Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Polizei Trojaner 100euro Ukash

Polizei Trojaner 100euro Ukash


Log-Analyse und Auswertung: Polizei Trojaner 100euro Ukash

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 19.09.2012, 12:06   #1
Schnoizn
 
Polizei Trojaner 100euro Ukash - Standard

Polizei Trojaner 100euro Ukash


Morgen

Habe seit gestern nacht einen Trojaner auf meinem Hauptbenutzeraccount, der mich auffordert 100€ zu zahlen. Auf meinem andern Account nicht. Da ich aber schonmal einmal so einen ähnlichen Quälgeist hatte frag ich mich wie ich diesen hier wegkriege, weil ich den AKS trojaner auf beiden ACCS hatte. Ich weiß diesmal nicht woher ich ihn habe , aber ich glaub der hat sich bei mir wie ein schläfer versteckt, aufgrunddessen das ich auf seiten die ich nicht kenn, Prinzipiell nur mit Sandboxie raufgeh. Nunja, weil ich zu faul war alles zu machen was hier stand, bin ich wieder da.
Meine schuld, aber aus dummheit kann man hoffentlich nur lernen.


Wollte mit Malwarebytes scannen 2x, habe jedoch 2mal einen bluescreen geschenkt bekommen.

Jetzt einmal OTL drüber gelaufen und die Log datei hier




OTL logfile created on: 19.09.2012 12:52:08 - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = C:\
Windows Vista (TM) Home Premium Service Pack 2 (Version = 6.0.6002) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 54,00% Memory free
6,00 Gb Paging File | 4,00 Gb Available in Paging File | 72,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 445,76 Gb Total Space | 56,37 Gb Free Space | 12,65% Space Free | Partition Type: NTFS
Drive D: | 19,99 Gb Total Space | 10,15 Gb Free Space | 50,76% Space Free | Partition Type: FAT32

Computer Name: BUPI-PC | User Name: Administrator
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet002

========== Win32 Services (SafeList) ==========

SRV - [2012.09.07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.09.07 09:54:36 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.08.15 17:41:21 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.06.17 09:51:58 | 000,075,536 | ---- | M] (SANDBOXIE L.T.D) [Auto] -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV - [2012.06.11 16:22:16 | 000,240,208 | ---- | M] (Microsoft Corporation.) [On_Demand] -- C:\Programme\Microsoft\BingBar\7.1.391.0\SeaPort.EXE -- (BBUpdate)
SRV - [2012.06.11 16:22:16 | 000,193,616 | ---- | M] (Microsoft Corporation.) [Auto] -- C:\Programme\Microsoft\BingBar\7.1.391.0\BBSvc.EXE -- (BBSvc)
SRV - [2012.05.15 12:26:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Auto] -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.05.15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto] -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012.05.03 16:35:04 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand] -- C:\Program Files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2012.05.03 16:33:56 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2012.02.25 15:47:58 | 000,489,256 | ---- | M] (Valve Corporation) [On_Demand] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011.11.18 15:13:54 | 001,510,720 | ---- | M] (TuneUp Software) [Auto] -- C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2011.10.29 12:54:36 | 000,131,912 | ---- | M] (Desura Pty Ltd) [On_Demand] -- C:\Programme\Common Files\Desura\desura_service.exe -- (Desura Install Service)
SRV - [2010.02.12 04:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) [Auto] -- C:\Programme\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2008.01.19 00:38:26 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.10.19 18:42:38 | 000,290,909 | ---- | M] () [Auto] -- C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe -- (TVECapSvc) TVEnhance Background Capture Service (TBCS)
SRV - [2007.10.19 18:42:38 | 000,114,779 | ---- | M] () [Auto] -- C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe -- (TVESched) TVEnhance Task Scheduler (TTS))
SRV - [2007.10.09 00:19:22 | 000,358,936 | ---- | M] (Intel Corporation) [Auto] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2007.06.27 11:18:08 | 000,223,448 | ---- | M] (Intel(R) Corporation) [Auto] -- C:\Program Files\Intel\IntelDH\CCU\AlertService.exe -- (AlertService) Intel(R)
SRV - [2007.06.27 11:17:26 | 000,272,600 | ---- | M] (Intel(R) Corporation) [Auto] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe -- (QualityManager) Intel(R)
SRV - [2007.06.27 11:17:12 | 000,446,680 | ---- | M] (Intel(R) Corporation) [Auto] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe -- (Remote UI Service) Intel(R)
SRV - [2007.06.27 11:16:02 | 000,157,912 | ---- | M] (Intel(R) Corporation) [Auto] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe -- (MCLServiceATL) Intel(R)
SRV - [2007.06.27 11:15:28 | 000,039,640 | ---- | M] (Intel(R) Corporation) [On_Demand] -- C:\Programme\Common Files\Intel\IntelDH\bin\DHTraceController.exe -- (DHTRACE) Intel(R)
SRV - [2007.06.27 11:15:14 | 000,059,096 | ---- | M] (Intel(R) Corporation) [Auto] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe -- (ISSM) Intel(R)
SRV - [2007.06.27 11:14:46 | 000,317,656 | ---- | M] (Intel(R) Corporation) [Auto] -- C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe -- (NMSCore) Intel(R)
SRV - [2007.06.27 11:13:56 | 000,268,504 | ---- | M] () [Auto] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe -- (M1 Server) Intel(R) Viiv(TM)
SRV - [2007.05.28 18:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Auto] -- C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2007.05.17 23:45:33 | 000,271,720 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
SRV - [2007.02.12 12:46:34 | 000,208,896 | ---- | M] () [Auto] -- C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe -- (DQLWinService)
SRV - [2001.11.12 13:31:48 | 000,020,480 | ---- | M] (X10) [Auto] -- C:\Programme\Common Files\X10\Common\X10nets.exe -- (x10nets)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (SynasUSB)
DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand] -- -- (kbeepm)
DRV - File not found [Kernel | On_Demand] -- -- (IpInIp)
DRV - File not found [Kernel | On_Demand] -- -- (esgiguard)
DRV - File not found [Kernel | On_Demand] -- -- (catchme)
DRV - File not found [Kernel | On_Demand] -- -- (az4nx3ux)
DRV - File not found [Kernel | On_Demand] -- -- (ah5cwvwo)
DRV - [2012.09.07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012.06.17 09:51:54 | 000,137,488 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand] -- C:\Programme\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV - [2012.05.15 12:26:00 | 011,354,944 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2012.04.18 19:08:04 | 000,148,800 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2012.01.14 20:15:18 | 000,017,480 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2011.11.08 22:25:24 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand] -- C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2010.07.30 03:32:44 | 001,255,168 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ksaud.sys -- (ksaud)
DRV - [2010.03.03 16:08:13 | 000,165,376 | ---- | M] () [Kernel | Auto] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2010.03.03 16:07:36 | 000,018,048 | ---- | M] () [Kernel | Auto] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2010.02.24 12:22:10 | 000,185,472 | ---- | M] (Protect Software GmbH) [Kernel | Auto] -- C:\Windows\System32\drivers\acedrv11.sys -- (acedrv11)
DRV - [2009.10.02 13:53:46 | 000,158,344 | ---- | M] (Avid Technology, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\MAudioFastTrack.sys -- (MAUSBFASTTRACK)
DRV - [2009.09.04 13:48:39 | 000,108,768 | ---- | M] (Protect Software GmbH) [Kernel | Auto] -- C:\Windows\System32\drivers\ACEDRV08.sys -- (ACEDRV08)
DRV - [2009.05.11 10:12:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2008.03.29 13:21:23 | 000,717,296 | ---- | M] () [Kernel | Boot] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2008.01.08 09:17:08 | 001,302,368 | ---- | M] (NXP Semiconductors Germany GmbH) [Kernel | On_Demand] -- C:\Windows\System32\drivers\3xHybrid.sys -- (3xHybrid)
DRV - [2007.10.29 14:48:42 | 000,005,632 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\IntelDH.sys -- (IntelDH)
DRV - [2007.09.21 10:38:22 | 000,554,496 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\netr28u.sys -- (netr28u)
DRV - [2007.06.29 14:47:34 | 000,034,304 | ---- | M] (AMD, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\AmdLLD.sys -- (AmdLLD)
DRV - [2007.06.27 11:17:46 | 000,014,552 | ---- | M] () [File_System | On_Demand] -- C:\Programme\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.sys -- (TSHWMDTCP)
DRV - [2007.06.19 11:37:58 | 000,229,248 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)
DRV - [2007.04.10 23:46:53 | 001,966,312 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\VX1000.sys -- (VX1000)
DRV - [2007.02.18 21:34:50 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto] -- C:\Windows\System32\drivers\nmsunidr.sys -- (nmsunidr)
DRV - [2007.02.08 19:44:43 | 000,083,320 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot] -- C:\Windows\System32\drivers\sfvfs02.sys -- (sfvfs02) StarForce Protection VFS Driver (version 2.x)
DRV - [2006.11.30 15:18:18 | 000,027,416 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\x10ufx2.sys -- (XUIF)
DRV - [2006.11.17 10:31:04 | 000,013,976 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\x10hid.sys -- (X10Hid)
DRV - [2006.11.02 09:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006.07.05 14:39:29 | 000,059,256 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot] -- C:\Windows\System32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x)
DRV - [2006.06.14 16:56:56 | 000,013,680 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot] -- C:\Windows\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)
DRV - [2005.11.22 15:04:42 | 008,719,104 | ---- | M] () [Kernel | On_Demand] -- C:\Windows\System32\drivers\snpstd3.sys -- (SNPSTD3) USB PC Camera (SNPSTD3)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-406249821-1696615750-2729680667-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/
IE - HKU\S-1-5-21-406249821-1696615750-2729680667-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA
IE - HKU\S-1-5-21-406249821-1696615750-2729680667-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA
IE - HKU\S-1-5-21-406249821-1696615750-2729680667-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.aldi.com/
IE - HKU\S-1-5-21-406249821-1696615750-2729680667-1000\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-406249821-1696615750-2729680667-1000\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-406249821-1696615750-2729680667-1000\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-406249821-1696615750-2729680667-1000\..\URLSearchHook: {ecdee021-0d17-467f-a1ff-c7a115230949} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-406249821-1696615750-2729680667-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-406249821-1696615750-2729680667-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-21-406249821-1696615750-2729680667-500\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/
IE - HKU\S-1-5-21-406249821-1696615750-2729680667-500\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.aldi.com/
IE - HKU\S-1-5-21-406249821-1696615750-2729680667-500\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-406249821-1696615750-2729680667-500\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-406249821-1696615750-2729680667-500\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-406249821-1696615750-2729680667-500\..\URLSearchHook: {ecdee021-0d17-467f-a1ff-c7a115230949} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-406249821-1696615750-2729680667-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-406249821-1696615750-2729680667-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\System32\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Programme\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.116.0: File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.122.0: C:\Programme\Battlelog Web Plugins\1.122.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Programme\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Programme\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Programme\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Programme\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Programme\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc;version=0.8.6f: C:\Programme\VideoLAN\VLC\npvlc.dll (VideoLAN Team)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.09.07 09:54:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.09.07 09:54:33 | 000,000,000 | ---D | M]

[2012.03.03 18:31:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\mozilla\Extensions
[2012.09.07 09:54:32 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.09.07 09:54:32 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2012.09.07 09:54:32 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
File not found (No name found) --
[2012.09.07 09:54:36 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2008.01.08 02:45:16 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\mozilla firefox\plugins\npbittorrent.dll
[2010.09.27 15:03:39 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2003.12.19 12:58:34 | 000,057,344 | ---- | M] (Playnet Inc.) -- C:\Program Files\mozilla firefox\plugins\NPplaynet.dll
[2012.06.11 11:13:12 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.30 18:54:28 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.06.11 11:13:12 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.11 11:13:12 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.11 11:13:12 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.11 11:13:12 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2012.07.05 00:00:33 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Programme\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O3 - HKU\S-1-5-21-406249821-1696615750-2729680667-1000\..\Toolbar\WebBrowser: (no name) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - No CLSID value found.
O3 - HKU\S-1-5-21-406249821-1696615750-2729680667-1000\..\Toolbar\WebBrowser: (no name) - {ECDEE021-0D17-467F-A1FF-C7A115230949} - No CLSID value found.
O3 - HKU\S-1-5-21-406249821-1696615750-2729680667-500\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-406249821-1696615750-2729680667-500\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com)
O4 - HKLM..\Run: [amd_dc_opt] C:\Programme\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [CCUTRAYICON] C:\Programme\Intel\IntelDH\CCU\CCU_TrayIcon.exe (Intel(R) Corporation)
O4 - HKLM..\Run: [Creative SB Monitoring Utility] C:\Windows\System32\SBAVMon.dll (Creative Technology Ltd.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Module Loader] C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NMSSupport] C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe (Intel Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [tsnpstd3] C:\Windows\tsnpstd3.exe ()
O4 - HKLM..\Run: [TVEService] C:\Program Files\HomeCinema\TV Enhance\TVEService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [VolPanel] C:\Program Files\Creative\Sound Blaster X-Fi Surround 5.1 Pro\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [VX1000] C:\Windows\vVX1000.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-406249821-1696615750-2729680667-1000..\Run: [{9B338E1F-26D8-3356-2B12-4DA1683823F3}] File not found
O4 - HKU\S-1-5-21-406249821-1696615750-2729680667-1000..\Run: [{E1C80263-F055-11DC-B0CA-806E6F6E6963}] File not found
O4 - HKU\S-1-5-21-406249821-1696615750-2729680667-1000..\Run: [4E3E0230AEBB4E96] File not found
O4 - HKU\S-1-5-21-406249821-1696615750-2729680667-1000..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKU\S-1-5-21-406249821-1696615750-2729680667-1000..\Run: [EADM] C:\Program Files\Origin\Origin.exe (Electronic Arts)
O4 - HKU\S-1-5-21-406249821-1696615750-2729680667-1000..\Run: [NVIDIA driver monitor] File not found
O4 - HKU\S-1-5-21-406249821-1696615750-2729680667-1000..\Run: [OnlineFestplatte] C:\Program Files\aon\Onlinefestplatte\OnlineFestplatte.exe (Telekom Austria TA AG)
O4 - HKU\S-1-5-21-406249821-1696615750-2729680667-1000..\Run: [RGSC] File not found
O4 - HKU\S-1-5-21-406249821-1696615750-2729680667-1000..\Run: [Steam] C:\Program Files\Steam\steam.exe (Valve Corporation)
O4 - HKU\S-1-5-21-406249821-1696615750-2729680667-1000..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-406249821-1696615750-2729680667-1000..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-406249821-1696615750-2729680667-500..\Run: [{9B338E1F-26D8-3356-2B12-4DA1683823F3}] File not found
O4 - HKU\S-1-5-21-406249821-1696615750-2729680667-500..\Run: [{E1C80263-F055-11DC-B0CA-806E6F6E6963}] File not found
O4 - HKU\S-1-5-21-406249821-1696615750-2729680667-500..\Run: [4E3E0230AEBB4E96] File not found
O4 - HKU\S-1-5-21-406249821-1696615750-2729680667-500..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKU\S-1-5-21-406249821-1696615750-2729680667-500..\Run: [EADM] C:\Program Files\Origin\Origin.exe (Electronic Arts)
O4 - HKU\S-1-5-21-406249821-1696615750-2729680667-500..\Run: [NVIDIA driver monitor] File not found
O4 - HKU\S-1-5-21-406249821-1696615750-2729680667-500..\Run: [OnlineFestplatte] C:\Program Files\aon\Onlinefestplatte\OnlineFestplatte.exe (Telekom Austria TA AG)
O4 - HKU\S-1-5-21-406249821-1696615750-2729680667-500..\Run: [RGSC] File not found
O4 - HKU\S-1-5-21-406249821-1696615750-2729680667-500..\Run: [Steam] C:\Program Files\Steam\steam.exe (Valve Corporation)
O4 - HKU\S-1-5-21-406249821-1696615750-2729680667-500..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-406249821-1696615750-2729680667-500..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-406249821-1696615750-2729680667-1000..\RunOnce: [CTAutoUpdate] C:\Program Files\Creative\Shared Files\Software Update\AutoUpdate.exe (Creative Technology Ltd)
O4 - HKU\S-1-5-21-406249821-1696615750-2729680667-1000..\RunOnce: [InetReg] C:\Program Files\Creative\Produktregistrierung\German\InetReg.exe (Creative Technology Ltd)
O4 - Startup: C:\Users\bupi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = File not found
O4 - Startup: C:\Users\bupi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 2.4.lnk = C:\Programme\OpenOffice.org 2.4\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\S-1-5-21-406249821-1696615750-2729680667-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-406249821-1696615750-2729680667-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - File not found
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} hxxp://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab (System Requirements Lab Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Java Plug-in 1.6.0_04)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (c:\progra~2\bprote~1\22463~1.83\protec~1.dll) - File not found
O20 - AppInit_DLLs: (c:\progra~1\google\google~1\googledesktopnetwork3.dll) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{07656abd-6504-11e0-96e4-001d9223a406}\Shell - "" = AutoRun
O33 - MountPoints2\{07656abd-6504-11e0-96e4-001d9223a406}\Shell\AutoRun\command - "" = K:\autorun.exe
O33 - MountPoints2\{184a6769-3771-11e0-a241-001d9223a406}\Shell\AutoRun\command - "" = L:\setup.exe
O33 - MountPoints2\{e1c80267-f055-11dc-b0ca-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{e1c80267-f055-11dc-b0ca-806e6f6e6963}\Shell\AutoRun\command - "" = E:\CTRun\Start.EXE
O33 - MountPoints2\{eb7a6596-f2fd-11de-8a11-001d9223a406}\Shell - "" = AutoRun
O33 - MountPoints2\{eb7a6596-f2fd-11de-8a11-001d9223a406}\Shell\AutoRun\command - "" = "K:\WD SmartWare.exe" autoplay=true
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012.09.18 16:52:58 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Malwarebytes
[2012.09.18 16:00:55 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Macromedia
[2012.09.18 15:57:08 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Creative
[2012.09.18 15:57:08 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Ahead
[2012.09.18 15:44:47 | 000,000,000 | ---D | C] -- C:\ProgramData\aivqeldzuwdcnhp
[2012.09.07 09:54:31 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2008.07.06 22:20:42 | 000,061,440 | ---- | C] ( ) -- C:\Windows\System32\rsnpstd3.dll
[2008.07.06 22:20:42 | 000,061,440 | ---- | C] ( ) -- C:\Windows\System32\csnpstd3.dll
[2008.07.06 22:20:42 | 000,053,248 | ---- | C] ( ) -- C:\Windows\vsnpstd3.dll
[2008.07.06 22:20:42 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\vsnpstd3.dll

========== Files - Modified Within 30 Days ==========

[2012.09.19 12:41:15 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.09.19 12:32:06 | 000,007,916 | ---- | M] () -- C:\Users\Administrator\AppData\Local\d3d9caps.dat
[2012.09.19 12:32:04 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.09.19 12:30:01 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.09.19 12:28:56 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.09.19 12:28:56 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.09.19 12:28:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.09.19 12:28:50 | 3219,312,640 | -HS- | M] () -- C:\hiberfil.sys
[2012.09.19 03:37:56 | 341,801,364 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.09.19 03:08:34 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2012.09.18 16:54:12 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.09.18 16:54:12 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.09.18 15:58:27 | 000,003,584 | ---- | M] () -- C:\Users\Administrator\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.09.18 15:44:47 | 000,074,127 | ---- | M] () -- C:\ProgramData\dovplsbuqlopguh
[2012.09.18 15:44:36 | 000,080,896 | ---- | M] () -- C:\Windows\fxtywkrt.exe
[2012.09.18 15:44:36 | 000,080,896 | ---- | M] () -- C:\ProgramData\fxtywkrt.exe
[2012.09.13 00:18:04 | 000,000,820 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
[2012.09.07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2012.09.19 03:37:56 | 341,801,364 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012.09.18 15:58:27 | 000,003,584 | ---- | C] () -- C:\Users\Administrator\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.09.18 15:57:08 | 000,007,916 | ---- | C] () -- C:\Users\Administrator\AppData\Local\d3d9caps.dat
[2012.09.18 15:44:46 | 000,080,896 | ---- | C] () -- C:\Windows\fxtywkrt.exe
[2012.09.18 15:44:45 | 000,080,896 | ---- | C] () -- C:\ProgramData\fxtywkrt.exe
[2012.09.18 15:44:37 | 000,074,127 | ---- | C] () -- C:\ProgramData\dovplsbuqlopguh
[2012.07.09 11:57:43 | 000,001,514 | ---- | C] () -- C:\Windows\Sandboxie.ini
[2012.07.04 23:43:03 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.07.04 23:43:03 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.07.04 23:43:03 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.07.04 23:43:03 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.07.04 23:43:03 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.05.15 02:21:50 | 000,423,744 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe
[2012.05.03 16:43:11 | 000,181,760 | ---- | C] () -- C:\Windows\System32\APOMngr.DLL
[2012.05.03 16:43:11 | 000,073,728 | ---- | C] () -- C:\Windows\System32\CmdRtr.DLL
[2012.05.03 16:42:28 | 000,044,795 | R--- | C] () -- C:\Windows\System32\kschimp.ini
[2012.05.03 16:36:54 | 000,034,637 | ---- | C] () -- C:\Windows\System32\ksaud.ini
[2012.05.03 16:36:54 | 000,001,772 | ---- | C] () -- C:\ProgramData\cfSB1095.ini
[2012.03.10 19:31:50 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2012.01.01 23:34:07 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011.11.26 20:31:31 | 000,110,592 | ---- | C] () -- C:\Windows\System32\rtvcvfw32.dll
[2011.11.16 12:28:01 | 000,150,346 | ---- | C] () -- C:\Windows\hpwins10.dat
[2011.11.16 12:27:52 | 000,010,385 | ---- | C] () -- C:\Windows\hpwscr10.dat
[2011.11.16 12:27:52 | 000,001,042 | ---- | C] () -- C:\Windows\hpwmdl10.dat
[2011.11.14 13:50:01 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011.11.14 13:49:07 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011.11.14 13:49:07 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2011.10.14 03:03:30 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2011.09.28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2011.03.29 10:00:00 | 000,080,896 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2011.03.24 21:35:18 | 000,243,200 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011.03.24 21:28:12 | 000,631,808 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011.03.02 12:43:46 | 000,175,616 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2010.08.27 15:43:58 | 002,434,856 | ---- | C] () -- C:\Windows\System32\pbsvc_bc2.exe
[2010.03.03 16:08:13 | 000,165,376 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2010.03.03 16:07:36 | 000,018,048 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2009.09.21 12:58:42 | 000,000,190 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2009.09.06 16:00:56 | 000,037,632 | ---- | C] () -- C:\Windows\DPUNIN20.EXE
[2009.08.14 00:14:31 | 000,314,702 | ---- | C] () -- C:\Windows\Theatre Of War Uninstaller.exe
[2009.08.03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009.08.03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009.03.12 16:13:33 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll
[2009.02.25 16:25:52 | 000,140,800 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2009.02.25 16:25:37 | 000,283,304 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2009.02.25 16:25:35 | 000,794,408 | ---- | C] () -- C:\Windows\System32\pbsvc.exe
[2009.02.25 16:25:35 | 000,076,888 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2009.01.23 22:21:04 | 000,002,892 | ---- | C] () -- C:\Windows\System32\audcon.sys
[2009.01.21 17:44:51 | 000,000,019 | ---- | C] () -- C:\Windows\KNP.INI
[2009.01.03 23:23:43 | 000,286,208 | ---- | C] () -- C:\Windows\System32\binkw32.dll
[2008.12.22 20:35:30 | 000,200,704 | ---- | C] () -- C:\Windows\System32\teulKit.dll
[2008.09.14 10:59:31 | 000,069,632 | ---- | C] () -- C:\Windows\System32\xmltok.dll
[2008.09.14 10:59:31 | 000,036,864 | ---- | C] () -- C:\Windows\System32\xmlparse.dll
[2008.08.19 21:56:07 | 000,001,600 | ---- | C] () -- C:\Windows\eReg.dat
[2008.07.21 21:52:35 | 000,000,347 | ---- | C] () -- C:\Windows\CoDUO.INI
[2008.07.21 21:41:38 | 000,000,745 | ---- | C] () -- C:\Windows\CoD.INI
[2008.07.08 12:21:57 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2008.07.06 22:20:43 | 000,339,968 | ---- | C] () -- C:\Windows\vsnpstd3.exe
[2008.07.06 22:20:43 | 000,090,112 | ---- | C] () -- C:\Windows\tsnpstd3.exe
[2008.07.06 22:20:43 | 000,015,498 | ---- | C] () -- C:\Windows\snpstd3.ini
[2008.07.06 22:20:42 | 008,719,104 | ---- | C] () -- C:\Windows\System32\drivers\snpstd3.sys
[2008.07.06 22:20:42 | 000,020,480 | ---- | C] () -- C:\Windows\usnpstd3.exe
[2008.07.06 17:27:53 | 000,000,001 | ---- | C] () -- C:\Windows\System32\SI.bin
[2008.03.20 23:20:38 | 000,399,360 | ---- | C] () -- C:\Windows\System32\Smab.dll
[2008.03.20 23:20:37 | 000,502,784 | ---- | C] () -- C:\Windows\x2.64.exe
[2008.03.20 23:20:37 | 000,240,128 | ---- | C] () -- C:\Windows\System32\x.264.exe
[2008.03.20 23:20:37 | 000,066,560 | ---- | C] () -- C:\Windows\MOTA113.exe
[2008.03.20 23:20:37 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2008.03.20 23:20:36 | 000,217,073 | ---- | C] () -- C:\Windows\meta4.exe
[2008.03.20 23:19:04 | 000,151,040 | -HS- | C] () -- C:\Windows\System32\VistaUltm.dll
[2008.03.20 23:19:04 | 000,027,648 | -HS- | C] () -- C:\Windows\System32\Smab0.dll
[2008.03.19 15:05:00 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html
[2008.03.15 19:03:28 | 000,000,032 | ---- | C] () -- C:\ProgramData\ezsid.dat
[2008.01.28 11:39:58 | 000,009,824 | ---- | C] () -- C:\Windows\System32\34CoInstaller.dll
[2007.10.29 12:55:47 | 000,000,000 | ---- | C] () -- C:\Windows\homeDVD-Fotos.INI
[2007.10.29 12:53:22 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2007.10.29 12:45:31 | 000,006,768 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2007.10.23 17:07:03 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2007.10.23 13:59:52 | 000,127,184 | ---- | C] () -- C:\Windows\Unwise.exe
[2007.04.10 23:46:52 | 000,015,498 | ---- | C] () -- C:\Windows\VX1000.ini
[2006.12.11 06:06:31 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2006.11.02 17:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2006.11.02 17:33:31 | 000,117,714 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2006.11.02 17:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2006.11.02 17:33:31 | 000,000,000 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:47:37 | 000,403,920 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:33:01 | 000,582,484 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,096,748 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006.06.23 11:09:34 | 000,019,968 | R--- | C] () -- C:\Windows\System32\cpuinf32.dll
[2005.10.15 14:25:20 | 000,028,672 | ---- | C] () -- C:\Windows\System32\myodbc3i.exe
[2005.10.15 14:25:20 | 000,011,776 | ---- | C] () -- C:\Windows\System32\myodbc3m.exe
[2004.12.08 05:21:10 | 000,065,536 | ---- | C] () -- C:\Windows\System32\xfire_lsp_10650.dll
[1997.06.14 13:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll

========== LOP Check ==========

[2012.03.12 02:05:54 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\DAEMON Tools Pro
[2012.03.03 18:29:07 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Origin
[2012.03.03 18:37:37 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\TuneUp Software
[2012.07.16 12:42:11 | 000,000,000 | ---D | M] -- C:\ProgramData\Ableton
[2012.09.18 15:44:47 | 000,000,000 | ---D | M] -- C:\ProgramData\aivqeldzuwdcnhp
[2008.03.12 19:20:33 | 000,000,000 | -HSD | M] -- C:\ProgramData\Anwendungsdaten
[2006.11.02 15:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2009.08.13 12:33:20 | 000,000,000 | ---D | M] -- C:\ProgramData\Babylon
[2012.07.17 15:48:28 | 000,000,000 | ---D | M] -- C:\ProgramData\bProtectorForWindows
[2011.04.14 16:57:12 | 000,000,000 | ---D | M] -- C:\ProgramData\DAEMON Tools Pro
[2006.11.02 15:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2011.10.29 12:51:39 | 000,000,000 | ---D | M] -- C:\ProgramData\Desura
[2006.11.02 15:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2008.03.12 19:20:33 | 000,000,000 | -HSD | M] -- C:\ProgramData\Dokumente
[2011.07.21 15:14:33 | 000,000,000 | -HSD | M] -- C:\ProgramData\DSS
[2011.11.10 16:04:52 | 000,000,000 | ---D | M] -- C:\ProgramData\EA Core
[2012.03.01 01:00:04 | 000,000,000 | ---D | M] -- C:\ProgramData\EA Logs
[2011.10.28 16:28:32 | 000,000,000 | ---D | M] -- C:\ProgramData\eH21712AgMgB21712
[2011.11.14 14:36:26 | 000,000,000 | ---D | M] -- C:\ProgramData\Electronic Arts
[2008.03.12 19:20:33 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favoriten
[2006.11.02 15:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2012.07.17 15:49:01 | 000,000,000 | ---D | M] -- C:\ProgramData\IBUpdaterService
[2009.12.09 21:48:02 | 000,000,000 | ---D | M] -- C:\ProgramData\ICQ
[2009.08.30 16:49:16 | 000,000,000 | ---D | M] -- C:\ProgramData\KONAMI
[2010.10.11 17:00:57 | 000,000,000 | ---D | M] -- C:\ProgramData\m2backup
[2010.10.12 16:25:40 | 000,000,000 | ---D | M] -- C:\ProgramData\m2portal
[2007.10.29 12:46:31 | 000,000,000 | ---D | M] -- C:\ProgramData\MAGIX
[2010.10.11 17:00:57 | 000,000,000 | ---D | M] -- C:\ProgramData\mquadr.at
[2012.09.18 16:51:24 | 000,000,000 | ---D | M] -- C:\ProgramData\Origin
[2008.06.18 17:57:14 | 000,000,000 | ---D | M] -- C:\ProgramData\PopCap Games
[2010.03.03 16:08:23 | 000,000,000 | ---D | M] -- C:\ProgramData\SpieleEntwicklungsKombinat
[2006.11.02 15:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2008.03.12 19:20:33 | 000,000,000 | -HSD | M] -- C:\ProgramData\Startmenü
[2008.06.18 17:56:46 | 000,000,000 | ---D | M] -- C:\ProgramData\Steam
[2009.01.23 22:21:04 | 000,000,000 | ---D | M] -- C:\ProgramData\Syncrosoft
[2006.11.02 15:02:04 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
[2011.11.26 20:33:09 | 000,000,000 | ---D | M] -- C:\ProgramData\TuneUp Software
[2012.01.01 13:24:45 | 000,000,000 | ---D | M] -- C:\ProgramData\Ubisoft
[2007.10.23 16:01:51 | 000,000,000 | ---D | M] -- C:\ProgramData\Ulead Systems
[2008.03.12 19:20:33 | 000,000,000 | -HSD | M] -- C:\ProgramData\Vorlagen
[2009.07.04 19:50:50 | 000,000,000 | ---D | M] -- C:\ProgramData\WindowsSearch
[2007.10.23 14:04:20 | 000,000,000 | ---D | M] -- C:\ProgramData\X10 Settings
[2010.10.11 17:00:05 | 000,000,000 | -H-D | M] -- C:\ProgramData\{0B1855D9-8D06-4BE1-B93C-7EFA1D0C3E32}
[2007.10.23 15:37:41 | 000,000,000 | ---D | M] -- C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
[2010.10.11 16:47:14 | 000,000,000 | -H-D | M] -- C:\ProgramData\{29558F44-C67B-4F2C-99E0-F1CE2AE1F960}
[2011.11.26 20:29:54 | 000,000,000 | -HSD | M] -- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936}
[2010.10.11 16:47:05 | 000,000,000 | -H-D | M] -- C:\ProgramData\{392ECEAB-FD15-485B-8C44-C2C591EDECB5}
[2010.09.10 01:00:06 | 000,000,000 | ---D | M] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010.01.01 18:23:50 | 000,000,000 | ---D | M] -- C:\ProgramData\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010.10.11 17:00:22 | 000,000,000 | -H-D | M] -- C:\ProgramData\{DE1CDDDC-29FB-4BCF-94A4-B8339595BAB7}
[2012.09.19 12:27:53 | 000,032,584 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========


< End of report >

Alt 19.09.2012, 12:18   #2
markusg
/// Malware-holic
 
Polizei Trojaner 100euro Ukash - Standard

Polizei Trojaner 100euro Ukash


hi
das mit dem "schläfer" ist quatsch :-)
und, man geht prinzipiell, auf alle seiten mit der sandbox.
nur weil du ne seite kennst, ist sie doch nicht sauber...
auf deinem zweiten pc gehe auf start, programme zubehör editor, kopiere dort
rein:
Code:
ATTFilter
:OTL
[2012.09.18 15:44:47 | 000,074,127 | ---- | M] () -- C:\ProgramData\dovplsbuqlopguh
[2012.09.18 15:44:36 | 000,080,896 | ---- | M] () -- C:\Windows\fxtywkrt.exe
[2012.09.18 15:44:36 | 000,080,896 | ---- | M] () -- C:\ProgramData\fxtywkrt.exe
:Files
:Commands
[purity]
[EMPTYFLASH] 
[emptytemp]
[Reboot]


dieses speicherst du auf nem usb stick als fix.txt
nutze nun wieder OTLPENet.exe (starte also von der erstellten cd) und hake alles an, wie es bereits im post zu OTLPENet.exe beschrieben ist.
• Klicke nun bitte auf den Fix Button.
es sollte nun eine meldung ähnlich dieser: "load fix from file" erscheinen, lade also die fix.txt von deinem stick.
wenn dies nicht funktioniert, bitte den fix manuell eintragen.
dann klicke erneut den fix buton. pc startet evtl. neu. wenn ja, nimm die cd aus dem laufwerk, windows sollte nun normal starten und die otl.txt öffnen,
log posten bitte.
__________________

__________________
Alt 19.09.2012, 12:37   #3
Schnoizn
 
Polizei Trojaner 100euro Ukash - Standard

Polizei Trojaner 100euro Ukash


Habs von meinem 2ten acc gemacht, macht glaub ich kein unterschied

========== OTL ==========
C:\ProgramData\dovplsbuqlopguh moved successfully.
C:\Windows\fxtywkrt.exe moved successfully.
C:\ProgramData\fxtywkrt.exe moved successfully.
========== FILES ==========
========== COMMANDS ==========

[EMPTYFLASH]

User: Administrator
->Temp folder emptied: 44059 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 173503966 bytes
->Flash cache emptied: 926 bytes

User: All Users

User: bupi
->Temp folder emptied: 31832 bytes
->Temporary Internet Files folder emptied: 85360 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: IUSR_NMPR
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 166,00 mb


[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32768 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 37501017 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: bupi
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: IUSR_NMPR
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3428 bytes

Total Files Cleaned = 36,00 mb


OTLPE by OldTimer - Version 3.1.48.0 log created on 09192012_133019

Files\Folders moved on Reboot...
C:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\1xu29uxl.default\startupCache\startupCache.4.little moved successfully.
C:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\1xu29uxl.default\Cache\_CACHE_001_ moved successfully.
C:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\1xu29uxl.default\Cache\_CACHE_002_ moved successfully.
C:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\1xu29uxl.default\Cache\_CACHE_003_ moved successfully.
C:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\1xu29uxl.default\Cache\_CACHE_MAP_ moved successfully.
C:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\1xu29uxl.default\urlclassifier3.sqlite moved successfully.

Registry entries deleted on Reboot...



EDIT: Bin derzeit wieder normal in meinem acc drin
__________________
Alt 19.09.2012, 19:45   #4
markusg
/// Malware-holic
 
Polizei Trojaner 100euro Ukash - Standard

Polizei Trojaner 100euro Ukash


zum glauben kannst du in die kirche gehen, das nächste mal so machen wie geschrieben, ansonsten kanns probleme geben mit dem pc und ich hab eigendlich keine lust mehr arbeit als nötig zu haben.
Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.
Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Antwort

Themen zu Polizei Trojaner 100euro Ukash
adobe, askbar, avira, bho, bingbar, bluescreen, bonjour, defender, error, euro, explorer, firefox, flash player, format, helper, home, launch, logfile, mozilla, nodrives, nvidia update, origin, plug-in, realtek, registry, scan, seiten, senden, server, software, trojaner, vista


« Online Cyber Police Trojaner Austria | GVU-Trojaner Win7 64Bit Home Premium »


Ähnliche Themen: Polizei Trojaner 100euro Ukash


  1. Ukash Polizei Trojaner - Österreich Variante
    Log-Analyse und Auswertung - 02.02.2013 (5)
  2. Polizei Trojaner - Bezahlen Sie mit Ukash
    Plagegeister aller Art und deren Bekämpfung - 26.11.2012 (19)
  3. Polizei Trojaner / Ukash
    Plagegeister aller Art und deren Bekämpfung - 22.11.2012 (20)
  4. Ukash Luxemb. Polizei Trojaner , Isass.exe, ctfmon.lon, TR/Drop.Injector.fydy Trojan
    Log-Analyse und Auswertung - 15.11.2012 (16)
  5. Ukash Polizei Trojaner
    Plagegeister aller Art und deren Bekämpfung - 08.11.2012 (9)
  6. Ukash Polizei Trojaner, gelöscht, ist wirklich alles weg?
    Log-Analyse und Auswertung - 23.10.2012 (30)
  7. UKASH-POLIZEI-Trojaner
    Log-Analyse und Auswertung - 23.10.2012 (3)
  8. Polizei-Ukash Trojaner
    Log-Analyse und Auswertung - 18.10.2012 (32)
  9. Polizei-Trojaner Österreich (100€ über Ukash zahlen)
    Plagegeister aller Art und deren Bekämpfung - 21.09.2012 (14)
  10. Ukash Polizei Virus eingefangen.
    Plagegeister aller Art und deren Bekämpfung - 19.09.2012 (29)
  11. (2x) Polizei/Gema/Ukash Trojaner auf Netbook win7 32 bit
    Mülltonne - 31.08.2012 (2)
  12. Ukash Österreichische Polizei Virus
    Plagegeister aller Art und deren Bekämpfung - 22.08.2012 (13)
  13. Polizei - UKash Trojaner
    Plagegeister aller Art und deren Bekämpfung - 16.08.2012 (9)
  14. desktop gesperrt, zahlung 100euro verlangt für freigabe (ähnlich bka-ukash)
    Plagegeister aller Art und deren Bekämpfung - 29.06.2012 (13)
  15. Bundes Polizei Virus Ukash
    Log-Analyse und Auswertung - 20.04.2012 (7)
  16. Gesperrt durch virus ( 100euro ukash)
    Log-Analyse und Auswertung - 04.04.2012 (9)
  17. Polizei Trojaner 100Euro Paysafe
    Log-Analyse und Auswertung - 22.03.2012 (1)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Polizei Trojaner 100euro Ukash - Morgen Habe seit gestern nacht einen Trojaner auf meinem Hauptbenutzeraccount, der mich auffordert 100€ zu zahlen. Auf meinem andern Account nicht. Da ich aber schonmal einmal so einen ähnlichen Quälgeist - Polizei Trojaner 100euro Ukash...
Archiv
Du betrachtest: Polizei Trojaner 100euro Ukash auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19