240 | ---- | C] (Autodesk, Inc.) -- C:\Programme\PatchMgr.dll [2012.04.22 00:28:26 | 000,655,872 | ---- | C] (Microsoft Corporation) -- C:\Programme\msvcr90.dll [2012.04.22 00:28:25 | 000,568,832 | ---- | C] (Microsoft Corporation) -- C:\Programme\msvcp90.dll [2012.04.22 00:28:24 | 000,224,768 | ---- | C] (Microsoft Corporation) -- C:\Programme\msvcm90.dll [2012.04.22 00:28:18 | 000,106,344 | ---- | C] (Autodesk, Inc.) -- C:\Programme\LiteHtml.dll [2012.04.22 00:28:15 | 001,645,320 | ---- | C] (Microsoft Corporation) -- C:\Programme\gdiplus.dll [2012.04.22 00:28:13 | 000,550,248 | ---- | C] (Autodesk, Inc.) -- C:\Programme\DeployUi.dll [2012.04.22 00:27:26 | 000,182,632 | ---- | C] (Autodesk) -- C:\Programme\adlmutil.dll [2012.04.22 00:27:25 | 001,245,032 | ---- | C] (Autodesk) -- C:\Programme\adlmPIT.dll [2012.04.22 00:27:03 | 000,087,704 | ---- | C] (Autodesk, Inc.) -- C:\Programme\AcSetup.dll [2012.04.22 00:25:56 | 000,451,944 | ---- | C] (Autodesk, Inc.) -- C:\Programme\setup.exe [2012.04.22 00:23:56 | 000,161,640 | ---- | C] (Autodesk, Inc.) -- C:\Programme\AcDelTree.exe [2011.04.02 18:11:02 | 000,818,176 | ---- | C] (Image-Line) -- C:\Programme\Kopie von FL Studio VSTi.dll [2011.03.16 14:36:36 | 000,092,064 | ---- | C] (MCCI) -- C:\Dokumente und Einstellungen\flo\mqdmmdm.sys [2011.03.16 14:36:36 | 000,079,328 | ---- | C] (MCCI) -- C:\Dokumente und Einstellungen\flo\mqdmserd.sys [2011.03.16 14:36:36 | 000,066,656 | ---- | C] (MCCI) -- C:\Dokumente und Einstellungen\flo\mqdmbus.sys [2011.03.16 14:36:36 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Dokumente und Einstellungen\flo\usbsermptxp.sys [2011.03.16 14:36:36 | 000,022,768 | ---- | C] (Microsoft Corporation) -- C:\Dokumente und Einstellungen\flo\usbsermpt.sys [2011.03.16 14:36:36 | 000,009,232 | ---- | C] (MCCI) -- C:\Dokumente und Einstellungen\flo\mqdmmdfl.sys [2011.03.16 14:36:36 | 000,006,208 | ---- | C] (MCCI) -- C:\Dokumente und Einstellungen\flo\mqdmcmnt.sys [2011.03.16 14:36:36 | 000,005,936 | ---- | C] (MCCI) -- C:\Dokumente und Einstellungen\flo\mqdmwhnt.sys [2011.03.16 14:36:36 | 000,004,048 | ---- | C] (MCCI) -- C:\Dokumente und Einstellungen\flo\mqdmcr.sys [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.08.06 10:16:44 | 043,882,460 | ---- | M] () -- C:\WINDOWS\System32\sfklg.dat [2012.08.06 09:58:42 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\flo\Desktop\OTL.exe [2012.08.06 09:40:00 | 000,001,090 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2012.08.06 09:35:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2012.08.06 08:43:54 | 000,052,224 | ---- | M] () -- C:\Dokumente und Einstellungen\flo\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.08.06 07:40:00 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2012.08.06 01:58:30 | 000,001,014 | ---- | M] () -- C:\Dokumente und Einstellungen\flo\Desktop\Dropbox.lnk [2012.08.05 13:56:48 | 000,001,608 | ---- | M] () -- C:\Dokumente und Einstellungen\flo\Startmenü\Programme\Autostart\ctfmon.lnk [2012.08.05 13:56:47 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\psma.sys [2012.08.05 10:21:25 | 000,449,782 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2012.08.05 10:21:25 | 000,433,578 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2012.08.05 10:21:25 | 000,080,750 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2012.08.05 10:21:25 | 000,068,152 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2012.08.05 10:19:39 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012.08.05 10:19:25 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012.08.05 00:45:31 | 004,503,728 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\rat_0ybba.pad [2012.08.05 00:42:40 | 000,000,756 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2012.08.04 22:35:47 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe [2012.08.04 22:35:47 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl [2012.08.02 18:20:26 | 000,000,782 | ---- | M] () -- C:\WINDOWS\Sam9_D.INI [2012.07.23 18:57:37 | 000,224,816 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2012.07.23 06:47:52 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2012.07.09 18:16:03 | 000,000,471 | ---- | M] () -- C:\WINDOWS\System32\Datei4 [2012.07.09 18:16:03 | 000,000,471 | ---- | M] () -- C:\WINDOWS\System32\Datei2 [2012.07.09 18:16:03 | 000,000,470 | ---- | M] () -- C:\WINDOWS\System32\Datei3 [2012.07.09 18:16:03 | 000,000,470 | ---- | M] () -- C:\WINDOWS\System32\Datei1 [2012.07.09 18:16:03 | 000,000,469 | ---- | M] () -- C:\WINDOWS\System32\Datei7 [2012.07.09 18:16:03 | 000,000,469 | ---- | M] () -- C:\WINDOWS\System32\Datei5 [2012.07.09 18:16:03 | 000,000,468 | ---- | M] () -- C:\WINDOWS\System32\Datei0 [2012.07.09 18:16:03 | 000,000,467 | ---- | M] () -- C:\WINDOWS\System32\Datei9 [2012.07.09 18:16:03 | 000,000,467 | ---- | M] () -- C:\WINDOWS\System32\Datei8 [2012.07.09 18:16:03 | 000,000,467 | ---- | M] () -- C:\WINDOWS\System32\Datei10 [2012.07.09 18:16:03 | 000,000,465 | ---- | M] () -- C:\WINDOWS\System32\Datei6 [2012.07.08 18:35:02 | 000,001,576 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\CDBurnerXP.lnk [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.08.05 13:56:47 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\psma.sys [2012.08.05 00:07:52 | 004,503,728 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\rat_0ybba.pad [2012.08.05 00:07:52 | 000,001,608 | ---- | C] () -- C:\Dokumente und Einstellungen\flo\Startmenü\Programme\Autostart\ctfmon.lnk [2012.07.08 18:35:02 | 000,001,576 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\CDBurnerXP.lnk [2012.07.08 18:35:02 | 000,001,520 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\CDBurnerXP.lnk [2012.07.08 18:35:01 | 000,005,504 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys [2012.04.25 15:07:32 | 000,340,480 | ---- | C] () -- C:\WINDOWS\System32\K8062e.exe [2012.04.25 15:07:32 | 000,322,048 | ---- | C] () -- C:\WINDOWS\System32\Easylase.dll [2012.04.25 15:07:32 | 000,301,056 | ---- | C] () -- C:\WINDOWS\System32\usbdmxfs.dll [2012.04.25 15:07:32 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\usb_dll.dll [2012.04.25 15:07:32 | 000,084,992 | ---- | C] () -- C:\WINDOWS\System32\DMX510Vb.dll [2012.04.25 15:07:32 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\dashardvb.dll [2012.04.25 15:07:32 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\EspionDll.dll [2012.04.25 15:07:32 | 000,044,544 | ---- | C] () -- C:\WINDOWS\System32\dmx60.dll [2012.04.25 15:07:32 | 000,044,544 | ---- | C] () -- C:\WINDOWS\System32\dmx120.dll [2012.04.25 15:07:32 | 000,042,496 | ---- | C] () -- C:\WINDOWS\System32\K8062D.dll [2012.04.25 15:07:32 | 000,037,888 | ---- | C] () -- C:\WINDOWS\System32\LPT_dmx.dll [2012.04.25 15:07:32 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\MPUSBAPI.DLL [2012.04.25 15:07:32 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\usbdmxsi.dll [2012.04.25 15:07:32 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\FASTTime32.dll [2012.04.25 15:07:32 | 000,003,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\dlportio.sys [2012.04.25 15:07:31 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\inpout32.dll [2012.04.22 00:23:56 | 000,000,043 | ---- | C] () -- C:\Programme\autorun.inf [2012.04.22 00:23:54 | 000,015,331 | ---- | C] () -- C:\Programme\Setup.ini [2012.03.28 08:01:39 | 043,882,460 | ---- | C] () -- C:\WINDOWS\System32\sfklg.dat [2012.03.15 00:53:11 | 000,001,634 | ---- | C] () -- C:\WINDOWS\cdplayer.ini [2012.03.15 00:41:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\MX_SHARE.DAT [2012.03.08 12:55:57 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe [2012.03.08 12:55:57 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe [2012.03.08 12:55:57 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2012.03.08 12:55:57 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2012.03.08 12:55:57 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2012.03.07 12:11:52 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2012.02.11 23:45:10 | 000,715,038 | ---- | C] () -- C:\WINDOWS\unins002.exe [2012.02.11 23:45:10 | 000,002,292 | ---- | C] () -- C:\WINDOWS\unins002.dat [2012.02.11 23:27:43 | 000,715,038 | ---- | C] () -- C:\WINDOWS\unins001.exe [2012.02.11 23:27:43 | 000,002,368 | ---- | C] () -- C:\WINDOWS\unins001.dat [2012.02.11 23:23:20 | 000,695,578 | ---- | C] () -- C:\WINDOWS\unins000.exe [2012.02.11 23:23:20 | 000,000,898 | ---- | C] () -- C:\WINDOWS\unins000.dat [2012.02.11 12:27:27 | 000,000,604 | -H-- | C] () -- C:\Programme\STLL Notifier [2012.02.10 13:59:03 | 000,000,444 | ---- | C] () -- C:\WINDOWS\{17FE44E2-D21A-4F0C-BE49-798A8FBC374E}_WiseFW.ini [2012.01.14 18:00:00 | 000,000,004 | ---- | C] () -- C:\WINDOWS\vx86036.dat [2012.01.14 17:59:31 | 000,000,074 | ---- | C] () -- C:\WINDOWS\Crypkey.ini [2012.01.14 17:59:27 | 000,027,648 | R--- | C] () -- C:\WINDOWS\Setup_ck.exe [2012.01.14 17:59:27 | 000,019,584 | ---- | C] () -- C:\WINDOWS\System32\Ckldrv.sys [2012.01.14 17:59:27 | 000,018,432 | ---- | C] () -- C:\WINDOWS\Setup_ck.dll [2012.01.14 17:59:27 | 000,011,776 | ---- | C] () -- C:\WINDOWS\Ckrfresh.exe [2012.01.14 17:58:54 | 000,000,383 | ---- | C] () -- C:\WINDOWS\System32\haspdos.sys [2011.12.23 13:24:51 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2011.12.23 09:33:11 | 000,107,520 | RHS- | C] () -- C:\WINDOWS\System32\TAKDSDecoder.dll [2011.09.12 20:43:19 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll [2011.09.12 20:43:19 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll [2011.09.12 20:43:19 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll [2011.09.12 20:43:19 | 000,000,205 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll [2011.09.12 20:43:19 | 000,000,073 | ---- | C] () -- C:\WINDOWS\System32\ssprs.dll [2011.08.05 13:24:02 | 000,000,030 | ---- | C] () -- C:\Programme\Exiferupdate.ini [2011.07.28 19:23:36 | 001,511,424 | ---- | C] () -- C:\WINDOWS\System32\HP1100SM.EXE [2011.07.28 19:23:36 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\HP1100LM.DLL [2011.07.28 19:23:02 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\mvusbews.dll [2011.07.28 19:22:57 | 000,054,272 | ---- | C] () -- C:\WINDOWS\System32\HP1100SMs.dll [2011.07.18 17:14:01 | 000,284,160 | ---- | C] () -- C:\WINDOWS\System32\mvhlewsi.dll [2011.06.21 11:11:53 | 000,008,424 | RHS- | C] () -- C:\Dokumente und Einstellungen\All Users\ntuser.pol [2011.04.11 21:56:57 | 000,006,656 | ---- | C] () -- C:\WINDOWS\System32\CNMVS58.DLL [2011.04.06 17:01:20 | 000,030,461 | ---- | C] () -- C:\WINDOWS\snap099.dat [2011.04.06 17:01:20 | 000,029,565 | ---- | C] () -- C:\WINDOWS\snap098.dat [2011.04.06 17:01:20 | 000,028,669 | ---- | C] () -- C:\WINDOWS\snap097.dat [2011.04.06 17:01:20 | 000,027,773 | ---- | C] () -- C:\WINDOWS\snap095.dat [2011.04.06 17:01:20 | 000,027,773 | ---- | C] () -- C:\WINDOWS\snap094.dat [2011.04.06 17:01:20 | 000,027,773 | ---- | C] () -- C:\WINDOWS\snap093.dat [2011.04.06 17:01:20 | 000,027,773 | ---- | C] () -- C:\WINDOWS\snap090.dat [2011.04.06 17:01:20 | 000,027,773 | ---- | C] () -- C:\WINDOWS\snap089.dat [2011.04.06 17:01:20 | 000,026,877 | ---- | C] () -- C:\WINDOWS\snap096.dat [2011.04.06 17:01:20 | 000,026,877 | ---- | C] () -- C:\WINDOWS\snap092.dat [2011.04.06 17:01:20 | 000,025,981 | ---- | C] () -- C:\WINDOWS\snap091.dat [2011.04.06 17:01:19 | 000,027,773 | ---- | C] () -- C:\WINDOWS\snap088.dat [2011.04.06 17:01:19 | 000,026,877 | ---- | C] () -- C:\WINDOWS\snap087.dat [2011.04.06 17:01:19 | 000,026,877 | ---- | C] () -- C:\WINDOWS\snap086.dat [2011.04.06 17:01:19 | 000,025,981 | ---- | C] () -- C:\WINDOWS\snap085.dat [2011.04.06 17:01:19 | 000,025,085 | ---- | C] () -- C:\WINDOWS\snap084.dat [2011.04.06 17:01:19 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap083.dat [2011.04.06 17:01:19 | 000,023,293 | ---- | C] () -- C:\WINDOWS\snap082.dat [2011.04.06 17:01:19 | 000,022,397 | ---- | C] () -- C:\WINDOWS\snap081.dat [2011.04.06 17:01:19 | 000,021,501 | ---- | C] () -- C:\WINDOWS\snap080.dat [2011.04.06 17:01:19 | 000,020,605 | ---- | C] () -- C:\WINDOWS\snap079.dat [2011.04.06 17:01:19 | 000,019,709 | ---- | C] () -- C:\WINDOWS\snap078.dat [2011.04.06 17:01:19 | 000,019,709 | ---- | C] () -- C:\WINDOWS\snap077.dat [2011.04.06 17:01:18 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap072.dat [2011.04.06 17:01:18 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap069.dat [2011.04.06 17:01:18 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap068.dat [2011.04.06 17:01:18 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap067.dat [2011.04.06 17:01:18 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap066.dat [2011.04.06 17:01:18 | 000,023,293 | ---- | C] () -- C:\WINDOWS\snap073.dat [2011.04.06 17:01:18 | 000,023,293 | ---- | C] () -- C:\WINDOWS\snap071.dat [2011.04.06 17:01:18 | 000,023,293 | ---- | C] () -- C:\WINDOWS\snap070.dat [2011.04.06 17:01:18 | 000,022,397 | ---- | C] () -- C:\WINDOWS\snap074.dat [2011.04.06 17:01:18 | 000,021,501 | ---- | C] () -- C:\WINDOWS\snap075.dat [2011.04.06 17:01:18 | 000,020,605 | ---- | C] () -- C:\WINDOWS\snap076.dat [2011.04.06 17:01:17 | 000,025,085 | ---- | C] () -- C:\WINDOWS\snap061.dat [2011.04.06 17:01:17 | 000,025,085 | ---- | C] () -- C:\WINDOWS\snap060.dat [2011.04.06 17:01:17 | 000,025,085 | ---- | C] () -- C:\WINDOWS\snap059.dat [2011.04.06 17:01:17 | 000,025,085 | ---- | C] () -- C:\WINDOWS\snap058.dat [2011.04.06 17:01:17 | 000,025,085 | ---- | C] () -- C:\WINDOWS\snap057.dat [2011.04.06 17:01:17 | 000,025,085 | ---- | C] () -- C:\WINDOWS\snap055.dat [2011.04.06 17:01:17 | 000,025,085 | ---- | C] () -- C:\WINDOWS\snap053.dat [2011.04.06 17:01:17 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap065.dat [2011.04.06 17:01:17 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap064.dat [2011.04.06 17:01:17 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap063.dat [2011.04.06 17:01:17 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap062.dat [2011.04.06 17:01:17 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap056.dat [2011.04.06 17:01:17 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap054.dat [2011.04.06 17:01:16 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap052.dat [2011.04.06 17:01:16 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap051.dat [2011.04.06 17:01:16 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap050.dat [2011.04.06 17:01:16 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap049.dat [2011.04.06 17:01:16 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap048.dat [2011.04.06 17:01:16 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap047.dat [2011.04.06 17:01:16 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap046.dat [2011.04.06 17:01:16 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap045.dat [2011.04.06 17:01:16 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap044.dat [2011.04.06 17:01:16 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap043.dat [2011.04.06 17:01:16 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap042.dat [2011.04.06 17:01:16 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap041.dat [2011.04.06 17:01:16 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap040.dat [2011.04.06 17:01:16 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap039.dat [2011.04.06 17:01:15 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap038.dat [2011.04.06 17:01:15 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap037.dat [2011.04.06 17:01:15 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap036.dat [2011.04.06 17:01:15 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap035.dat [2011.04.06 17:01:15 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap034.dat [2011.04.06 17:01:15 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap033.dat [2011.04.06 17:01:15 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap032.dat [2011.04.06 17:01:15 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap031.dat [2011.04.06 17:01:15 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap030.dat [2011.04.06 17:01:15 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap029.dat [2011.04.06 17:01:15 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap028.dat [2011.04.06 17:01:15 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap027.dat [2011.04.06 17:01:15 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap026.dat [2011.04.06 17:01:14 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap025.dat [2011.04.06 17:01:14 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap024.dat [2011.04.06 17:01:14 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap023.dat [2011.04.06 17:01:14 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap022.dat [2011.04.06 17:01:14 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap021.dat [2011.04.06 17:01:14 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap020.dat [2011.04.06 17:01:14 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap019.dat [2011.04.06 17:01:14 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap018.dat [2011.04.06 17:01:14 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap017.dat [2011.04.06 17:01:14 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap016.dat [2011.04.06 17:01:14 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap015.dat [2011.04.06 17:01:14 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap014.dat [2011.04.06 17:01:14 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap013.dat [2011.04.06 17:01:13 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap012.dat [2011.04.06 17:01:13 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap011.dat [2011.04.06 17:01:13 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap010.dat [2011.04.06 17:01:13 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap009.dat [2011.04.06 17:01:13 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap008.dat [2011.04.06 17:01:13 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap007.dat [2011.04.06 17:01:13 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap006.dat [2011.04.06 17:01:13 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap005.dat [2011.04.06 17:00:41 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap004.dat [2011.04.06 17:00:41 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap003.dat [2011.04.06 17:00:30 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap002.dat [2011.04.06 17:00:29 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap001.dat [2011.04.06 17:00:29 | 000,024,189 | ---- | C] () -- C:\WINDOWS\snap000.dat [2011.04.06 16:58:29 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\MKCoInstaller.dll [2011.04.06 16:58:25 | 000,002,042 | ---- | C] () -- C:\WINDOWS\Ca536a.ini [2011.03.23 20:39:32 | 000,000,038 | -HS- | C] () -- C:\WINDOWS\camcodec100.ini [2011.03.23 20:39:32 | 000,000,028 | -HS- | C] () -- C:\WINDOWS\lagarith.ini [2011.03.23 20:39:18 | 000,032,256 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll [2011.03.23 19:39:14 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\pxhpinst.exe [2011.03.21 18:04:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Kopie von musicmaker.INI [2011.03.21 17:16:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\musicmaker.INI [2011.03.21 17:13:46 | 000,000,024 | ---- | C] () -- C:\WINDOWS\magix.ini [2011.03.21 16:54:10 | 000,038,912 | ---- | C] () -- C:\WINDOWS\System32\mgxasio.dll [2011.03.20 00:57:53 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat [2011.03.18 10:55:30 | 000,000,782 | ---- | C] () -- C:\WINDOWS\Sam9_D.INI [2011.03.18 10:51:58 | 000,120,200 | ---- | C] () -- C:\WINDOWS\System32\DLLDEV32i.dll [2011.03.18 10:51:19 | 000,001,208 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini [2011.03.18 10:48:46 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2011.03.16 14:36:36 | 000,009,913 | ---- | C] () -- C:\Dokumente und Einstellungen\flo\MCCI_MDM.INF [2011.03.16 14:36:36 | 000,009,232 | ---- | C] () -- C:\Dokumente und Einstellungen\flo\USB_MOT_BRIT.INF [2011.03.16 14:36:36 | 000,007,201 | ---- | C] () -- C:\Dokumente und Einstellungen\flo\USBMOT2000.INF [2011.03.16 14:36:36 | 000,006,989 | ---- | C] () -- C:\Dokumente und Einstellungen\flo\MCCI_BUS.INF [2011.03.16 14:36:36 | 000,006,141 | ---- | C] () -- C:\Dokumente und Einstellungen\flo\USBMOT2000XP.INF [2011.03.16 14:36:36 | 000,005,960 | ---- | C] () -- C:\Dokumente und Einstellungen\flo\USB_MOT_A1000.INF [2011.03.16 14:36:36 | 000,005,880 | ---- | C] () -- C:\Dokumente und Einstellungen\flo\USB_CMCS_2000.INF [2011.03.16 14:36:36 | 000,004,477 | ---- | C] () -- C:\Dokumente und Einstellungen\flo\MCCI_SDM.INF [2011.03.16 01:09:20 | 000,052,224 | ---- | C] () -- C:\Dokumente und Einstellungen\flo\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.03.15 13:42:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2011.03.15 03:28:05 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll [2011.03.15 02:19:29 | 000,000,136 | ---- | C] () -- C:\Dokumente und Einstellungen\flo\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat [2011.03.15 02:14:57 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2011.03.15 02:04:58 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2011.03.15 01:41:58 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2011.03.15 01:40:35 | 000,224,816 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT ========== Alternate Data Streams ========== @Alternate Data Stream - 122 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:C8B8CEBD < End of report > extras.txt OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 06.08.2012 10:09:08 - Run 2
OTL by OldTimer - Version 3.2.56.0 Folder = C:\Dokumente und Einstellungen\flo\Desktop
Windows XP Tablet PC Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,99 Gb Total Physical Memory | 0,89 Gb Available Physical Memory | 44,48% Memory free
3,84 Gb Paging File | 2,81 Gb Available in Paging File | 73,12% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 18,62 Gb Total Space | 0,90 Gb Free Space | 4,85% Space Free | Partition Type: NTFS
Drive D: | 18,63 Gb Total Space | 1,03 Gb Free Space | 5,55% Space Free | Partition Type: NTFS
Drive F: | 1,81 Gb Total Space | 0,43 Gb Free Space | 23,65% Space Free | Partition Type: FAT
Drive I: | 931,51 Gb Total Space | 352,44 Gb Free Space | 37,84% Space Free | Partition Type: NTFS
Drive M: | 7,40 Gb Total Space | 7,40 Gb Free Space | 100,00% Space Free | Partition Type: FAT32
Computer Name: FLOPTOP | User Name: flo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- winhlp32.exe %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\Orbitdownloader\orbitdm.exe" = C:\Programme\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Programme\Orbitdownloader\orbitnet.exe" = C:\Programme\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Programme\1&1\1&1 SoftPhone\IPPHONEUI.EXE" = C:\Programme\1&1\1&1 SoftPhone\IPPHONEUI.EXE:*:Enabled:1&1 SoftPhone -- (1&1 Internet AG)
"C:\Programme\Mozilla Firefox\firefox.exe" = C:\Programme\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Programme\QIP\qip.exe" = C:\Programme\QIP\qip.exe:*:Enabled:Quiet Internet Pager -- (The Author of QIP)
"C:\Programme\Sibelius Software\Sibelius 6\RegTool.exe" = C:\Programme\Sibelius Software\Sibelius 6\RegTool.exe:*:Enabled:RegTool.exe -- ()
"C:\Programme\Sibelius Software\Sibelius 6\Sibelius.exe" = C:\Programme\Sibelius Software\Sibelius 6\Sibelius.exe:*:Enabled:Sibelius.exe -- (Sibelius Software, a division of Avid Technology, Inc. and its licensors.)
"C:\Dokumente und Einstellungen\flo\Anwendungsdaten\Dropbox\bin\Dropbox.exe" = C:\Dokumente und Einstellungen\flo\Anwendungsdaten\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- (Dropbox, Inc.)
"D:\FreeStyler\FreeStyler512.exe" = D:\FreeStyler\FreeStyler512.exe:*:Enabled:FreeStyler512
"C:\Programme\QIP 2012\qip.exe" = C:\Programme\QIP 2012\qip.exe:*:Enabled:QIP 2012
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0659E943-DDF4-44FC-9FEE-A13B09F8BB08}" = Adobe Flash Media Live Encoder 3.2
"{09266808-537A-43C1-8B4D-D411169F1E3B}" = Garmin Training Center
"{0DD140D3-9563-481E-AA75-BA457CBDAEF2}" = PC Inspector File Recovery
"{17FE44E2-D21A-4F0C-BE49-798A8FBC374E}" = Sibelius 6
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{268723B7-A994-4286-9F85-B974D5CAFC7B}" = Ontrack EasyRecovery Professional
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{27237DBF-81A7-4569-908C-48427460B7BA}" = The Panorama Factory V5 m32 Edition
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 H2
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3F4EC965-28EF-45C3-B063-04B25D4E9679}" = HP Integrated Module with Bluetooth wireless technology
"{48CF6549-B45D-4313-9927-EFCCC8A3493F}" = TIPCI
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AA68A73-DB9C-439D-9481-981C82BD008B}" = Nokia Connectivity Cable Driver
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers
"{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}" = Power Tab Editor 1.7
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{767B964C-D9B4-422D-802B-F7ACBE2D310A}" = TIPCI
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7F362F06-A9A3-440F-8B19-6A01A72723C4}" = AuthenTec Fingerprint Sensor Minimum Install
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (German) 12
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0000-0000-0000000FF1CE}" = Microsoft Office OneNote 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{903B0407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Project Professional 2003
"{92D1CEBC-7C72-4ECF-BFC6-C131EF3FE6A7}" = Nokia Suite
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A14F7508-B784-40B8-B11A-E0E2EEB7229F}" = Adobe Premiere Pro 1.5
"{A2AA4204-C05A-4013-888A-AD153139297F}" = PC Connectivity Solution
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}" = Join Air
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{AEB9948B-4FF2-47C9-990E-47014492A0FE}" = MSXML 6.0 Parser
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0
"{B7F54262-AB66-44B3-88BF-9FC69941B643}" = Broadcom NetXtreme Ethernet Controller
"{B93DCF58-AA57-41EC-8D69-B05C66C6312D}_is1" = SUPER © v2011.build.49 (July 1st, 2011) Version v2011.build.49
"{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}" = Motorola Phone Tools
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU
"{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D6A1E429-CCE1-4140-A615-710B806D12BA}" = Motorola Driver Installation 3.2.0
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{E8F728D0-C3F0-42EB-BBC2-C4A38A577CB1}" = Motorola Phone Tools
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{FFB6614F-6E61-4831-BF71-51633A718B18}" = Nitro Reader 2
"1&1 SmartFax" = 1&1 SmartFax
"1&1 SoftPhone" = 1&1 SoftPhone
"3D4You22 2009_is1" = 3D4You22 2009
"4.0M MPEG4 DV" = 4.0M MPEG4 DV
"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"ALZip_is1" = ALZip
"AsfTools 3.1" = AsfTools 3.1 (remove only)
"ASIO4ALL" = ASIO4ALL
"Avidemux 2.5" = Avidemux 2.5
"Broadcom 802.11b Network Adapter" = Broadcom 802.11-WLAN-Adapter
"Bullzip PDF Printer_is1" = Bullzip PDF Printer 8.2.0.1406
"CamStudio" = CamStudio
"CANONBJ_Deinstall_CNMCP58.DLL" = Canon i560
"CDex" = CDex - Open Source Digital Audio CD Extractor
"Exifer_is1" = Exifer
"Feurio" = Feurio! CD-Writer
"ffdshow_is1" = ffdshow [rev 2202] [2008-10-10]
"FL Studio 9" = FL Studio 9
"Flatcast Producer 5.3_is1" = Flatcast Producer Plugin 5.3.0.784
"Flatcast Viewer 5.3_is1" = Flatcast Viewer Plugin 5.3.0.784
"Flatcast_is1" = Flatcast Viewer Plugin 5.2.2.454
"GPL Ghostscript 9.05" = GPL Ghostscript
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Hippsoft hsWebCam_is1" = Hippsoft hsWebCam 1.09.0000
"HP LaserJet Professional P1100-P1560-P1600 Series" = HP LaserJet Professional P1100-P1560-P1600 Series
"HS2_is1" = Steinberg Hypersonic 2
"InstallShield_{268723B7-A994-4286-9F85-B974D5CAFC7B}" = Ontrack EasyRecovery Professional
"InstallShield_{48CF6549-B45D-4313-9927-EFCCC8A3493F}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"InstallShield_{767B964C-D9B4-422D-802B-F7ACBE2D310A}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Nokia Suite" = Nokia Suite
"ONENOTE" = Microsoft Office OneNote 2007
"Orbit_is1" = Orbit Downloader
"Samplitude SE No.9 D" = Samplitude SE No.9 9.1.1.1 (D)
"SyncroSoft Emu" = SyncroSoft Emu (Remove only)
"Syncrosoft's License Control" = Syncrosofts Lizenz Kontrolle
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Toxic Biohazard" = Toxic Biohazard
"VLC media player" = VLC media player 1.1.7
"Vuze_Remote Toolbar" = Vuze Remote Toolbar
"WacomPenabled" = Wacom Pen Driver 2.7
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"Wudf01009" = Microsoft User-Mode Driver Framework Feature Pack 1.9
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"QIP 2005" = QIP 2005 8095
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 28.07.2012 14:35:02 | Computer Name = FLOPTOP | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung FlashPlayerUpdateService.exe, Version 11.3.300.268,
fehlgeschlagenes Modul ntdll.dll, Version 5.1.2600.6055, Fehleradresse 0x000113c0.
Error - 28.07.2012 15:13:41 | Computer Name = FLOPTOP | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung rundll32.exe, Version 5.1.2600.5512, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 29.07.2012 07:26:59 | Computer Name = FLOPTOP | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung nitro_pipassistant.exe, Version 2.3.1.7,
fehlgeschlagenes Modul msvcr100.dll, Version 10.0.40219.1, Fehleradresse 0x0008d6fd.
Error - 31.07.2012 14:35:33 | Computer Name = FLOPTOP | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung FlashPlayerUpdateService.exe, Version 11.3.300.268,
fehlgeschlagenes Modul ntdll.dll, Version 5.1.2600.6055, Fehleradresse 0x000113c0.
Error - 02.08.2012 04:35:03 | Computer Name = FLOPTOP | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung FlashPlayerUpdateService.exe, Version 11.3.300.268,
fehlgeschlagenes Modul ntdll.dll, Version 5.1.2600.6055, Fehleradresse 0x000113c0.
Error - 02.08.2012 10:35:17 | Computer Name = FLOPTOP | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung FlashPlayerUpdateService.exe, Version 11.3.300.268,
fehlgeschlagenes Modul ntdll.dll, Version 5.1.2600.6055, Fehleradresse 0x000113c0.
Error - 02.08.2012 11:35:18 | Computer Name = FLOPTOP | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung FlashPlayerUpdateService.exe, Version 11.3.300.268,
fehlgeschlagenes Modul ntdll.dll, Version 5.1.2600.6055, Fehleradresse 0x000113c0.
Error - 02.08.2012 15:35:02 | Computer Name = FLOPTOP | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung FlashPlayerUpdateService.exe, Version 11.3.300.268,
fehlgeschlagenes Modul ntdll.dll, Version 5.1.2600.6055, Fehleradresse 0x000113c0.
Error - 03.08.2012 00:43:53 | Computer Name = FLOPTOP | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung plugin-container.exe, Version 14.0.1.4577,
fehlgeschlagenes Modul npgarmin.dll, Version 3.0.1.0, Fehleradresse 0x004aa177.
Error - 04.08.2012 05:33:13 | Computer Name = FLOPTOP | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung plugin-container.exe, Version 14.0.1.4577,
fehlgeschlagenes Modul npgarmin.dll, Version 3.0.1.0, Fehleradresse 0x004aa177.
[ OSession Events ]
Error - 15.03.2011 20:02:45 | Computer Name = FLOPTOP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 13, Application Name: Microsoft Office OneNote, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 376
seconds with 360 seconds of active time. This session ended with a crash.
Error - 01.04.2011 15:02:01 | Computer Name = FLOPTOP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 13, Application Name: Microsoft Office OneNote, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 6927
seconds with 1200 seconds of active time. This session ended with a crash.
Error - 01.04.2011 15:02:20 | Computer Name = FLOPTOP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 13, Application Name: Microsoft Office OneNote, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 12
seconds with 0 seconds of active time. This session ended with a crash.
Error - 01.04.2011 15:02:39 | Computer Name = FLOPTOP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 13, Application Name: Microsoft Office OneNote, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 16
seconds with 0 seconds of active time. This session ended with a crash.
Error - 01.04.2011 15:02:52 | Computer Name = FLOPTOP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 13, Application Name: Microsoft Office OneNote, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 9
seconds with 0 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 04.08.2012 05:19:58 | Computer Name = FLOPTOP | Source = Service Control Manager | ID = 7000
Description = Der Dienst "4.0M MPEG4 DV Video Capture" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1058
Error - 04.08.2012 05:20:05 | Computer Name = FLOPTOP | Source = Service Control Manager | ID = 7023
Description = Der Dienst "WMI-Leistungsadapter" wurde mit folgendem Fehler beendet:
%%2147500037
Error - 04.08.2012 11:49:56 | Computer Name = FLOPTOP | Source = Service Control Manager | ID = 7000
Description = Der Dienst "4.0M MPEG4 DV Video Capture" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1058
Error - 04.08.2012 11:50:02 | Computer Name = FLOPTOP | Source = Service Control Manager | ID = 7023
Description = Der Dienst "WMI-Leistungsadapter" wurde mit folgendem Fehler beendet:
%%2147500037
Error - 04.08.2012 16:08:09 | Computer Name = FLOPTOP | Source = Service Control Manager | ID = 7000
Description = Der Dienst "4.0M MPEG4 DV Video Capture" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1058
Error - 04.08.2012 16:08:14 | Computer Name = FLOPTOP | Source = Service Control Manager | ID = 7023
Description = Der Dienst "WMI-Leistungsadapter" wurde mit folgendem Fehler beendet:
%%2147500037
Error - 04.08.2012 18:12:15 | Computer Name = FLOPTOP | Source = Service Control Manager | ID = 7000
Description = Der Dienst "4.0M MPEG4 DV Video Capture" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1058
Error - 04.08.2012 18:12:21 | Computer Name = FLOPTOP | Source = Service Control Manager | ID = 7023
Description = Der Dienst "WMI-Leistungsadapter" wurde mit folgendem Fehler beendet:
%%2147500037
Error - 05.08.2012 04:19:47 | Computer Name = FLOPTOP | Source = Service Control Manager | ID = 7000
Description = Der Dienst "4.0M MPEG4 DV Video Capture" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1058
Error - 05.08.2012 04:19:57 | Computer Name = FLOPTOP | Source = Service Control Manager | ID = 7023
Description = Der Dienst "WMI-Leistungsadapter" wurde mit folgendem Fehler beendet:
%%2147500037
< End of report >
|
|
06.08.2012, 15:01
| #4 |
| /// Helfer-Team | gvu / ukash-trojaner Fixen mit OTL Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).
Code:
ATTFilter :OTL
MOD - C:\Dokumente und Einstellungen\flo\Lokale Einstellungen\Temp\Adobelm_Cleanup.0001.dir.0002\~df394b.tmp ()
MOD - C:\Dokumente und Einstellungen\flo\Lokale Einstellungen\Temp\Adobelm_Cleanup.0001.dir.0001\~df394b.tmp ()
MOD - C:\Dokumente und Einstellungen\flo\Lokale Einstellungen\Temp\abby0_tar.exe ()
DRV - (WDICA) -- File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (Mnlicnxdmw) -- File not found
DRV - (lbrtfdc) -- File not found
DRV - (i2omgmt) -- File not found
DRV - (Changer) -- File not found
DRV - (catchme) -- C:\DOKUME~1\flo\LOKALE~1\Temp\catchme.sys File not found
DRV - (appliandMP) -- system32\DRIVERS\appliand.sys File not found
DRV - (ajt0mnte) -- File not found
DRV - (AgereSoftModem) -- system32\DRIVERS\AGRSM.sys File not found
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.param.yahoo-fr: ""
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "about:blank"
FF - prefs.js..extensions.enabledItems: {ad48108d-92a6-4eb9-87e4-978aca1dbae4}:1.1.7
FF - prefs.js..extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.1.2
FF - prefs.js..network.proxy.backup.ftp: "10.1.0.0"
FF - prefs.js..network.proxy.backup.ftp_port: ""
FF - prefs.js..network.proxy.backup.socks: ""
FF - prefs.js..network.proxy.backup.socks_port: ""
FF - prefs.js..network.proxy.backup.ssl: ""
FF - prefs.js..network.proxy.backup.ssl_port: ""
FF - prefs.js..network.proxy.ftp: "10.1.0.0"
FF - prefs.js..network.proxy.ftp_port: 8080
FF - prefs.js..network.proxy.http: "10.1.0.0"
FF - prefs.js..network.proxy.http_port: 8080
FF - prefs.js..network.proxy.no_proxies_on: "localhost, 127.0.0.1, 10.3.0.64, 10.1.0.0/8080"
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "10.1.0.0"
FF - prefs.js..network.proxy.socks_port: 8080
FF - prefs.js..network.proxy.ssl: "10.1.0.0"
FF - prefs.js..network.proxy.ssl_port: 8080
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
O4 - HKCU..\Run: [Infium] "C:\Programme\QIP 2012\qip.exe" /autorun File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O32 - HKLM CDRom: AutoRun - 0
[2012.08.06 09:40:00 | 000,001,090 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012.08.06 09:35:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012.08.06 07:40:00 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012.08.05 13:56:48 | 000,001,608 | ---- | M] () -- C:\Dokumente und Einstellungen\flo\Startmenü\Programme\Autostart\ctfmon.lnk
[2012.08.05 00:45:31 | 004,503,728 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\rat_0ybba.pad
:Files
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[emptyflash]
Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden. Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen! |
|
06.08.2012, 20:43
| #5 |
| | gvu / ukash-trojanerCode:
ATTFilter All processes killed
========== OTL ==========
Service WDICA stopped successfully!
Service WDICA deleted successfully!
File File not found not found.
Service PDRFRAME stopped successfully!
Service PDRFRAME deleted successfully!
File File not found not found.
Service PDRELI stopped successfully!
Service PDRELI deleted successfully!
File File not found not found.
Service PDFRAME stopped successfully!
Service PDFRAME deleted successfully!
File File not found not found.
Service PDCOMP stopped successfully!
Service PDCOMP deleted successfully!
File File not found not found.
Service PCIDump stopped successfully!
Service PCIDump deleted successfully!
File File not found not found.
Error: No service named Mnlicnxdmw was found to stop!
Service\Driver key Mnlicnxdmw not found.
File File not found not found.
Service lbrtfdc stopped successfully!
Service lbrtfdc deleted successfully!
File File not found not found.
Service i2omgmt stopped successfully!
Service i2omgmt deleted successfully!
File File not found not found.
Service Changer stopped successfully!
Service Changer deleted successfully!
File File not found not found.
Service catchme stopped successfully!
Service catchme deleted successfully!
File C:\DOKUME~1\flo\LOKALE~1\Temp\catchme.sys File not found not found.
Service appliandMP stopped successfully!
Service appliandMP deleted successfully!
File system32\DRIVERS\appliand.sys File not found not found.
Error: No service named ajt0mnte was found to stop!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ajt0mnte deleted successfully.
File File not found not found.
Service AgereSoftModem stopped successfully!
Service AgereSoftModem deleted successfully!
File system32\DRIVERS\AGRSM.sys File not found not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Prefs.js: "" removed from browser.search.defaultenginename
Prefs.js: "" removed from browser.search.param.yahoo-fr
Prefs.js: "Google" removed from browser.search.selectedEngine
Prefs.js: false removed from browser.search.update
Prefs.js: "about:blank" removed from browser.startup.homepage
Prefs.js: {ad48108d-92a6-4eb9-87e4-978aca1dbae4}:1.1.7 removed from extensions.enabledItems
Prefs.js: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.1.2 removed from extensions.enabledItems
Prefs.js: "10.1.0.0" removed from network.proxy.backup.ftp
Prefs.js: "" removed from network.proxy.backup.ftp_port
Prefs.js: "" removed from network.proxy.backup.socks
Prefs.js: "" removed from network.proxy.backup.socks_port
Prefs.js: "" removed from network.proxy.backup.ssl
Prefs.js: "" removed from network.proxy.backup.ssl_port
Prefs.js: "10.1.0.0" removed from network.proxy.ftp
Prefs.js: 8080 removed from network.proxy.ftp_port
Prefs.js: "10.1.0.0" removed from network.proxy.http
Prefs.js: 8080 removed from network.proxy.http_port
Prefs.js: "localhost, 127.0.0.1, 10.3.0.64, 10.1.0.0/8080" removed from network.proxy.no_proxies_on
Prefs.js: true removed from network.proxy.share_proxy_settings
Prefs.js: "10.1.0.0" removed from network.proxy.socks
Prefs.js: 8080 removed from network.proxy.socks_port
Prefs.js: "10.1.0.0" removed from network.proxy.ssl
Prefs.js: 8080 removed from network.proxy.ssl_port
Prefs.js: 0 removed from network.proxy.type
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Infium deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives deleted successfully.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job moved successfully.
C:\WINDOWS\tasks\Adobe Flash Player Updater.job moved successfully.
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job moved successfully.
C:\Dokumente und Einstellungen\flo\Startmenü\Programme\Autostart\ctfmon.lnk moved successfully.
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\rat_0ybba.pad moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Auflösungscache wurde geleert.
C:\Dokumente und Einstellungen\flo\Desktop\cmd.bat deleted successfully.
C:\Dokumente und Einstellungen\flo\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: flo
->Temp folder emptied: 27655285 bytes
->Temporary Internet Files folder emptied: 96522251 bytes
->Java cache emptied: 1288861 bytes
->FireFox cache emptied: 301543984 bytes
->Flash cache emptied: 40143 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 711240 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1328790 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 409,00 mb
[EMPTYFLASH]
User: All Users
User: Default User
User: flo
->Flash cache emptied: 0 bytes
User: LocalService
User: NetworkService
Total Flash Files Cleaned = 0,00 mb
OTL by OldTimer - Version 3.2.56.0 log created on 08062012_212024
Files\Folders moved on Reboot...
File\Folder C:\Dokumente und Einstellungen\flo\Lokale Einstellungen\Temp\abby0_tar.exe not found!
File move failed. C:\WINDOWS\temp\hlktmp scheduled to be moved on reboot.
PendingFileRenameOperations files...
File C:\Dokumente und Einstellungen\flo\Lokale Einstellungen\Temp\abby0_tar.exe not found!
[2012.08.06 21:37:50 | 008,405,015 | ---- | M] () C:\WINDOWS\temp\hlktmp : Unable to obtain MD5
Registry entries deleted on Reboot...
|
|
07.08.2012, 13:48
| #6 |
| /// Helfer-Team | gvu / ukash-trojaner Sehr gut!  Wie laeuft der Rechner? 1. Schritt Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.danach: 2. Schritt Downloade Dir bitte AdwCleaner auf deinen Desktop.
__________________ --> gvu / ukash-trojaner |
|
08.08.2012, 20:13
| #7 |
| | gvu / ukash-trojaner der rechner läuft problemlos.. malwarebytes Anti-Malware findet nichts mehr. hier der log vom adwcleaner: Code:
ATTFilter # AdwCleaner v1.800 - Logfile created 08/08/2012 at 21:11:35
# Updated 01/08/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : flo - FLOPTOP
# Running from : D:\downloads\adwcleaner.exe
# Option [Search]
***** [Services] *****
***** [Files / Folders] *****
Folder Found : C:\Dokumente und Einstellungen\flo\Anwendungsdaten\pdfforge
Folder Found : C:\Programme\Conduit
Folder Found : C:\Programme\Vuze_Remote
Folder Found : C:\Programme\Vuze_Remote
***** [Registry] *****
[*] Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2504091
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Headlight
Key Found : HKCU\Software\Softonic
Key Found : HKCU\Software\Vuze_Remote
Key Found : HKCU\Toolbar
Key Found : HKLM\SOFTWARE\Adobe\OpenCandy
Key Found : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Found : HKLM\SOFTWARE\Conduit
Key Found : HKLM\SOFTWARE\eRightSoft\OpenCandy
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Vuze_Remote Toolbar
Key Found : HKLM\SOFTWARE\Orbit\OpenCandy
Key Found : HKLM\SOFTWARE\Software
Key Found : HKLM\SOFTWARE\Vuze_Remote
Key Found : HKLM\SOFTWARE\Wise Solutions
Value Found : HKCU\Software\Microsoft\Internet Explorer\Extensions\CmdMapping [{F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478}]
***** [Registre - GUID] *****
Key Found : HKLM\SOFTWARE\Classes\CLSID\{C2B137E4-563A-437D-AFFE-E5A047FA759C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{7533B9D8-A1BC-4806-899A-D169C27F7373}
Key Found : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Key Found : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{93930591-E827-49E3-A4B6-1DCFBFBB2176}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C765ED3C-7D17-412E-BC07-02972B2AD53B}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7533B9D8-A1BC-4806-899A-D169C27F7373}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F72841F0-4EF1-4DF5-BCE5-B3AC8ACF5478}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BA14329E-9550-4989-B3F2-9732E92D17CC}
***** [Internet Browsers] *****
-\\ Internet Explorer v6.0.2900.5512
[OK] Registry is clean.
*************************
AdwCleaner[R1].txt - [2787 octets] - [08/08/2012 21:11:35]
########## EOF - C:\AdwCleaner[R1].txt - [2915 octets] ##########
|
|
08.08.2012, 20:19
| #8 |
| /// Helfer-Team | gvu / ukash-trojaner Sehr gut!
danach: Malware-Scan mit Emsisoft Anti-Malware Lade die Gratisversion von => Emsisoft Anti-Malware herunter und installiere das Programm. Lade über Jetzt Updaten die aktuellen Signaturen herunter. Wähle den Freeware-Modus aus. Wähle Detail Scan und starte über den Button Scan die Überprüfung des Computers. Am Ende des Scans nichts loeschen lassen!. Mit Klick auf Bericht speichern das Logfile auf dem Desktop speichern und hier in den Thread posten. Anleitung: http://www.trojaner-board.de/103809-...i-malware.html |
|
09.09.2012, 02:26
| #9 |
| /// Helfer-Team | gvu / ukash-trojaner Fehlende Rückmeldung Gibt es Probleme beim Abarbeiten obiger Anleitung? Um Kapazitäten für andere Hilfesuchende freizumachen, lösche ich dieses Thema aus meinen Benachrichtigungen. Solltest Du weitermachen wollen, schreibe mir eine PN oder eröffne ein neues Thema. http://www.trojaner-board.de/69886-a...-beachten.html Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner sauber ist. |
|
09.09.2012, 16:10
| #10 |
| | gvu / ukash-trojaner sorry, ich dachte, ich hätte geantwortet. hier der adwcleaner-log: Code:
ATTFilter # AdwCleaner v2.000 - Datei am 09/09/2012 um 09:38:27 erstellt
# Aktualisiert am 30/08/2012 von Xplode
# Betriebssystem : Microsoft Windows XP Service Pack 3 (32 bits)
# Benutzer : flo - FLOPTOP
# Normaler Modus : Normal
# Ausgeführt unter : D:\downloads\adwcleaner(1).exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Ordner Gelöscht : C:\Dokumente und Einstellungen\flo\Anwendungsdaten\pdfforge
Ordner Gelöscht : C:\Programme\Conduit
Ordner Gelöscht : C:\Programme\Vuze_Remote
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\Headlight
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BA14329E-9550-4989-B3F2-9732E92D17CC}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F72841F0-4EF1-4DF5-BCE5-B3AC8ACF5478}
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\SweetIm
Schlüssel Gelöscht : HKCU\Software\Vuze_Remote
Schlüssel Gelöscht : HKCU\Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{7533B9D8-A1BC-4806-899A-D169C27F7373}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{C2B137E4-563A-437D-AFFE-E5A047FA759C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Conduit.Engine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2504091
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\Software\eRightSoft\OpenCandy
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{93930591-E827-49E3-A4B6-1DCFBFBB2176}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C765ED3C-7D17-412E-BC07-02972B2AD53B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Vuze_Remote Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7533B9D8-A1BC-4806-899A-D169C27F7373}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Vuze_Remote Toolbar
Schlüssel Gelöscht : HKLM\Software\Orbit\OpenCandy
Schlüssel Gelöscht : HKLM\SOFTWARE\Software
Schlüssel Gelöscht : HKLM\Software\SweetIm
Schlüssel Gelöscht : HKLM\Software\Vuze_Remote
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Extensions\CmdMapping [{F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EEE6C35B-6118-11DC-9C72-001320C79847}]
***** [Internet Browser] *****
-\\ Internet Explorer v6.0.2900.5512
Wiederhergestellt : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
*************************
AdwCleaner[R1].txt - [2916 octets] - [08/08/2012 21:11:35]
AdwCleaner[S1].txt - [4007 octets] - [09/09/2012 09:38:27]
########## EOF - C:\AdwCleaner[S1].txt - [4067 octets] ##########
anti-malware scan log: Code:
ATTFilter Emsisoft Anti-Malware - Version 6.6
Letztes Update: 09.09.2012 09:55:23
Scan Einstellungen:
Scan Methode: Detail Scan
Objekte: Rootkits, Speicher, Traces, C:\, D:\, E:\
Archiv Scan: An
ADS Scan: An
Scan Beginn: 09.09.2012 09:56:22
c:\windows\system32\sfklg.dll gefunden: Riskware.Monitor.Win32.Sfkeylogger.a!E2
c:\programme\rkfree gefunden: Trace.File.revealerkeylog!E1
c:\windows\system32\sfklg.dat gefunden: Trace.File.free keylogger 1.1!E1
c:\windows\system32\sfklgcp.exe gefunden: Trace.File.free keylogger 1.1!E1
Value: hkey_local_machine\software\microsoft\windows nt\currentversion\windows --> sfklg gefunden: Trace.Registry.free keylogger 1.1!E1
C:\_OTL.zip -> MovedFiles\03052012_234830\C_WINDOWS\system32\E13521A1E0A0CC59F69D.exe gefunden: Trojan.Win32.Yakes!E2
C:\_OTL\MovedFiles\08062012_212024\C_Dokumente und Einstellungen\flo\Startmenü\Programme\Autostart\ctfmon.lnk gefunden: Trojan.LNK.Reveton!E2
C:\WINDOWS\assembly\GAC\Desktop.ini gefunden: Backdoor.Win32.ZAccess!E1
C:\System Volume Information\_restore{08B71889-4190-42E7-A07A-9202A9EEBDEB}\RP113\A0037774.ini gefunden: Backdoor.Win32.ZAccess!E1
C:\System Volume Information\_restore{08B71889-4190-42E7-A07A-9202A9EEBDEB}\RP113\A0038774.ini gefunden: Backdoor.Win32.ZAccess!E1
C:\System Volume Information\_restore{08B71889-4190-42E7-A07A-9202A9EEBDEB}\RP113\A0038804.ini gefunden: Backdoor.Win32.ZAccess!E1
C:\System Volume Information\_restore{08B71889-4190-42E7-A07A-9202A9EEBDEB}\RP113\A0038893.ini gefunden: Backdoor.Win32.ZAccess!E1
C:\System Volume Information\_restore{08B71889-4190-42E7-A07A-9202A9EEBDEB}\RP112\A0037677.ini gefunden: Backdoor.Win32.ZAccess!E1
C:\System Volume Information\_restore{08B71889-4190-42E7-A07A-9202A9EEBDEB}\RP112\A0037705.ini gefunden: Backdoor.Win32.ZAccess!E1
C:\System Volume Information\_restore{08B71889-4190-42E7-A07A-9202A9EEBDEB}\RP112\A0037721.ini gefunden: Backdoor.Win32.ZAccess!E1
C:\System Volume Information\_restore{08B71889-4190-42E7-A07A-9202A9EEBDEB}\RP112\A0037728.ini gefunden: Backdoor.Win32.ZAccess!E1
C:\System Volume Information\_restore{08B71889-4190-42E7-A07A-9202A9EEBDEB}\RP112\A0037736.ini gefunden: Backdoor.Win32.ZAccess!E1
C:\System Volume Information\_restore{08B71889-4190-42E7-A07A-9202A9EEBDEB}\RP112\A0037744.ini gefunden: Backdoor.Win32.ZAccess!E1
C:\System Volume Information\_restore{08B71889-4190-42E7-A07A-9202A9EEBDEB}\RP112\A0037756.ini gefunden: Backdoor.Win32.ZAccess!E1
C:\System Volume Information\_restore{08B71889-4190-42E7-A07A-9202A9EEBDEB}\RP111\A0037666.ini gefunden: Backdoor.Win32.ZAccess!E1
C:\System Volume Information\_restore{08B71889-4190-42E7-A07A-9202A9EEBDEB}\RP110\A0037504.ini gefunden: Backdoor.Win32.ZAccess!E1
C:\System Volume Information\_restore{08B71889-4190-42E7-A07A-9202A9EEBDEB}\RP110\A0037511.ini gefunden: Backdoor.Win32.ZAccess!E1
C:\System Volume Information\_restore{08B71889-4190-42E7-A07A-9202A9EEBDEB}\RP110\A0037518.ini gefunden: Backdoor.Win32.ZAccess!E1
C:\System Volume Information\_restore{08B71889-4190-42E7-A07A-9202A9EEBDEB}\RP110\A0037531.ini gefunden: Backdoor.Win32.ZAccess!E1
C:\System Volume Information\_restore{08B71889-4190-42E7-A07A-9202A9EEBDEB}\RP110\A0037561.ini gefunden: Backdoor.Win32.ZAccess!E1
C:\System Volume Information\_restore{08B71889-4190-42E7-A07A-9202A9EEBDEB}\RP110\A0037571.ini gefunden: Backdoor.Win32.ZAccess!E1
C:\System Volume Information\_restore{08B71889-4190-42E7-A07A-9202A9EEBDEB}\RP110\A0037593.ini gefunden: Backdoor.Win32.ZAccess!E1
C:\System Volume Information\_restore{08B71889-4190-42E7-A07A-9202A9EEBDEB}\RP110\A0037626.ini gefunden: Backdoor.Win32.ZAccess!E1
C:\System Volume Information\_restore{08B71889-4190-42E7-A07A-9202A9EEBDEB}\RP109\A0037269.exe gefunden: Trojan-Dropper.Win32.Injector!E2
C:\System Volume Information\_restore{08B71889-4190-42E7-A07A-9202A9EEBDEB}\RP109\A0037432.ini gefunden: Backdoor.Win32.ZAccess!E1
C:\System Volume Information\_restore{08B71889-4190-42E7-A07A-9202A9EEBDEB}\RP109\A0037484.ini gefunden: Backdoor.Win32.ZAccess!E1
C:\RECYCLER\S-1-5-18\$4326bb3558bc3f06d34f3e87218ccfcd\U\00000004.@ gefunden: Trojan.Win32.Sirefef!E2
C:\RECYCLER\S-1-5-21-1644491937-861567501-839522115-1003\$4326bb3558bc3f06d34f3e87218ccfcd\n gefunden: Trojan.Win32.Sirefef!E2
C:\RECYCLER\S-1-5-18\$4326bb3558bc3f06d34f3e87218ccfcd\n gefunden: Trojan.Win32.Sirefef!E2
C:\RECYCLER\S-1-5-18\$4326bb3558bc3f06d34f3e87218ccfcd\U\80000000.@ gefunden: Trojan.Win32.Sirefef.AMN!E1
C:\RECYCLER\S-1-5-18\$4326bb3558bc3f06d34f3e87218ccfcd\U\80000032.@ gefunden: Trojan.Win32.Sirefef.AMN!E1
C:\RECYCLER\S-1-5-18\$4326bb3558bc3f06d34f3e87218ccfcd\U\000000cb.@ gefunden: Backdoor.Win32.ZAccess.AMN!E1
C:\RECYCLER\S-1-5-18\$4326bb3558bc3f06d34f3e87218ccfcd\L\00000004.@ gefunden: Rootkit.Win32.Sirefef!E2
C:\RECYCLER\S-1-5-18\$4326bb3558bc3f06d34f3e87218ccfcd\U\00000008.@ gefunden: Trojan.Dropper.Win32.Miner.AMN!E1
C:\Dokumente und Einstellungen\flo\Lokale Einstellungen\temp\jar_cache2738727237457515325.tmp -> zagruzische.class gefunden: Exploit.Java.CVE-2011!E2
C:\Dokumente und Einstellungen\flo\Lokale Einstellungen\temp\jar_cache2738727237457515325.tmp -> pipka.class gefunden: Exploit.Java.CVE-2011!E2
C:\Dokumente und Einstellungen\flo\Lokale Einstellungen\temp\jar_cache2738727237457515325.tmp -> farel.class gefunden: Exploit.Java.CVE-2011!E2
C:\Dokumente und Einstellungen\flo\Lokale Einstellungen\temp\jar_cache2738727237457515325.tmp -> lipricon.class gefunden: Exploit.Java.CVE-2011!E2
C:\Dokumente und Einstellungen\flo\Lokale Einstellungen\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\27\48f2159b-30de4ca1 -> Atica.class gefunden: JAVA.Agent!E2
C:\Dokumente und Einstellungen\flo\Lokale Einstellungen\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\27\48f2159b-30de4ca1 -> New.class gefunden: Virus.Java.Exploit!E2
C:\Dokumente und Einstellungen\flo\Lokale Einstellungen\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\27\48f2159b-30de4ca1 -> Third.class gefunden: JAVA.Agent!E2
D:\downloads\klg.exe -> $SYSDIR\sfklgcp.exe gefunden: not-a-virus:Monitor.Win32.Sfkeylogger!E2
D:\downloads\klg.exe -> $SYSDIR\sfklg.dll gefunden: not-a-virus:Monitor.Win32.Sfkeylogger.a!E2
Gescannt 604248
Gefunden 48
Scan Ende: 09.09.2012 17:06:57
Scan Zeit: 7:10:35
|
|
09.09.2012, 21:45
| #11 | |
| /// Helfer-Team | gvu / ukash-trojanerZitat:
Du haettest lieber hier weitergemacht. Schlechte Nachrichten! Du hast mehr als eine schwere Infektion auf Deinem Rechner. http://www.trojaner-board.de/56634-rootkits.html Er ist kompromittiert und ist nicht mehr vertrauenswuerdig. Du solletest von einem sauberen System aus alle deine Passwoerter aendern. Ich empfehle dir dringendst den PC vom Netz zu trennen und neu aufzusetzen. Anleitungen zum Neuaufsetzen (bebildert) > Windows 7 neu aufsetzen > Vista > XP 1. Datenrettung:
2. Formatieren, Windows neu instalieren:
3. PC absichern: http://www.trojaner-board.de/96344-a...-rechners.html ich werde außerdem noch weitere punkte dazu posten. 4. alle Passwörter ändern! 5. nach PC Absicherung, die gesicherten Daten prüfen und falls sauber: zurückspielen. |
|
24.04.2013, 16:35
| #12 |
| /// Helfer-Team | gvu / ukash-trojaner Fehlende Rückmeldung Gibt es Probleme beim Abarbeiten obiger Anleitung? Um Kapazitäten für andere Hilfesuchende freizumachen, lösche ich dieses Thema aus meinen Benachrichtigungen. Solltest Du weitermachen wollen, schreibe mir eine PN oder eröffne ein neues Thema. http://www.trojaner-board.de/69886-a...-beachten.html Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner sauber ist. |
|
| Themen zu gvu / ukash-trojaner |
| andere, anderen, cftmon.lnk, go_0molg.pad, gvu trojaner, gvu trojaner 2.07, gvu trojaner entfernen, gvu trojaner mit webcam, opfer, reveton.c, ukash-trojaner, version, webcam gvu trojaner, webcamfenster |
Linear-Darstellung
