| |
| |||||||
Log-Analyse und Auswertung: Der Computer ist für die Verletzung der Gesetze der bundesrepublik Deutschland wurde blockiertWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
26.10.2012, 21:16
| #1 |
| |  Der Computer ist für die Verletzung der Gesetze der bundesrepublik Deutschland wurde blockiert Hallo, Ich habe den Windows 7 und mein Computer wurde von dem Verschlüsselungstrojaner befallen. Der abgesichete Modus funktioniert. Anbei schicke ich euch die Logs, die nach dem scannen mit dem Malwarebytes Anti-Malware entstanden sind. Ich hoffe jemand könnte mir helfen. |
|
27.10.2012, 07:19
| #2 | ||
| /// Helfer-Team    | Der Computer ist für die Verletzung der Gesetze der bundesrepublik Deutschland wurde blockiert Hallo und Herzlich Willkommen!
__________________ Habe leider schlechte Nachricht für Dich, da hast Du Dir ein grausliches Tierchen eingefangen  :Zitat:
- einen Backdoor mit Rootkitfunktionalität diese Malware verwendet Rootkit-Technologie und Backdoor-Routine *was sind Backdoors und Rootkits* Verhaltensweise: "speicherresident" ► Um deine Daten wiederherstellen können bzw retten, was noch zu retten ist, beantworte mir die Frage und gehe wie folgt vor: 1. ► Welche Art und Weise wurden die Daten (Eigene Dateien wie Bilder, Dokumente, Musik etc) bereits verschlüsselt? Kannst Du ein Beispiel nennen? Dateiändung wurden zugefügt (z.B "locked- .wxyz"), oder nach einem Zufallsprinzip besteht ein Dateiname aus Groß und Kleinbuchstaben (wie z.B QsEEUTODXNVqyssQ) andere? Nämlich manche Varianten lassen sich entschlüsseln, andere wieder leider nicht.. 2. Systemscan mit OTL Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop.
Zitat:
** Möglichst nicht ins internet gehen, kein Online-Banking, File-sharing, Chatprogramme usw grußkira
__________________ |
|
27.10.2012, 13:28
| #3 | |
| | Der Computer ist für die Verletzung der Gesetze der bundesrepublik Deutschland wurde blockiert Vielen Dank für die hinweise. Ich habe im Moment den Systemscan laufen und poste die Ergebnisse in Kürze.
__________________Zitat:
Soweit ich weiß, sind meine Dateien nicht verschlüsselt. Sie liegen einfach auf dem Desktop ... zumindest mache ich nichts zusätzlich. Vielleicht kann mir das jemand erklären, damit ich diesen Punkt richtiger beantworten kann. --------------------------------------------------------------------------------------------------- Hier jetzt die beiden Files: OTL EXTRAS Logfile: Code:
ATTFilter OTL logfile created on: 2012-10-27 14:23:34 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Zaksia\Desktop Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 3,37 Gb Total Physical Memory | 2,69 Gb Available Physical Memory | 80,05% Memory free 6,73 Gb Paging File | 6,21 Gb Available in Paging File | 92,24% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 126,95 Gb Total Space | 28,71 Gb Free Space | 22,61% Space Free | Partition Type: NTFS Drive D: | 3,73 Gb Total Space | 0,39 Gb Free Space | 10,45% Space Free | Partition Type: FAT32 Drive E: | 338,81 Gb Total Space | 275,56 Gb Free Space | 81,33% Space Free | Partition Type: NTFS Computer Name: ZAKSIA-KOMPUTER | User Name: Zaksia | Logged in as Administrator. Boot Mode: SafeMode | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012-10-27 14:10:06 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Zaksia\Desktop\OTL.exe PRC - [2012-09-12 17:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe PRC - [2011-02-25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe ========== Modules (No Company Name) ========== MOD - [2011-03-17 01:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF ========== Services (SafeList) ========== SRV - [2012-10-09 17:30:19 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012-09-12 17:25:24 | 000,287,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv) SRV - [2012-09-12 17:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc) SRV - [2012-09-07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012-09-07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012-07-13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012-01-18 16:46:51 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2012-01-18 14:24:52 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc) SRV - [2012-01-03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011-06-12 12:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service) SRV - [2009-07-14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009-07-14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009-07-14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tsusbhub.sys -- (tsusbhub) DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\synth3dvsc.sys -- (Synth3dVsc) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Zaksia\AppData\Local\Temp\catchme.sys -- (catchme) DRV - [2012-09-07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2012-08-30 22:03:50 | 000,099,272 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv) DRV - [2011-06-02 07:47:22 | 000,136,808 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdm.sys -- (ssadmdm) DRV - [2011-06-02 07:47:22 | 000,121,064 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadbus.sys -- (ssadbus) DRV - [2011-06-02 07:47:22 | 000,114,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadserd.sys -- (ssadserd) DRV - [2011-06-02 07:47:22 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdfl.sys -- (ssadmdfl) DRV - [2010-12-21 07:55:02 | 000,030,312 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadadb.sys -- (androidusb) DRV - [2010-11-20 05:30:16 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus) DRV - [2010-11-20 05:30:16 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt) DRV - [2010-11-20 05:30:16 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc) DRV - [2010-11-20 03:24:42 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010-11-20 03:21:16 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV - [2010-11-20 02:59:46 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010-11-20 02:14:46 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID) DRV - [2010-11-20 02:14:42 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap) DRV - [2010-11-09 14:35:30 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\cpuz135_x32.sys -- (cpuz135) DRV - [2009-07-14 00:13:48 | 001,035,776 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2009-07-14 00:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) DRV - [2009-07-14 00:02:49 | 000,046,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp) DRV - [2009-04-29 09:46:54 | 000,015,872 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr) DRV - [2009-04-20 10:38:54 | 000,009,344 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CPQBttn.sys -- (HBtnKey) DRV - [2008-03-13 16:44:42 | 010,423,936 | ---- | M] (Sonix Co. Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\snpstd3.sys -- (SNPSTD3) DRV - [2006-07-24 16:05:00 | 000,005,632 | ---- | M] () [File_System | System | Stopped] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen) DRV - [2005-09-23 22:18:32 | 000,171,520 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MarvinBus.sys -- (MarvinBus) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://mystart.incredibar.com/mb119?a=6OyqZh1KEM&i=26 IE - HKCU\..\SearchScopes,DefaultScope = {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = hxxp://mystart.incredibar.com/mb119/?search={searchTerms}&loc=IB_DS&a=6OyqZh1KEM&i=26 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "MyStart Search" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "hxxp://www.google.com/" FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {34EFA911-B536-4C08-BECE-CD5E55C875B0}:1.0 FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.4.76 FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.5 FF - prefs.js..keyword.URL: "hxxp://mystart.incredibar.com/mb119/?loc=IB_DS&a=6OyqZh1KEM&&i=26&search=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3503.0728: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Zaksia\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Zaksia\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012-01-18 14:21:44 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012-08-01 11:11:52 | 000,000,000 | ---D | M] [2012-01-18 20:04:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Zaksia\AppData\Roaming\mozilla\Extensions [2012-09-19 22:18:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Zaksia\AppData\Roaming\mozilla\Firefox\Profiles\bi55tgd6.default\extensions [2012-01-18 20:04:49 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Zaksia\AppData\Roaming\mozilla\Firefox\Profiles\bi55tgd6.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2012-01-18 20:04:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Zaksia\AppData\Roaming\mozilla\Firefox\Profiles\iopbgdhv.default\extensions [2012-01-18 20:04:53 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Zaksia\AppData\Roaming\mozilla\Firefox\Profiles\iopbgdhv.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2012-09-19 22:18:42 | 000,550,833 | ---- | M] () (No name found) -- C:\Users\Zaksia\AppData\Roaming\mozilla\firefox\profiles\bi55tgd6.default\extensions\DivXWebPlayer@divx.com.xpi [2012-08-19 13:01:27 | 000,172,310 | ---- | M] () (No name found) -- C:\Users\Zaksia\AppData\Roaming\mozilla\firefox\profiles\bi55tgd6.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi [2012-01-26 20:24:38 | 000,002,203 | ---- | M] () -- C:\Users\Zaksia\AppData\Roaming\mozilla\firefox\profiles\bi55tgd6.default\searchplugins\MyStart Search.xml [2012-08-19 13:01:28 | 000,003,915 | ---- | M] () -- C:\Users\Zaksia\AppData\Roaming\mozilla\firefox\profiles\bi55tgd6.default\searchplugins\sweetim.xml [2012-03-16 20:22:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2012-03-16 20:22:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} [2011-12-21 10:05:33 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012-03-16 20:21:24 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2011-12-09 19:23:32 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll [2011-12-21 07:04:32 | 000,002,767 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml [2011-12-21 07:04:32 | 000,001,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml [2011-12-21 07:04:32 | 000,000,917 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml [2011-12-21 07:04:32 | 000,000,858 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml [2011-12-21 07:04:32 | 000,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml [2011-12-21 07:04:32 | 000,001,683 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml ========== Chrome ========== CHR - homepage: hxxp://mystart.incredibar.com/mb119?a=6OyqZh1KEM&i=26 CHR - default_search_provider: MyStart Search (Enabled) CHR - default_search_provider: search_url = hxxp://mystart.incredibar.com/mb119/?loc=IB_DS&search={searchTerms}&a=6OyqZh1KEM&i=26 CHR - default_search_provider: suggest_url = CHR - homepage: hxxp://mystart.incredibar.com/mb119?a=6OyqZh1KEM&i=26 CHR - Extension: YouTube = C:\Users\Zaksia\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Szukaj w Google = C:\Users\Zaksia\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: SweetIM for Facebook = C:\Users\Zaksia\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0\Copy of CHR - Extension: SweetIM for Facebook = C:\Users\Zaksia\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0\ CHR - Extension: Gmail = C:\Users\Zaksia\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ CHR - Extension: YouTube = C:\Users\Zaksia\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Szukaj w Google = C:\Users\Zaksia\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: SweetIM for Facebook = C:\Users\Zaksia\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0\Copy of CHR - Extension: SweetIM for Facebook = C:\Users\Zaksia\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0\ CHR - Extension: Gmail = C:\Users\Zaksia\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2012-07-10 14:12:53 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation) O4 - HKLM..\Run: [FixCamera] C:\Windows\FixCamera.exe () O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [snpstd3] C:\Windows\vsnpstd3.exe () O4 - HKLM..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.) O4 - HKLM..\Run: [Sweetpacks Communicator] C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe (SweetIM Technologies Ltd.) O4 - HKLM..\Run: [tsnpstd3] C:\Windows\tsnpstd3.exe () O4 - HKLM..\Run: [USBToolTip] C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe (Pinnacle Systems GmbH) O4 - HKCU..\Run: [Gadu-Gadu] C:\Program Files\Gadu-Gadu\gg.exe (Gadu-Gadu S.A.) O4 - HKCU..\Run: [KiesAirMessage] C:\Program Files\Samsung\Kies\KiesAirMessage.exe -startup File not found O4 - HKCU..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe () O4 - HKCU..\Run: [KiesPreload] C:\Program Files\Samsung\Kies\Kies.exe (Samsung) O4 - HKCU..\Run: [SDP] C:\Program Files\FilesFrog Update Checker\update_checker.exe (Somoto) O4 - HKCU..\Run: [WinSCard] C:\Users\Zaksia\AppData\Local\Microsoft\Windows\425\WinSCard.exe File not found O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - Startup: C:\Users\Zaksia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Zaksia\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Wyślij &do programu OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: PokerStars.eu - {07BA1DA9-F501-4796-8728-74D1B91A6CD5} - C:\Program Files\PokerStars.EU\PokerStarsUpdate.exe (PokerStars) O9 - Extra Button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: &Notatki połączone programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : &Notatki połączone programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8A59CA1E-92FD-4FF0-AFF8-7F458D975FD2}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CDBD12A7-45BF-43EA-AE88-ECCA3D685891}: DhcpNameServer = 192.168.1.254 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009-06-10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012-10-27 14:10:03 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Zaksia\Desktop\OTL.exe [2012-10-26 21:40:55 | 000,000,000 | ---D | C] -- C:\Users\Zaksia\AppData\Roaming\hellomoto [2012-10-25 23:55:09 | 000,000,000 | ---D | C] -- C:\Users\Zaksia\AppData\Roaming\Xouvp [2012-10-25 23:55:09 | 000,000,000 | ---D | C] -- C:\Users\Zaksia\AppData\Roaming\Isgui [2012-10-25 23:55:09 | 000,000,000 | ---D | C] -- C:\Users\Zaksia\AppData\Roaming\Emce [2012-10-11 21:56:32 | 000,000,000 | ---D | C] -- C:\Users\Zaksia\AppData\Local\PokerStars.EU [2012-10-11 21:56:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PokerStars.EU [2012-10-11 21:55:38 | 000,000,000 | ---D | C] -- C:\Program Files\PokerStars.EU [2012-10-10 17:01:31 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll [2012-10-10 17:00:28 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe [2012-10-10 17:00:28 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll [2012-10-10 17:00:26 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll [2012-10-10 17:00:26 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll [2012-10-10 17:00:26 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll [2012-10-10 17:00:26 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll [2012-10-10 17:00:26 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll [2012-10-10 17:00:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll [2012-10-10 17:00:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll [2012-10-10 17:00:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll [2012-10-10 17:00:25 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll [2012-10-10 17:00:25 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll [2012-10-10 17:00:25 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll [2012-10-10 17:00:25 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll [2012-10-10 17:00:25 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll [2012-10-10 17:00:25 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll [2012-10-10 17:00:25 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll [2012-10-10 17:00:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll [2012-10-10 17:00:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll [2012-10-10 17:00:24 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll [2012-10-10 17:00:24 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll [2012-10-10 17:00:24 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll [2012-10-10 17:00:24 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll [2012-10-10 17:00:24 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll [2012-10-10 17:00:23 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll [2012-10-10 17:00:23 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll [2012-10-10 17:00:23 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll [2012-10-10 17:00:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll [2012-10-10 17:00:22 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll [2012-10-10 17:00:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll [2012-10-10 16:49:02 | 003,968,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2012-10-10 16:49:02 | 003,914,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2012-10-07 13:53:26 | 000,000,000 | ---D | C] -- C:\Users\Zaksia\Desktop\rana [2012-09-28 02:29:27 | 000,000,000 | ---D | C] -- C:\Users\Zaksia\Documents\Projekty Avid [2012-09-28 00:10:17 | 000,000,000 | ---D | C] -- C:\Users\Zaksia\temp [2012-09-28 00:07:56 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Pinnacle [2012-09-28 00:07:12 | 000,000,000 | ---D | C] -- C:\Users\Zaksia\Documents\InstantCDDVD [2012-09-28 00:06:48 | 000,000,000 | ---D | C] -- C:\Users\Zaksia\AppData\Local\Avid [2012-09-28 00:05:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avid Studio [2012-09-28 00:00:12 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Pinnacle [2012-09-28 00:00:12 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Pegasus Imaging [2012-09-28 00:00:12 | 000,000,000 | ---D | C] -- C:\Program Files\Avid [2012-09-28 00:00:11 | 000,000,000 | ---D | C] -- C:\Program Files\Pinnacle [2012-09-27 23:57:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Pinnacle [2012-09-27 23:56:56 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_42.dll [2012-09-27 23:56:56 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_5.dll [2012-09-27 23:56:55 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dcsx_42.dll [2012-09-27 23:56:55 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx11_42.dll [2012-09-27 23:56:53 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_41.dll [2012-09-27 23:56:52 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_4.dll [2012-09-27 23:56:51 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_40.dll [2012-09-27 23:56:51 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_40.dll [2012-09-27 23:56:51 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_40.dll [2012-09-27 23:56:51 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_4.dll [2012-09-27 23:56:51 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_6.dll [2012-09-27 23:56:50 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_3.dll [2012-09-27 23:56:50 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_2.dll [2012-09-27 23:56:49 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_2.dll [2012-09-27 23:56:49 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_3.dll [2012-09-27 23:56:49 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_1.dll [2012-09-27 23:56:49 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_5.dll [2012-09-27 23:56:48 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_39.dll [2012-09-27 23:56:48 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_39.dll [2012-09-27 23:56:48 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_2.dll [2012-09-27 23:56:47 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_39.dll [2012-09-27 23:56:47 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_1.dll [2012-09-27 23:56:47 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_0.dll [2012-09-27 23:56:46 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_38.dll [2012-09-27 23:56:46 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_38.dll [2012-09-27 23:56:46 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_1.dll [2012-09-27 23:56:46 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_4.dll [2012-09-27 23:56:45 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_38.dll [2012-09-27 23:56:45 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_0.dll [2012-09-27 23:56:44 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_0.dll [2012-09-27 23:56:44 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_3.dll [2012-09-27 23:56:43 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_37.dll [2012-09-27 23:56:43 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_37.dll [2012-09-27 23:56:43 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_37.dll [2012-09-27 23:56:43 | 000,267,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_10.dll [2012-09-27 23:56:42 | 001,374,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_36.dll [2012-09-27 23:56:42 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_36.dll [2012-09-27 23:56:41 | 003,734,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_36.dll [2012-09-27 23:56:41 | 000,267,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_9.dll [2012-09-27 23:56:40 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_35.dll [2012-09-27 23:56:40 | 001,358,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_35.dll [2012-09-27 23:56:40 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_35.dll [2012-09-27 23:56:40 | 000,266,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_8.dll [2012-09-27 23:56:39 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_34.dll [2012-09-27 23:56:39 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_34.dll [2012-09-27 23:56:39 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_34.dll [2012-09-27 23:56:39 | 000,017,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_2.dll [2012-09-27 23:56:38 | 001,123,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_33.dll [2012-09-27 23:56:38 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_33.dll [2012-09-27 23:56:38 | 000,261,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_7.dll [2012-09-27 23:56:38 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_3.dll [2012-09-27 23:56:37 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_33.dll [2012-09-27 23:56:37 | 000,255,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_6.dll [2012-09-27 23:56:36 | 000,440,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10.dll [2012-09-27 23:56:36 | 000,251,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_5.dll [2012-09-27 23:56:34 | 000,237,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_4.dll [2012-09-27 23:56:34 | 000,015,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\x3daudio1_1.dll [2012-09-27 23:56:33 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_3.dll [2012-09-27 23:56:33 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_2.dll [2012-09-27 23:56:33 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_2.dll [2012-09-27 23:56:33 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_1.dll [2012-09-27 23:56:32 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_1.dll [2012-09-27 23:56:13 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_30.dll [2012-09-27 23:56:06 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_29.dll [2012-09-27 23:56:06 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_0.dll [2012-09-27 23:56:06 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\x3daudio1_0.dll [2012-09-27 23:56:05 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_28.dll [2012-09-27 23:56:04 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_27.dll [2012-09-27 23:56:04 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_26.dll [2012-09-27 23:56:03 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_25.dll [2012-09-27 23:56:03 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_24.dll [2012-09-27 23:54:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Avid [2012-09-27 22:49:30 | 000,000,000 | ---D | C] -- C:\Users\Zaksia\AppData\Local\PMB Files [2012-09-27 22:49:29 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files [2012-09-27 22:49:14 | 000,000,000 | ---D | C] -- C:\Program Files\Pando Networks [2012-09-27 22:20:22 | 000,000,000 | ---D | C] -- C:\Windows\de [2012-09-27 22:20:08 | 000,000,000 | ---D | C] -- C:\Windows\pl [2012-09-27 22:16:10 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_7.dll [2012-09-27 22:16:10 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_5.dll [2012-09-27 22:16:09 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_43.dll [2012-09-27 22:16:09 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx11_43.dll [2012-09-27 21:36:27 | 000,000,000 | ---D | C] -- C:\Users\Zaksia\AppData\Local\{7BE9946D-E813-4514-89AB-53B211280E6E} [2012-05-20 22:31:41 | 017,975,768 | ---- | C] (Dropbox, Inc.) -- C:\Program Files\Dropbox 1.4.3.exe [2012-03-16 01:20:35 | 006,950,552 | ---- | C] (Microsoft Corporation) -- C:\Program Files\Silverlight.exe [2012-01-29 20:18:36 | 033,096,342 | ---- | C] (eTeks ) -- C:\Program Files\SweetHome3D-3.4-windows.exe [2012-01-26 23:22:19 | 001,291,624 | ---- | C] (Microsoft Corporation) -- C:\Program Files\wlsetup-web.exe [2012-01-26 20:30:20 | 000,737,656 | ---- | C] (BitTorrent, Inc.) -- C:\Program Files\utorrent.exe [1 C:\Users\Zaksia\Desktop\*.tmp files -> C:\Users\Zaksia\Desktop\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012-10-27 14:26:29 | 003,670,016 | -HS- | M] () -- C:\Users\Zaksia\NTUSER.DAT [2012-10-27 14:13:30 | 003,900,190 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2012-10-27 14:13:30 | 000,701,022 | ---- | M] () -- C:\Windows\System32\perfh015.dat [2012-10-27 14:13:30 | 000,678,664 | ---- | M] () -- C:\Windows\System32\perfh019.dat [2012-10-27 14:13:30 | 000,634,886 | ---- | M] () -- C:\Windows\System32\perfh00E.dat [2012-10-27 14:13:30 | 000,625,850 | ---- | M] () -- C:\Windows\System32\perfh005.dat [2012-10-27 14:13:30 | 000,618,714 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012-10-27 14:13:30 | 000,148,956 | ---- | M] () -- C:\Windows\System32\perfc00E.dat [2012-10-27 14:13:30 | 000,136,040 | ---- | M] () -- C:\Windows\System32\perfc015.dat [2012-10-27 14:13:30 | 000,133,162 | ---- | M] () -- C:\Windows\System32\perfc019.dat [2012-10-27 14:13:30 | 000,122,434 | ---- | M] () -- C:\Windows\System32\perfc005.dat [2012-10-27 14:13:30 | 000,107,034 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012-10-27 14:10:06 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Zaksia\Desktop\OTL.exe [2012-10-27 13:44:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012-10-27 13:44:16 | 2711,166,976 | -HS- | M] () -- C:\hiberfil.sys [2012-10-27 13:42:32 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2012-10-26 20:10:25 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012-10-26 19:30:28 | 000,001,062 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-965917793-2155242726-1940615380-1000UA.job [2012-10-26 19:30:21 | 000,000,930 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012-10-25 20:28:00 | 000,001,010 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-965917793-2155242726-1940615380-1000Core.job [2012-10-25 19:49:28 | 000,021,024 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012-10-25 19:49:28 | 000,021,024 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012-10-12 18:05:47 | 002,100,037 | ---- | M] () -- C:\Users\Zaksia\Desktop\Steuer2.jpg [2012-10-12 18:05:17 | 001,977,715 | ---- | M] () -- C:\Users\Zaksia\Desktop\Steuer1.jpg [2012-10-12 16:57:12 | 003,646,204 | ---- | M] () -- C:\Users\Zaksia\Desktop\IMG_3894.JPG [2012-10-12 16:56:22 | 003,258,993 | ---- | M] () -- C:\Users\Zaksia\Desktop\IMG_3893.JPG [2012-10-11 21:56:32 | 000,001,042 | ---- | M] () -- C:\Users\Public\Desktop\PokerStars.eu.lnk [2012-10-11 19:07:10 | 000,002,450 | ---- | M] () -- C:\Users\Zaksia\Desktop\Google Chrome.lnk [2012-10-09 17:30:15 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2012-10-09 17:30:15 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2012-10-09 12:41:14 | 000,099,318 | ---- | M] () -- C:\Users\Zaksia\Desktop\Warum bewerben Sie sich gerade bei uns.pdf [2012-10-07 14:26:45 | 000,115,224 | ---- | M] () -- C:\img2-001.raw [2012-10-03 01:26:04 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif [2012-10-02 23:11:36 | 000,091,187 | ---- | M] () -- C:\Users\Zaksia\Desktop\rocky-balboa-1-600x924.jpg [2012-10-02 23:08:58 | 002,629,655 | ---- | M] () -- C:\Users\Zaksia\Desktop\rocky-balboa.psd [2012-10-02 22:51:52 | 000,160,081 | ---- | M] () -- C:\Users\Zaksia\Desktop\rocky-balboa-11.jpg [2012-09-29 10:19:56 | 002,413,056 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012-09-28 10:39:04 | 000,000,349 | ---- | M] () -- C:\Users\Public\Documents\PCLECHAL.INI [2012-09-28 02:36:12 | 000,140,120 | ---- | M] () -- C:\Users\Zaksia\AppData\Local\GDIPFONTCACHEV1.DAT [2012-09-28 00:17:56 | 000,008,704 | ---- | M] () -- C:\Users\Zaksia\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012-09-28 00:05:09 | 000,002,129 | ---- | M] () -- C:\Users\Public\Desktop\Avid Studio.lnk [2012-09-27 23:43:29 | 2854,350,472 | ---- | M] () -- C:\Users\Zaksia\Desktop\AvidStudio_Trial_Part-1-of-1.exe [1 C:\Users\Zaksia\Desktop\*.tmp files -> C:\Users\Zaksia\Desktop\*.tmp -> ] ========== Files Created - No Company Name ========== [2012-10-12 18:05:42 | 002,100,037 | ---- | C] () -- C:\Users\Zaksia\Desktop\Steuer2.jpg [2012-10-12 18:05:09 | 001,977,715 | ---- | C] () -- C:\Users\Zaksia\Desktop\Steuer1.jpg [2012-10-12 18:00:08 | 003,646,204 | ---- | C] () -- C:\Users\Zaksia\Desktop\IMG_3894.JPG [2012-10-12 18:00:06 | 003,258,993 | ---- | C] () -- C:\Users\Zaksia\Desktop\IMG_3893.JPG [2012-10-11 21:56:32 | 000,001,042 | ---- | C] () -- C:\Users\Public\Desktop\PokerStars.eu.lnk [2012-10-09 12:41:13 | 000,099,318 | ---- | C] () -- C:\Users\Zaksia\Desktop\Warum bewerben Sie sich gerade bei uns.pdf [2012-10-02 23:11:35 | 000,091,187 | ---- | C] () -- C:\Users\Zaksia\Desktop\rocky-balboa-1-600x924.jpg [2012-10-02 23:08:56 | 002,629,655 | ---- | C] () -- C:\Users\Zaksia\Desktop\rocky-balboa.psd [2012-10-02 22:51:50 | 000,160,081 | ---- | C] () -- C:\Users\Zaksia\Desktop\rocky-balboa-11.jpg [2012-09-28 00:05:09 | 000,002,129 | ---- | C] () -- C:\Users\Public\Desktop\Avid Studio.lnk [2012-09-27 23:58:19 | 000,000,349 | ---- | C] () -- C:\Users\Public\Documents\PCLECHAL.INI [2012-09-27 22:50:04 | 2854,350,472 | ---- | C] () -- C:\Users\Zaksia\Desktop\AvidStudio_Trial_Part-1-of-1.exe [2012-09-27 22:19:49 | 000,001,251 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk [2012-09-27 22:19:23 | 000,001,320 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk [2012-08-29 23:28:59 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys [2012-07-10 14:02:31 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012-07-10 14:02:31 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012-07-10 14:02:31 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012-07-10 14:02:31 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012-07-10 14:02:31 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012-07-10 01:52:55 | 000,000,000 | ---- | C] () -- C:\Users\Zaksia\defogger_reenable [2012-07-10 00:28:52 | 000,025,866 | ---- | C] () -- C:\Program Files\config.xml [2012-07-10 00:28:38 | 000,799,232 | ---- | C] () -- C:\Program Files\Avira-RansomFileUnlocker.exe [2012-07-10 00:25:24 | 000,062,065 | ---- | C] () -- C:\Program Files\ransom_file_unlocker.zip [2012-07-09 17:25:23 | 004,503,728 | ---- | C] () -- C:\ProgramData\nud0repor.pad [2012-06-26 16:02:40 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2012-06-26 16:02:38 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll [2012-06-26 16:02:38 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll [2012-06-26 16:02:38 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll [2012-06-26 16:02:38 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll [2012-02-21 18:04:23 | 000,008,704 | ---- | C] () -- C:\Users\Zaksia\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012-01-31 22:55:09 | 000,020,480 | ---- | C] () -- C:\Windows\FixCamera.exe [2012-01-31 22:55:03 | 000,015,498 | ---- | C] () -- C:\Windows\snpstd3.ini [2012-01-31 22:55:02 | 000,270,336 | ---- | C] () -- C:\Windows\tsnpstd3.exe [2012-01-31 22:55:00 | 000,835,584 | ---- | C] () -- C:\Windows\vsnpstd3.exe [2012-01-31 22:54:59 | 000,003,968 | ---- | C] () -- C:\Windows\System32\drivers\DeNoise.sys [2012-01-31 22:54:56 | 000,061,440 | ---- | C] ( ) -- C:\Windows\System32\vsnpstd3.dll [2012-01-31 22:54:55 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\rsnpstd3.dll [2012-01-31 22:54:54 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\csnpstd3.dll [2012-01-31 22:54:54 | 000,053,248 | ---- | C] ( ) -- C:\Windows\csnpstd3.dll [2012-01-26 20:29:35 | 000,014,153 | ---- | C] () -- C:\Program Files\[isoHunt] Adobe_Photoshop_Lightroom_3_(Release)___serial.5614799.TPB.torrent [2012-01-19 10:57:02 | 000,000,135 | ---- | C] () -- C:\Windows\AutoKMS.ini [2012-01-18 17:14:37 | 000,175,616 | ---- | C] () -- C:\Windows\System32\unrar.dll [2012-01-18 15:38:31 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2012-01-18 15:38:20 | 000,053,600 | ---- | C] () -- C:\Windows\System32\dosx.exe [2012-01-18 15:38:12 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe [2012-01-18 14:21:22 | 000,140,120 | ---- | C] () -- C:\Users\Zaksia\AppData\Local\GDIPFONTCACHEV1.DAT [2012-01-18 12:59:04 | 003,900,190 | ---- | C] () -- C:\Windows\System32\PerfStringBackup.INI [2012-01-18 12:54:48 | 000,524,288 | -HS- | C] () -- C:\Users\Zaksia\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms [2012-01-18 12:54:48 | 000,000,020 | -HS- | C] () -- C:\Users\Zaksia\ntuser.ini [2012-01-18 12:54:47 | 000,524,288 | -HS- | C] () -- C:\Users\Zaksia\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms [2012-01-18 12:54:47 | 000,065,536 | -HS- | C] () -- C:\Users\Zaksia\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf [2012-01-18 12:54:46 | 003,670,016 | -HS- | C] () -- C:\Users\Zaksia\NTUSER.DAT [2011-10-01 00:40:50 | 111,227,761 | ---- | C] () -- C:\Users\Zaksia\Magda i Tomek.wmv ========== ZeroAccess Check ========== [2009-07-14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] "ThreadingModel" = Both "" = shell32.dll -- [2012-06-09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012-06-09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010-11-20 05:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009-07-14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2012-01-26 22:35:46 | 000,000,000 | ---D | M] -- C:\Users\Zaksia\AppData\Roaming\ACD Systems [2012-06-25 19:12:56 | 000,000,000 | ---D | M] -- C:\Users\Zaksia\AppData\Roaming\Canon [2012-10-26 21:41:45 | 000,000,000 | ---D | M] -- C:\Users\Zaksia\AppData\Roaming\Dropbox [2012-10-25 23:55:09 | 000,000,000 | ---D | M] -- C:\Users\Zaksia\AppData\Roaming\Emce [2012-01-19 13:49:09 | 000,000,000 | ---D | M] -- C:\Users\Zaksia\AppData\Roaming\Gadu-Gadu [2012-01-18 20:01:35 | 000,000,000 | ---D | M] -- C:\Users\Zaksia\AppData\Roaming\GHISLER [2012-10-26 21:41:22 | 000,000,000 | ---D | M] -- C:\Users\Zaksia\AppData\Roaming\hellomoto [2012-10-25 23:55:57 | 000,000,000 | ---D | M] -- C:\Users\Zaksia\AppData\Roaming\Isgui [2012-07-18 00:52:18 | 000,000,000 | ---D | M] -- C:\Users\Zaksia\AppData\Roaming\Samsung [2012-01-26 20:59:43 | 000,000,000 | ---D | M] -- C:\Users\Zaksia\AppData\Roaming\uTorrent [2012-10-25 23:55:09 | 000,000,000 | ---D | M] -- C:\Users\Zaksia\AppData\Roaming\Xouvp ========== Purity Check ========== < End of report > .[/code] OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 2012-10-27 14:23:34 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Zaksia\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd
3,37 Gb Total Physical Memory | 2,69 Gb Available Physical Memory | 80,05% Memory free
6,73 Gb Paging File | 6,21 Gb Available in Paging File | 92,24% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 126,95 Gb Total Space | 28,71 Gb Free Space | 22,61% Space Free | Partition Type: NTFS
Drive D: | 3,73 Gb Total Space | 0,39 Gb Free Space | 10,45% Space Free | Partition Type: FAT32
Drive E: | 338,81 Gb Total Space | 275,56 Gb Free Space | 81,33% Space Free | Partition Type: NTFS
Computer Name: ZAKSIA-KOMPUTER | User Name: Zaksia | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDSee Pro 2.5.Browse] -- "C:\Program Files\ACD Systems\ACDSee Pro\2.5\ACDSeeQVPro25.exe" "%1" (ACD Systems)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Digital Photo Professional] -- C:\Program Files\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0CE2AFBA-D8B5-4103-97A1-2B2DEA60A906}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |
"{1414BE10-96B2-494E-B36B-1F479C91DBC8}" = lport=58076 | protocol=6 | dir=in | name=pando media booster |
"{1990BA1A-68D8-4944-8E0C-824158EF7BC7}" = lport=445 | protocol=6 | dir=in | app=system |
"{1E1F7728-AD89-4199-8152-CB6724088AE6}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{23DB8E4D-A1C0-4E5B-9520-E00DD55B83B6}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4B4D3FD4-C1B6-41EF-97C5-7399F041FE9F}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{514D69C3-BBA0-47EE-8751-0215F78A7FFB}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{585CF9F4-98CB-4348-893D-73EBC61837E4}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{58A544D6-AB95-478F-AC0E-1B215E4E6AF5}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{59015620-06CC-42BE-9381-97D2C2FF4899}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{59D8F945-892A-4569-9A45-5037F8FBA3C7}" = rport=137 | protocol=17 | dir=out | app=system |
"{5E533EB8-ED53-4AD0-AF0C-E6D2F1C2AF1F}" = lport=139 | protocol=6 | dir=in | app=system |
"{6630D9C3-74D6-4400-99B5-580F0688A398}" = lport=138 | protocol=17 | dir=in | app=system |
"{674785EB-CE91-410D-9AE1-BBB3876DCB84}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{6CC77AAE-9FAF-4A65-A033-AB820CFCCE80}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{7635334B-5746-461F-B51F-7CEBCA88DB3D}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{77D1ACBB-3E94-4247-834B-5A1482089064}" = rport=139 | protocol=6 | dir=out | app=system |
"{7D492FEE-9636-48F2-9EEA-B2E17D223292}" = rport=445 | protocol=6 | dir=out | app=system |
"{7EF87524-B798-4D81-A3BE-E84D7E6A8C7C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{83C5955A-BFD2-4C4D-AFEF-5D294C1968C8}" = lport=58076 | protocol=17 | dir=in | name=pando media booster |
"{843D6A71-E09B-410D-973F-C70C970BD434}" = lport=58076 | protocol=6 | dir=in | name=pando media booster |
"{94E615E2-F2DE-48B5-8EE1-66CE5A1B0D93}" = lport=2869 | protocol=6 | dir=in | app=system |
"{9D8677FC-B7BF-4DFF-B046-5D81B6D6EB82}" = rport=138 | protocol=17 | dir=out | app=system |
"{A1630A80-573B-45E6-9497-4731AEDBB5EC}" = rport=10243 | protocol=6 | dir=out | app=system |
"{B58917C0-CADD-45F5-8305-25D6C99A7DB0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C40DCF08-0338-41D1-9F1A-BCABAD9114C0}" = lport=10243 | protocol=6 | dir=in | app=system |
"{CA832796-5212-4CE0-A51D-1C97EBDE846E}" = lport=58076 | protocol=17 | dir=in | name=pando media booster |
"{D617574F-C1BD-4D97-8DAD-CD3376E57444}" = lport=137 | protocol=17 | dir=in | app=system |
"{DBCF1E4E-07F8-4D72-971E-D14E484090DD}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06C9E046-DC26-44F3-AD1A-686286343C44}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{134A47C2-8C9F-49DE-91FB-30D2C502E81F}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{14B9F33D-7351-417D-B675-7940966A3DAE}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{17956734-27C8-4545-A14D-9E9B3C2D8822}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{1ADDEE4D-6550-4B5F-AE71-58DA7FB66244}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{1B1AA1A6-1AA2-4123-AD5C-D906E99B739D}" = protocol=6 | dir=in | app=c:\program files\sweetim\communicator\sweetpacksupdatemanager.exe |
"{1C620C74-BB4B-46E0-B3B2-ED4170BE5D72}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe |
"{318DF7A5-3523-4E13-8405-1A65438DF71C}" = protocol=17 | dir=in | app=c:\program files\avid\studio\programs\rm.exe |
"{37CAF237-ECA7-482C-A1AD-625FB1F2F53E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{39AD850E-BFC9-415F-AC54-4A334B22E2DD}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{3AA0C323-94E5-4927-8AB2-CE6E6A8817AC}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{441C0789-0023-4E3F-9A2B-018E0D86F0E4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5748A23B-F4E9-4C2E-A38F-AD8A38CBADB9}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe |
"{62D6FA9A-11AD-4158-AF10-0F063B9DBDC5}" = protocol=6 | dir=in | app=c:\program files\avid\studio\programs\ngstudio.exe |
"{64933083-AF37-4228-9A27-0F61F5C78AC1}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{692A168F-5864-4B2D-96D6-5F0703B8BD00}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{6EB03CF2-BE02-4E3F-A8A7-3AC6743C918F}" = protocol=6 | dir=in | app=c:\program files\avid\studio\programs\umi.exe |
"{742D0D42-4B85-4F44-9568-033885135CDD}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{7E38A979-CA25-43E2-A675-9D3BA74EBD1B}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{822B6FAB-E855-46F8-A97B-F2442E8AA13C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{850A510C-640E-4CF3-921D-A7AB38B066B1}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{8B25729C-3E4D-410E-B108-CA6B302D6E03}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{8D541F48-5BE5-4866-BB10-D85C480AA459}" = protocol=6 | dir=in | app=c:\users\zaksia\appdata\roaming\dropbox\bin\dropbox.exe |
"{8FBF1C27-79B0-42ED-8C17-689BF06AEED5}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{915A030B-5911-46D8-92A8-4115CCE26735}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{99B5223C-2CA3-4C1B-AB16-0DAAC1A41174}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9D68A79D-0BA2-4047-AC05-893B198CB427}" = protocol=6 | dir=out | app=system |
"{A24C45F4-6EDE-43D6-A2ED-8C31E74F372A}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{A375ED25-086C-409C-9CAB-3D7871F49F7E}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{A634C1C8-F3ED-428B-8F66-78D9A24707D5}" = protocol=17 | dir=in | app=c:\program files\sweetim\communicator\sweetpacksupdatemanager.exe |
"{A68F6260-4E8E-40CD-9A0E-5E6EBF802A7B}" = protocol=6 | dir=in | app=c:\program files\avid\studio\programs\rm.exe |
"{AECF6F1D-F91F-42E2-99EB-93706C7C776E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B0FE8DC4-8D49-46F7-BDC2-FF61D6B1D326}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{B1AB1F27-978C-4A5B-8E25-9CA0D0E03E94}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B5EB01CC-9DCE-4541-A68E-773597FF8252}" = protocol=17 | dir=in | app=c:\program files\avid\studio\programs\umi.exe |
"{B78A1A01-7BFB-4FD7-BE79-0B53A47D5485}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{B99597DB-5066-4FD5-85F0-4143D60150CF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{BD2535B7-3A09-49BD-93F6-F70582A7439D}" = protocol=17 | dir=in | app=c:\users\zaksia\appdata\roaming\dropbox\bin\dropbox.exe |
"{C57DFFE6-E373-4FD0-B3DF-389BEAF825BF}" = protocol=6 | dir=in | app=c:\windows\system32\msiexec.exe |
"{D15CC13A-6D62-4439-83D3-D6C81E6D9302}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D650C484-524D-417A-838D-47E4170E1655}" = protocol=17 | dir=in | app=c:\windows\system32\msiexec.exe |
"{D6C48AC2-ACAD-4FEC-B9E2-0BCC9436CE9E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{E89732AA-F7A9-4046-A83E-2ECC7F678FA3}" = protocol=17 | dir=in | app=c:\program files\avid\studio\programs\ngstudio.exe |
"{EE5242D1-C880-4C78-8AB5-2ACED2CD9E8B}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{FD796ECE-C8B6-47F7-BE9B-B7B130537B43}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"TCP Query User{22730F3D-11BB-4C49-8FF4-978677A9EF28}C:\program files\gadu-gadu\gg.exe" = protocol=6 | dir=in | app=c:\program files\gadu-gadu\gg.exe |
"TCP Query User{22F21C53-CABC-4974-864B-53CE46E09CF5}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe |
"TCP Query User{A05BBDD7-3AC0-4544-B315-03659E561A8B}C:\users\zaksia\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\zaksia\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{FBAF4BEC-2DC4-4B68-8D10-CFEB089185C4}C:\windows\kmsemulator.exe" = protocol=6 | dir=in | app=c:\windows\kmsemulator.exe |
"UDP Query User{3E28D827-F8A3-48BA-B34C-943867FF73F1}C:\program files\gadu-gadu\gg.exe" = protocol=17 | dir=in | app=c:\program files\gadu-gadu\gg.exe |
"UDP Query User{79F7602D-D68E-4CF7-8CEF-F3E54BA1EA1D}C:\users\zaksia\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\zaksia\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{98E281EF-ABBB-4D8A-AA8A-AB75F4AB80D4}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe |
"UDP Query User{CF8C211F-56AB-4FBE-AE74-3F7616C2FEC9}C:\windows\kmsemulator.exe" = protocol=17 | dir=in | app=c:\windows\kmsemulator.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1" = Core Temp version 0.99.8
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{1057511B-F8FE-4230-9ED3-AB949A57EE4A}" = Windows Live PIMT Platform
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{23DD8A17-65DB-4D49-A2E0-164C6F460E3F}" = Adobe Photoshop Lightroom 3
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{29315CEC-E6CE-4394-84DC-6F862E8D9A52}" = Windows Live UX Platform
"{2D95950E-6D76-43E7-94A5-D9DBA2FD29E4}" = ACDSee Pro 2.5
"{2FAFE37E-D796-47B8-BA8F-D09819B12DF6}" = Windows Live Essentials
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{43592B2E-C393-433F-8D0E-5A4B15A8C786}" = Microsoft Antimalware Service PL-PL Language Pack
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4F9A382F-4478-4036-905C-F77DF2EA0370}" = Windows Live SOXE
"{4FA8F084-C42F-45E1-B7E5-E0C8A1083DC5}" = Windows Live SOXE Definitions
"{50779A29-834E-4E36-BBEB-B7CABC67A825}" = Microsoft Security Client PL-PL Language Pack
"{618F39BD-9720-47CF-A89C-108AB41B1493}" = Windows Live UX Platform Language Pack
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{64DF7404-9D46-44AF-AFA1-A2F8D5648C2D}" = Windows Live Photo Common
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6DE721A5-5E89-4D74-994C-652BB3C0672E}" = Sterownik wideo firmy Pinnacle
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{7683B745-6060-41FD-AA75-0BBB383FEAD4}" = SweetIM for Messenger 3.7
"{76EE8FE7-1957-4C51-9074-4930A8CFB1AF}" = Windows Live Installer
"{774C0434-9948-4DEE-A14E-69CDD316E36C}" = Internet Explorer Toolbar 4.6 by SweetPacks
"{7914488D-F56B-464F-B735-F8E972E5E208}" = Photo Common
"{7F682A00-6497-4551-A2A6-063AE667D1CF}" = Movie Maker
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{8256F87F-8554-4457-8C3D-3F3324697D9F}" = Windows Live ID Sign-in Assistant
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{8EEED220-D348-4F49-8C82-B11F6C5450C7}" = Movie Maker
"{90140000-0015-0415-0000-0000000FF1CE}" = Microsoft Office Access MUI (Polish) 2010
"{90140000-0015-0415-0000-0000000FF1CE}_Office14.PROPLUSR_{39EFF327-D2C4-4C4B-B8EE-37325DECE1A4}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0415-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Polish) 2010
"{90140000-0016-0415-0000-0000000FF1CE}_Office14.PROPLUSR_{39EFF327-D2C4-4C4B-B8EE-37325DECE1A4}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0415-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Polish) 2010
"{90140000-0018-0415-0000-0000000FF1CE}_Office14.PROPLUSR_{39EFF327-D2C4-4C4B-B8EE-37325DECE1A4}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0415-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Polish) 2010
"{90140000-0019-0415-0000-0000000FF1CE}_Office14.PROPLUSR_{39EFF327-D2C4-4C4B-B8EE-37325DECE1A4}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0415-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Polish) 2010
"{90140000-001A-0415-0000-0000000FF1CE}_Office14.PROPLUSR_{39EFF327-D2C4-4C4B-B8EE-37325DECE1A4}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0415-0000-0000000FF1CE}" = Microsoft Office Word MUI (Polish) 2010
"{90140000-001B-0415-0000-0000000FF1CE}_Office14.PROPLUSR_{39EFF327-D2C4-4C4B-B8EE-37325DECE1A4}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0415-0000-0000000FF1CE}" = Microsoft Office Proof (Polish) 2010
"{90140000-001F-0415-0000-0000000FF1CE}_Office14.PROPLUSR_{1D751709-BA6C-49E2-844B-4F4F20F410C9}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0415-0000-0000000FF1CE}" = Microsoft Office Proofing (Polish) 2010
"{90140000-002C-0415-0000-0000000FF1CE}_Office14.PROPLUSR_{6606F321-8216-466E-981E-B75A14C46894}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0415-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Polish) 2010
"{90140000-0044-0415-0000-0000000FF1CE}_Office14.PROPLUSR_{39EFF327-D2C4-4C4B-B8EE-37325DECE1A4}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0415-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Polish) 2010
"{90140000-006E-0415-0000-0000000FF1CE}_Office14.PROPLUSR_{6AF8887A-72F7-4FA0-ABE4-396172B64550}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0415-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Polish) 2010
"{90140000-00A1-0415-0000-0000000FF1CE}_Office14.PROPLUSR_{39EFF327-D2C4-4C4B-B8EE-37325DECE1A4}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0415-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Polish) 2010
"{90140000-00BA-0415-0000-0000000FF1CE}_Office14.PROPLUSR_{39EFF327-D2C4-4C4B-B8EE-37325DECE1A4}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90B936B2-33E6-4FE8-9A64-08EEB42AF2B1}" = Podstawowe programy Windows Live
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96AA21F4-C8CE-4380-995A-992536463263}" = Galeria fotografii
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{98EABC7F-B1A1-43A5-B505-5B4EC3908DCD}" = Microsoft Security Client
"{9B2E55F8-5BA8-4A45-9682-ACB6F2CC0DA5}" = Photo Gallery
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{B19E03EA-067C-412F-A81E-271720E601AB}" = Fotogalerie
"{B27FA0A3-D80F-41A9-8BAD-C5F2D859AB22}" = Photo Common
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B35DC076-CEF2-4631-9EF7-45380E27C841}" = Avid Studio
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{BA73469B-D8C7-4FE3-B33C-1340D09F0709}" = Windows Live Communications Platform
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C79A37F3-C076-48BE-B290-F4C8676ABD74}" = Samsung PC Studio 3
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D48BCCD6-D2E2-42F4-B8E8-D7BC10C568EC}" = Windows Live UX Platform Language Pack
"{D71BC54E-A4E6-4E06-866C-FD6EE16EA187}" = Movie Maker
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{E7310F2E-C551-4FAB-BA07-EAC2E158B1BB}" = IKEA Home Planner
"{ECD03DA7-5952-406A-8156-5F0C93618D1F}" = USB PC Camera-168
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FB697452-8CA4-46B4-98B1-165C922A2EF3}" = Update Manager for SweetPacks 1.0
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"CPUID HWMonitor_is1" = CPUID HWMonitor 1.17
"DPP" = Canon Utilities Digital Photo Professional 3.2
"EOS USB WIA Driver" = EOS USB WIA Driver
"EOS Utility" = Canon Utilities EOS Utility
"FilesFrog Update Checker" = FilesFrog Update Checker
"ImgBurn" = ImgBurn
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"KLiteCodecPack_is1" = K-Lite Codec Pack 8.1.0 (Standard)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.0.1400
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox 9.0.1 (x86 pl)" = Mozilla Firefox 9.0.1 (x86 pl)
"MyCamera" = Canon Utilities MyCamera
"ODSK" = Canon Utilities Original Data Security Tools
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"PhotoStitch" = Canon Utilities PhotoStitch
"Picture Style Editor" = Canon Utilities Picture Style Editor
"PokerStars.eu" = PokerStars.eu
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile phone USB driver Drive" = Samsung Mobile phone USB driver Drive Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"Sweet Home 3D_is1" = Sweet Home 3D version 3.4
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Totalcmd" = Total Commander (Remove or Repair)
"uTorrent" = µTorrent
"WFTK" = Canon Utilities WFT-E1/E2/E3 Utility
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.00 (32-bitowy)
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"MyFreeCodec" = MyFreeCodec
"Winamp Detect" = Winamp Detector Plug-in
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 2012-10-04 01:36:27 | Computer Name = Zaksia-Komputer | Source = SideBySide | ID = 16842815
Description = Nie można wygenerować kontekstu aktywacji dla "C:\Program Files\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Błąd w pliku manifestu lub w pliku
zasad "C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" w wierszu
3. Wartość "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" atrybutu
"version" elementu "assemblyIdentity" jest nieprawidłowa.
Error - 2012-10-05 18:58:41 | Computer Name = Zaksia-Komputer | Source = SideBySide | ID = 16842815
Description = Nie można wygenerować kontekstu aktywacji dla "C:\Program Files\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Błąd w pliku manifestu lub w pliku
zasad "C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" w wierszu
3. Wartość "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" atrybutu
"version" elementu "assemblyIdentity" jest nieprawidłowa.
Error - 2012-10-07 17:59:15 | Computer Name = Zaksia-Komputer | Source = SideBySide | ID = 16842815
Description = Nie można wygenerować kontekstu aktywacji dla "C:\Program Files\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Błąd w pliku manifestu lub w pliku
zasad "C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" w wierszu
3. Wartość "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" atrybutu
"version" elementu "assemblyIdentity" jest nieprawidłowa.
Error - 2012-10-08 09:46:58 | Computer Name = Zaksia-Komputer | Source = SideBySide | ID = 16842815
Description = Nie można wygenerować kontekstu aktywacji dla "C:\Program Files\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Błąd w pliku manifestu lub w pliku
zasad "C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" w wierszu
3. Wartość "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" atrybutu
"version" elementu "assemblyIdentity" jest nieprawidłowa.
Error - 2012-10-09 16:48:50 | Computer Name = Zaksia-Komputer | Source = Application Error | ID = 1000
Description = Nazwa aplikacji powodującej błąd: vsnpstd3.exe, wersja: 1.1.5.11,
sygnatura czasowa: 0x4642ab20 Nazwa modułu powodującego błąd: vsnpstd3.exe, wersja:
1.1.5.11, sygnatura czasowa: 0x4642ab20 Kod wyjątku: 0xc0000005 Przesunięcie błędu:
0x000052f7 Identyfikator procesu powodującego błąd: 0xe84 Godzina uruchomienia aplikacji
powodującej błąd: 0x01cda5f56a2352bc Ścieżka aplikacji powodującej błąd: C:\Windows\vsnpstd3.exe
Ścieżka
modułu powodującego błąd: C:\Windows\vsnpstd3.exe Identyfikator raportu: b9fd0d6d-1252-11e2-88e5-001641cabdcc
Error - 2012-10-11 14:56:19 | Computer Name = Zaksia-Komputer | Source = SideBySide | ID = 16842815
Description = Nie można wygenerować kontekstu aktywacji dla "C:\Program Files\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Błąd w pliku manifestu lub w pliku
zasad "C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" w wierszu
3. Wartość "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" atrybutu
"version" elementu "assemblyIdentity" jest nieprawidłowa.
Error - 2012-10-12 18:01:36 | Computer Name = Zaksia-Komputer | Source = SideBySide | ID = 16842815
Description = Nie można wygenerować kontekstu aktywacji dla "C:\Program Files\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Błąd w pliku manifestu lub w pliku
zasad "C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" w wierszu
3. Wartość "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" atrybutu
"version" elementu "assemblyIdentity" jest nieprawidłowa.
Error - 2012-10-24 15:34:59 | Computer Name = Zaksia-Komputer | Source = Application Hang | ID = 1002
Description = Program firefox.exe w wersji 9.0.1.4371 zatrzymał interakcję z systemem
Windows i został zamknięty. Aby zobaczyć, czy jest dostępnych więcej informacji
dotyczących tego problemu, sprawdź historię problemu w panelu sterowania Centrum
akcji. Identyfikator procesu: 41c Godzina rozpoczęcia: 01cdb21e6da5943f Godzina zakończenia:
39 Ścieżka aplikacji: C:\Program Files\Mozilla Firefox\firefox.exe Identyfikator
raportu: e2ff887a-1e11-11e2-834d-001641cabdcc
Error - 2012-10-26 14:00:03 | Computer Name = Zaksia-Komputer | Source = Microsoft-Windows-CAPI2 | ID = 512
Description = Zainicjowanie obiektu System Writer kopii zapasowej VSS przez Usługi
kryptograficzne nie powiodło się. Details: Could not query the status of the EventSystem
service. System Error: Trwa proces zamykania systemu. .
Error - 2012-10-27 07:35:19 | Computer Name = Zaksia-Komputer | Source = Microsoft-Windows-CAPI2 | ID = 512
Description = Zainicjowanie obiektu System Writer kopii zapasowej VSS przez Usługi
kryptograficzne nie powiodło się. Details: Could not query the status of the EventSystem
service. System Error: Trwa proces zamykania systemu. .
[ System Events ]
Error - 2012-10-27 07:45:00 | Computer Name = Zaksia-Komputer | Source = Service Control Manager | ID = 7001
Description = Usługa Usługa listy sieci zależy od usługi Rozpoznawanie lokalizacji
w sieci, której nie można uruchomić z powodu następującego błędu: %%1068
Error - 2012-10-27 07:45:00 | Computer Name = Zaksia-Komputer | Source = Service Control Manager | ID = 7001
Description = Usługa Usługa listy sieci zależy od usługi Rozpoznawanie lokalizacji
w sieci, której nie można uruchomić z powodu następującego błędu: %%1068
Error - 2012-10-27 07:45:00 | Computer Name = Zaksia-Komputer | Source = Service Control Manager | ID = 7001
Description = Usługa Usługa listy sieci zależy od usługi Rozpoznawanie lokalizacji
w sieci, której nie można uruchomić z powodu następującego błędu: %%1068
Error - 2012-10-27 07:45:00 | Computer Name = Zaksia-Komputer | Source = Service Control Manager | ID = 7001
Description = Usługa Usługa listy sieci zależy od usługi Rozpoznawanie lokalizacji
w sieci, której nie można uruchomić z powodu następującego błędu: %%1068
Error - 2012-10-27 07:45:00 | Computer Name = Zaksia-Komputer | Source = Service Control Manager | ID = 7001
Description = Usługa Usługa listy sieci zależy od usługi Rozpoznawanie lokalizacji
w sieci, której nie można uruchomić z powodu następującego błędu: %%1068
Error - 2012-10-27 07:54:43 | Computer Name = Zaksia-Komputer | Source = DCOM | ID = 10005
Description =
Error - 2012-10-27 07:54:43 | Computer Name = Zaksia-Komputer | Source = Microsoft Antimalware | ID = 2001
Description = Produkt %%860 napotkał błąd podczas próby aktualizacji podpisów. Nowa
wersja podpisu: Poprzednia wersja podpisu: 1.139.602.0 Źródło aktualizacji: %%859
Etap
aktualizacji: %%852 Ścieżka źródła: Default URL Typ podpisu: %%800 Typ aktualizacji:
%%803 Użytkownik: ZARZĄDZANIE NT\SYSTEM Bieżąca wersja aparatu: Poprzednia wersja
aparatu: 1.1.8904.0 Kod błędu: 0x8007043c Opis błędu: Tej usługi nie można uruchomić
w trybie awaryjnym
Error - 2012-10-27 08:02:56 | Computer Name = Zaksia-Komputer | Source = DCOM | ID = 10005
Description =
Error - 2012-10-27 08:02:56 | Computer Name = Zaksia-Komputer | Source = DCOM | ID = 10005
Description =
Error - 2012-10-27 08:02:56 | Computer Name = Zaksia-Komputer | Source = Service Control Manager | ID = 7001
Description = Usługa Usługa listy sieci zależy od usługi Rozpoznawanie lokalizacji
w sieci, której nie można uruchomić z powodu następującego błędu: %%1068
< End of report >
Vielen Dank für die Hilfe soweit Geändert von standard22 (27.10.2012 um 13:38 Uhr) |
|
27.10.2012, 22:04
| #4 | ||||
| /// Helfer-Team | Der Computer ist für die Verletzung der Gesetze der bundesrepublik Deutschland wurde blockiertZitat:
Zitat:
Zitat:
Code:
ATTFilter :OTL
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incredibar.com/mb119?a=6OyqZh1KEM&i=26
IE - HKCU\..\SearchScopes,DefaultScope = {CFF4DB9B-135F-47c0-9269-B4C6572FD61A}
IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incredibar.com/mb119/?search={searchTerms}&loc=IB_DS&a=6OyqZh1KEM&i=26
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - prefs.js..browser.search.defaultenginename: "MyStart Search"
FF - prefs.js..extensions.enabledItems: {34EFA911-B536-4C08-BECE-CD5E55C875B0}:1.0
FF - prefs.js..keyword.URL: "http://mystart.incredibar.com/mb119/?loc=IB_DS&a=6OyqZh1KEM&&i=26&search="
[2012-08-19 13:01:27 | 000,172,310 | ---- | M] () (No name found) -- C:\Users\Zaksia\AppData\Roaming\mozilla\firefox\profiles\bi55tgd6.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi
[2012-01-26 20:24:38 | 000,002,203 | ---- | M] () -- C:\Users\Zaksia\AppData\Roaming\mozilla\firefox\profiles\bi55tgd6.default\searchplugins\MyStart Search.xml
[2012-08-19 13:01:28 | 000,003,915 | ---- | M] () -- C:\Users\Zaksia\AppData\Roaming\mozilla\firefox\profiles\bi55tgd6.default\searchplugins\sweetim.xml
CHR - homepage: http://mystart.incredibar.com/mb119?a=6OyqZh1KEM&i=26
CHR - default_search_provider: MyStart Search (Enabled)
CHR - default_search_provider: search_url = http://mystart.incredibar.com/mb119/?loc=IB_DS&search={searchTerms}&a=6OyqZh1KEM&i=26
CHR - homepage: http://mystart.incredibar.com/mb119?a=6OyqZh1KEM&i=26
CHR - Extension: SweetIM for Facebook = C:\Users\Zaksia\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0\Copy of
CHR - Extension: SweetIM for Facebook = C:\Users\Zaksia\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0\
CHR - Extension: SweetIM for Facebook = C:\Users\Zaksia\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0\Copy of
CHR - Extension: SweetIM for Facebook = C:\Users\Zaksia\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0\
O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [Sweetpacks Communicator] C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe (SweetIM Technologies Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
[2012-10-26 21:40:55 | 000,000,000 | ---D | C] -- C:\Users\Zaksia\AppData\Roaming\hellomoto
[2012-10-25 23:55:09 | 000,000,000 | ---D | C] -- C:\Users\Zaksia\AppData\Roaming\Xouvp
[2012-10-25 23:55:09 | 000,000,000 | ---D | C] -- C:\Users\Zaksia\AppData\Roaming\Isgui
[2012-10-25 23:55:09 | 000,000,000 | ---D | C] -- C:\Users\Zaksia\AppData\Roaming\Emce
[2012-07-09 17:25:23 | 004,503,728 | ---- | C] () -- C:\ProgramData\nud0repor.pad
[2012-10-26 21:41:22 | 000,000,000 | ---D | M] -- C:\Users\Zaksia\AppData\Roaming\hellomoto
:Files
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
2. TDSSKiller von Kaspersky Wichtig:
3. Datensicherung: ► NUR Daten sichern, die nicht ausführbaren Dateien enthalten - Dateiendungen - Dies ist eine Liste von Dateiendungen, die Dateien mit ausführbarem Code bezeichnen können. - Vorsicht mit den schon vorhandenen Dateien auf die extern gespeicherten Daten und auch jetzt mit dem Virus infizierte Dateien eine Datensicherung anzufertigen - Am besten alles was dir sehr wichtig, separat (extern) sichern - nicht mischen eventuell früher geschicherten Daten, also vor dem Befall! - Eventuell gecrackte Software nicht sichern und dann auf neu aufgesetztem System wieder drauf installieren! 4. -> Anleitung: Neuaufsetzen des Systems + Absicherung -> Anleitung zum Neuaufsetzen - Windows XP, Vista und Win7 5. - Vor zurückspielen - bevor du mit deinem PC direkt ins Netz gehst...: - die Autoplay-Funktion für alle Laufwerke deaktivieren/ausschalten -> Autorun/Autoplay gezielt für Laufwerkstypen oder -buchstaben abschalten Die auf eine externe Festplatte gesicherten Daten, gründlich zu scannen von einem suaberen System aus, am besten mit mehreren Scannern-> Kostenlose Online Scanner - Anleitung Absolut empfehlenswerter Scanner: Zitat:
6. Ich würde Dir vorsichtshalber raten, dein Passwort zu ändern z.B. Login-, Mail- oder Website-Passwörter Tipps: Die sichere Passwort-Wahl - (sollte man eigentlich regelmäßigen Abständen ca. alle 3-5 Monate ändern) auch noch hier unter: Sicheres Kennwort (Password) gruß kira
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
|
28.10.2012, 00:46
| #5 |
| | Der Computer ist für die Verletzung der Gesetze der bundesrepublik Deutschland wurde blockiert Hallo, vielen Dank für die lange Antwort. ich werde mich morgen früh damit im Detail beschäftigen. Nur eines in Kürze... Ich bin mir nicht sicher, ob es ein Verschlüsselungstrojaner ... ich hatte das nur irgendwo aufgeschnappt und dachte es ist der gleiche. Nur zu Klarstellung, ich habe mir den Virus eingefangen, der meinen computer blockiert und mich zum zahlen per ukash auffordert. Aber wie gesagt, morgen beschäftige ich mir tiefgehender damit. Danke bis hierhin |
|
28.10.2012, 05:55
| #6 |
| /// Helfer-Team | Der Computer ist für die Verletzung der Gesetze der bundesrepublik Deutschland wurde blockiert wenn Du alle deine Daten "normal" öffnen kannst, dann sind sie nicht verschlüsselt!
__________________ --> Der Computer ist für die Verletzung der Gesetze der bundesrepublik Deutschland wurde blockiert |
|
28.10.2012, 21:37
| #7 |
| | Der Computer ist für die Verletzung der Gesetze der bundesrepublik Deutschland wurde blockiert Hallo Kira, es tut mir wirklich Leid, dass ich Dich irregeführt habe, indem ich die Bezeichnung "Verschlüsselungstrojaner" verwendet habe. Ich kenne mich überhaupr nicht aus und dazu komme aus Polen. Ich habe diese Bezeichnung in einem Forum gelesen und dachte, so heisst mein Trojaner... nächstes Mal werde ich vorsichtiger mit meiner Wortwahl sein. Ich bin wirklich sehr dankbar, dass du mir hilfst. Ich hoffe, dass nach meinem dummen Fehler machst du das immer noch? Ich weiss es nämlich nicht, ob deine letzten Anleitungen immer noch gültig sind... seitdem du weisst, dass wir nicht mit einem Verschlüsselungstrojaner zu tun haben. Könntest Du mir bitte kurz Bescheid geben, welche Punkte ich ausführen soll? Ich habe heute die Punkte 1 und 2 durchgeführt. Unten poste ich die OTL Logs. Kaspersky TDSSKiller hat keine Threats (0 threats) entdeckt. Code:
ATTFilter All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}\ not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
Prefs.js: "MyStart Search" removed from browser.search.defaultenginename
Prefs.js: {34EFA911-B536-4C08-BECE-CD5E55C875B0}:1.0 removed from extensions.enabledItems
Prefs.js: "hxxp://mystart.incredibar.com/mb119/?loc=IB_DS&a=6OyqZh1KEM&&i=26&search=" removed from keyword.URL
C:\Users\Zaksia\AppData\Roaming\mozilla\firefox\profiles\bi55tgd6.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi moved successfully.
C:\Users\Zaksia\AppData\Roaming\mozilla\firefox\profiles\bi55tgd6.default\searchplugins\MyStart Search.xml moved successfully.
C:\Users\Zaksia\AppData\Roaming\mozilla\firefox\profiles\bi55tgd6.default\searchplugins\sweetim.xml moved successfully.
Use Chrome's Settings page to change the HomePage.
Use Chrome's Settings page to remove the default_search_provider items.
Use Chrome's Settings page to remove the default_search_provider items.
Use Chrome's Settings page to change the HomePage.
File C:\Users\Zaksia\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0\Copy of not found.
C:\Users\Zaksia\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0 folder moved successfully.
File C:\Users\Zaksia\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0\Copy of not found.
File C:\Users\Zaksia\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0 not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}\ deleted successfully.
C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{EEE6C35B-6118-11DC-9C72-001320C79847} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}\ deleted successfully.
File C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SweetIM deleted successfully.
C:\Program Files\SweetIM\Messenger\SweetIM.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Sweetpacks Communicator deleted successfully.
C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
C:\Users\Zaksia\AppData\Roaming\hellomoto folder moved successfully.
C:\Users\Zaksia\AppData\Roaming\Xouvp folder moved successfully.
C:\Users\Zaksia\AppData\Roaming\Isgui folder moved successfully.
C:\Users\Zaksia\AppData\Roaming\Emce folder moved successfully.
C:\ProgramData\nud0repor.pad moved successfully.
Folder C:\Users\Zaksia\AppData\Roaming\hellomoto\ not found.
========== FILES ==========
< ipconfig /flushdns /c >
Konfiguracja IP systemu Windows
Nie moľna opr˘ľni† pami©ci podr©cznej programu rozpoznawania nazw DNS: Niepowodzenie funkcji podczas jej wykonywania.
C:\Users\Zaksia\Desktop\cmd.bat deleted successfully.
C:\Users\Zaksia\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Public
->Temp folder emptied: 0 bytes
User: Zaksia
->Temp folder emptied: 3415228408 bytes
->Temporary Internet Files folder emptied: 257054727 bytes
->Java cache emptied: 44361 bytes
->FireFox cache emptied: 169014377 bytes
->Google Chrome cache emptied: 6354147 bytes
->Flash cache emptied: 66489 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 27739720 bytes
RecycleBin emptied: 142691851 bytes
Total Files Cleaned = 3*832,00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 10282012_201724
Files\Folders moved on Reboot...
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
standard22 Geändert von standard22 (28.10.2012 um 21:58 Uhr) |
|
29.10.2012, 11:31
| #8 |
| /// Helfer-Team | Der Computer ist für die Verletzung der Gesetze der bundesrepublik Deutschland wurde blockiert wie gesagt, das System soll neu aufgesetzt werden, aber vorher die Schritte von hier bitte noch erledigen (empfohlen) - ab Punkt 2. weiter:-> http://www.trojaner-board.de/126169-...tml#post946642
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
|
| Themen zu Der Computer ist für die Verletzung der Gesetze der bundesrepublik Deutschland wurde blockiert |
| anti-malware, bundesrepublik, computer, der computer ist für die verletzung der gesetze, deutschland, entstanden, gesetze, malwarebytes, malwarebytes anti-malware, modus, pup.bundleinstaller.bi, rogue.systemprogressiveprotection, rootkit.0access, shell32.dll, trojan.0access, trojan.fakealert, trojan.lameshield, trojan.ransom.fgen, trojaner, verletzung, verletzung der gesetze, verschlüsselungs, verschlüsselungstrojaner, windows, windows 7 |
.
Linear-Darstellung
