|
Plagegeister aller Art und deren Bekämpfung: Trojaner Ukash BundespolizeiWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
27.10.2012, 17:17 | #1 |
| Trojaner Ukash Bundespolizei Hallo, ich brauche dringend Hilfe. Meine Seite funktioniet nicht mehr seitdem ich die Meldung darüber erhalten habe, dass mein Pc durch die Bundespolizei gesperrt worden ist. Seitdem geht fast gar nichts mehr! Ich bedanke mich schon jetzt recht herzlichst: Scanlog: Malwarebytes Anti-Malware (Test) 1.65.1.1000 www.malwarebytes.org Datenbank Version: v2012.10.27.04 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 Pandito :: SHERLY-NOTEBOOK [Administrator] Schutz: Aktiviert 27.10.2012 13:45:48 mbam-log-2012-10-27 (13-45-48).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 486896 Laufzeit: 4 Stunde(n), 23 Minute(n), 9 Sekunde(n) Infizierte Speicherprozesse: 1 C:\Program Files\BrowserCompanion\BCHelper.exe (PUP.Blabbers) -> 3256 -> Löschen bei Neustart. Infizierte Speichermodule: 1 C:\Program Files\BrowserCompanion\sqlite3.dll (PUP.Blabbers) -> Löschen bei Neustart. Infizierte Registrierungsschlüssel: 24 HKCR\CLSID\{00cbb66b-1d3b-46d3-9577-323a336acb50} (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\TypeLib\{8830DDF0-3042-404D-A62C-384A85E34833} (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\Interface\{817923CB-4744-4216-B250-CF7EDA8F1767} (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\wit4ie.WitBHO.2 (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\wit4ie.WitBHO (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00CBB66B-1D3B-46D3-9577-323A336ACB50} (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00CBB66B-1D3B-46D3-9577-323A336ACB50} (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00CBB66B-1D3B-46D3-9577-323A336ACB50} (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\CLSID\{5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\TypeLib\{830B56CB-FD22-44AA-9887-7898F4F4158D} (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\tdataprotocol.CTData.1 (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\tdataprotocol.CTData (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\CLSID\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\TypeLib\{955B782E-CDC8-4CEE-B6F6-AD7D541A8D8A} (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\Interface\{9F0C17EB-EF2C-4278-9136-2D547656BC03} (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\updatebho.TimerBHO.1 (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\updatebho.TimerBHO (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BrowserCompanion (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\PROTOCOLS\HANDLER\BASE64 (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\PROTOCOLS\HANDLER\CHROME (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\PROTOCOLS\HANDLER\PROX (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 4 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Browser companion helper (PUP.Blabbers) -> Daten: C:\Program Files\BrowserCompanion\BCHelper.exe /T=3 -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\protocols\Handler\base64|CLSID (PUP.Blabbers) -> Daten: {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\protocols\Handler\chrome|CLSID (PUP.Blabbers) -> Daten: {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\protocols\Handler\prox|CLSID (PUP.Blabbers) -> Daten: {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 2 C:\Program Files\BrowserCompanion (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Recycle.Bin (Trojan.Spyeyes) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateien: 17 C:\Program Files\BrowserCompanion\blabbers-ff-full.xpi (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Program Files\BrowserCompanion\logo.ico (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Program Files\BrowserCompanion\BCHelper.exe (PUP.Blabbers) -> Löschen bei Neustart. C:\Program Files\BrowserCompanion\jsloader.dll (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\BrowserCompanion\tdataprotocol.dll (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\BrowserCompanion\updatebhoWin32.dll (PUP.Blabbers) -> Löschen bei Neustart. C:\Users\Pandito\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0TMDAA92\readme[1].exe (Trojan.FakeMS) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Pandito.Sherly-Notebook\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LQ728Z9E\lnsXbN[1] (Backdoor.Bot.citdl) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Pandito.Sherly-Notebook\AppData\Local\Temp\tmp07d549b8\movflurs.exe (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\schidil wisa män\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R8G0EAO9\readme[1].exe (Trojan.FakeMS) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Pandito\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk (Trojan.Ransom.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\schidil wisa män\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk (Trojan.Ransom.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\BrowserCompanion\sqlite3.dll (PUP.Blabbers) -> Löschen bei Neustart. C:\Program Files\BrowserCompanion\toolbar.dll (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\BrowserCompanion\uninstall.exe (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\BrowserCompanion\updater.ini (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\BrowserCompanion\widgetserv.exe (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) bin dabei die weiteren Schritte durchzugehen...dauert nur ein wenig länger OTL Logfile: Code:
ATTFilter OTL logfile created on: 27.10.2012 18:33:20 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Pandito.Sherly-Notebook\Downloads Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,99 Gb Total Physical Memory | 0,61 Gb Available Physical Memory | 30,49% Memory free 4,22 Gb Paging File | 2,50 Gb Available in Paging File | 59,21% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 231,38 Gb Total Space | 95,02 Gb Free Space | 41,07% Space Free | Partition Type: NTFS Computer Name: SHERLY-NOTEBOOK | User Name: Pandito | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.10.27 18:32:17 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Pandito.Sherly-Notebook\Downloads\OTL.exe PRC - [2012.10.19 22:19:24 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe PRC - [2012.09.29 19:54:26 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2012.08.09 00:56:57 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.05.10 13:09:35 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.10 13:09:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2012.05.10 13:09:34 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2012.02.27 14:43:07 | 000,801,792 | ---- | M] (Yuna Software) -- C:\Programme\Yuna Software\Messenger Plus!\PlusService.exe PRC - [2012.01.21 17:36:54 | 003,045,688 | ---- | M] (Emsi Software GmbH) -- C:\Programme\Emsisoft Anti-Malware\a2service.exe PRC - [2011.12.08 03:33:26 | 003,508,624 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Programme\Samsung\Kies\KiesTrayAgent.exe PRC - [2011.03.28 21:31:16 | 000,193,920 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE PRC - [2011.03.28 21:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE PRC - [2011.01.05 10:35:54 | 000,602,872 | ---- | M] (Cisco Systems, Inc.) -- C:\Programme\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe PRC - [2010.05.21 00:59:30 | 011,312,128 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.bin PRC - [2010.05.21 00:59:28 | 011,318,784 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.exe PRC - [2009.11.06 13:03:46 | 000,033,280 | ---- | M] (Palm) -- C:\Programme\Palm, Inc\novacom\x86\novacomd.exe PRC - [2009.04.11 08:28:03 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.04.11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe PRC - [2008.09.23 16:17:44 | 000,251,184 | ---- | M] (BIT LEADER) -- C:\Programme\lg_swupdate\GiljabiStart.exe PRC - [2008.01.19 09:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe PRC - [2007.10.03 16:45:02 | 000,358,936 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe PRC - [2007.10.03 16:44:58 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe PRC - [2007.09.26 10:53:56 | 000,554,352 | ---- | M] (Symantec Corporation) -- C:\Programme\Symantec\LiveUpdate\AluSchedulerSvc.exe PRC - [2007.07.25 17:06:30 | 002,027,792 | ---- | M] () -- C:\Programme\Logitech\QuickCam\Quickcam.exe PRC - [2007.07.25 17:02:54 | 000,563,984 | ---- | M] () -- C:\Programme\Common Files\logishrd\LComMgr\Communications_Helper.exe PRC - [2007.07.25 17:02:32 | 000,403,728 | ---- | M] (Logitech Inc.) -- C:\Programme\Common Files\logishrd\LQCVFX\COCIManager.exe PRC - [2007.07.20 01:40:48 | 000,137,752 | ---- | M] (Logitech Inc.) -- C:\Programme\Common Files\logishrd\LVMVFM\LVPrcSrv.exe PRC - [2007.07.20 01:38:54 | 000,186,904 | ---- | M] (Logitech Inc.) -- C:\Programme\Common Files\logishrd\LVCOMSER\LVComSer.exe PRC - [2006.10.24 23:08:40 | 000,107,112 | ---- | M] (Symantec Corporation) -- C:\Programme\Common Files\Symantec Shared\ccApp.exe PRC - [2006.10.24 23:08:20 | 000,107,624 | ---- | M] (Symantec Corporation) -- C:\Programme\Common Files\Symantec Shared\ccSvcHst.exe PRC - [2006.09.20 19:05:16 | 000,046,736 | ---- | M] (Symantec Corporation) -- C:\Programme\Common Files\Symantec Shared\AppCore\AppSvc32.exe PRC - [2005.01.14 16:32:38 | 000,053,248 | ---- | M] () -- C:\Windows\System32\PAStiSvc.exe ========== Modules (No Company Name) ========== MOD - [2012.10.19 22:19:20 | 002,294,240 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll MOD - [2012.06.16 09:34:52 | 001,711,616 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\2467a133aee73396c830b9b0a9c7ec0d\Microsoft.VisualBasic.ni.dll MOD - [2012.06.16 09:28:28 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll MOD - [2012.06.16 09:28:15 | 001,592,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll MOD - [2012.05.12 16:46:08 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\f3d4d5fe5ab848fbfcf91a49960dc8ae\System.Management.ni.dll MOD - [2012.05.12 16:44:50 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\846b9cf2756fdd15f704c9bab9c70b6f\System.Runtime.Remoting.ni.dll MOD - [2012.05.12 16:44:03 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bd76aaaa03ddc15d1840207b5a480644\System.Configuration.ni.dll MOD - [2012.05.12 16:43:52 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\1b337cf9a031145849bc48c11b2cfe58\Accessibility.ni.dll MOD - [2012.05.12 16:42:11 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll MOD - [2012.05.12 16:40:15 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll MOD - [2012.05.12 16:40:06 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll MOD - [2011.06.24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011.06.24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2010.05.04 16:36:28 | 000,970,752 | ---- | M] () -- C:\Programme\OpenOffice.org 3\program\libxml2.dll MOD - [2009.03.30 06:42:13 | 000,372,736 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll MOD - [2009.03.30 06:42:12 | 000,434,176 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll MOD - [2009.03.30 06:42:12 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll MOD - [2009.03.30 06:42:12 | 000,167,936 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Xml.resources\2.0.0.0_de_b77a5c561934e089\System.Xml.resources.dll MOD - [2009.03.30 06:42:11 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2007.07.25 17:13:54 | 000,098,064 | ---- | M] () -- C:\Programme\Logitech\QuickCam\LAppRes.DLL MOD - [2007.07.25 17:06:30 | 002,027,792 | ---- | M] () -- C:\Programme\Logitech\QuickCam\Quickcam.exe MOD - [2007.07.25 17:04:38 | 000,149,264 | ---- | M] () -- C:\Programme\Common Files\logishrd\LComMgr\LogiVOIPDevicePlugin.dll MOD - [2007.07.25 17:04:14 | 000,165,136 | ---- | M] () -- C:\Programme\Common Files\logishrd\LComMgr\LogiCordless4001.dll MOD - [2007.07.25 17:04:02 | 000,138,000 | ---- | M] () -- C:\Programme\Common Files\logishrd\LComMgr\LogiCordless.dll MOD - [2007.07.25 17:03:18 | 000,167,184 | ---- | M] () -- C:\Programme\Logitech\QuickCam\EFVal.dll MOD - [2007.07.25 17:02:54 | 000,563,984 | ---- | M] () -- C:\Programme\Common Files\logishrd\LComMgr\Communications_Helper.exe MOD - [2007.07.25 17:02:54 | 000,343,312 | ---- | M] () -- C:\Programme\Common Files\logishrd\LComMgr\DevMngr.dll MOD - [2007.07.20 01:39:16 | 000,068,120 | ---- | M] () -- C:\Programme\Common Files\logishrd\LVCOMSER\LVCSPS.dll MOD - [2007.02.06 14:00:00 | 000,009,728 | ---- | M] () -- C:\Programme\lg_swupdate\AxInterop.InetCtlsObjects.dll ========== Services (SafeList) ========== SRV - [2012.10.19 22:19:21 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.10.08 22:18:39 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.05.10 13:09:35 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.10 13:09:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.03.08 18:32:24 | 001,492,840 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Live\Family Safety\fsssvc.exe -- (fsssvc) SRV - [2012.01.21 17:36:54 | 003,045,688 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- C:\Programme\Emsisoft Anti-Malware\a2service.exe -- (a2AntiMalware) SRV - [2011.03.28 21:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2011.01.05 10:35:54 | 000,602,872 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Programme\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent) SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Programme\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2009.11.06 13:03:46 | 000,033,280 | ---- | M] (Palm) [Auto | Running] -- C:\Programme\Palm, Inc\novacom\x86\novacomd.exe -- (NovacomD) SRV - [2008.09.23 16:49:13 | 001,251,720 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC) SRV - [2008.01.29 17:38:32 | 000,583,048 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service) SRV - [2008.01.19 09:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2008.01.19 09:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2007.10.03 16:45:02 | 000,358,936 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) SRV - [2007.09.26 10:53:56 | 002,999,664 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Programme\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate) SRV - [2007.09.26 10:53:56 | 000,554,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Programme\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatisches LiveUpdate - Scheduler) SRV - [2007.07.20 01:42:30 | 000,141,848 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Programme\Common Files\logishrd\SrvLnch\SrvLnch.exe -- (LVSrvLauncher) SRV - [2007.07.20 01:40:48 | 000,137,752 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Programme\Common Files\logishrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv) SRV - [2007.07.20 01:38:54 | 000,186,904 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Programme\Common Files\logishrd\LVCOMSER\LVComSer.exe -- (LVCOMSer) SRV - [2006.10.27 01:18:36 | 000,080,552 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Programme\Norton AntiVirus\isPwdSvc.exe -- (ISPwdSvc) SRV - [2006.10.24 23:08:20 | 000,107,624 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (LiveUpdate Notice Ex) SRV - [2006.10.24 23:08:20 | 000,107,624 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService) SRV - [2006.10.24 23:08:20 | 000,107,624 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr) SRV - [2006.10.24 23:08:20 | 000,107,624 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr) SRV - [2006.09.20 19:05:16 | 000,046,736 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Programme\Common Files\Symantec Shared\AppCore\AppSvc32.exe -- (SymAppCore) SRV - [2005.01.14 16:32:38 | 000,053,248 | ---- | M] () [Auto | Running] -- C:\Windows\System32\PAStiSvc.exe -- (STI Simulator) SRV - [2003.07.28 20:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive) DRV - [2012.09.29 19:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2012.05.10 13:09:35 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2012.05.10 13:09:35 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2012.01.21 17:37:49 | 000,051,632 | ---- | M] (Emsi Software GmbH) [File_System | On_Demand | Stopped] -- C:\Programme\Emsisoft Anti-Malware\a2accx86.sys -- (a2acc) DRV - [2012.01.05 01:01:54 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\taphss.sys -- (taphss) DRV - [2011.10.27 03:25:54 | 000,181,432 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudobex.sys -- (ssudobex) DRV - [2011.10.27 03:25:54 | 000,181,432 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudmdm.sys -- (ssudmdm) DRV - [2011.10.27 03:25:54 | 000,078,136 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudbus.sys -- (dg_ssudbus) DRV - [2011.10.11 15:00:01 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2011.01.05 10:35:54 | 000,019,680 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vpnva.sys -- (vpnva) DRV - [2010.08.04 23:41:04 | 000,006,656 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\iPodDrv.sys -- (iPodDrv) DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2010.05.28 20:24:32 | 001,870,848 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2010.02.25 17:51:02 | 000,025,216 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tap0901.sys -- (tap0901) DRV - [2009.08.03 20:07:12 | 000,038,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\symndisv.sys -- (SYMNDISV) DRV - [2009.08.03 20:07:10 | 000,188,080 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\symtdi.sys -- (SYMTDI) DRV - [2009.08.03 20:07:10 | 000,145,968 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\symfw.sys -- (SYMFW) DRV - [2009.08.03 20:07:10 | 000,039,856 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\symids.sys -- (SYMIDS) DRV - [2009.08.03 20:07:10 | 000,026,416 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\symredrv.sys -- (SYMREDRV) DRV - [2009.08.03 20:07:10 | 000,012,720 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\symdns.sys -- (SYMDNS) DRV - [2009.04.16 17:45:25 | 000,124,464 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent) DRV - [2009.04.11 06:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUSB) DRV - [2008.09.17 10:57:04 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Programme\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl) DRV - [2008.09.17 10:57:04 | 000,099,376 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Programme\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv) DRV - [2008.02.06 16:12:24 | 000,197,632 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDART.sys -- (CnxtHdAudAddService) DRV - [2007.07.20 01:39:50 | 002,142,488 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVMVdrv.sys -- (LVMVDrv) DRV - [2007.07.20 01:37:56 | 002,109,592 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Lvckap.sys -- (LVcKap) DRV - [2007.07.19 02:44:22 | 003,599,000 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC) DRV - [2007.07.19 02:44:00 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta) DRV - [2007.07.19 02:42:28 | 001,920,920 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvpopflt.sys -- (lvpopflt) DRV - [2007.07.18 18:42:42 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon) DRV - [2007.01.30 14:23:30 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio) DRV - [2006.11.02 09:30:54 | 001,781,760 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) DRV - [2005.10.18 18:48:38 | 000,154,752 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PA707UCM.SYS -- (PAC7311) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = LG IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = LG IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = LG IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: {b749fc7c-e949-447f-926c-3f4eed6accfe}:0.7.1.1 FF - prefs.js..network.proxy.type: 0 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.10.19 22:19:25 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.10.19 22:19:01 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.10.19 22:19:25 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.10.19 22:19:01 | 000,000,000 | ---D | M] [2012.09.03 19:39:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Pandito.Sherly-Notebook\AppData\Roaming\mozilla\Extensions [2012.10.23 17:18:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Pandito.Sherly-Notebook\AppData\Roaming\mozilla\Firefox\Profiles\xlkuak1l.default\extensions [2012.09.03 21:21:39 | 000,061,705 | ---- | M] () (No name found) -- C:\Users\Pandito.Sherly-Notebook\AppData\Roaming\mozilla\firefox\profiles\xlkuak1l.default\extensions\{b749fc7c-e949-447f-926c-3f4eed6accfe}.xpi [2012.10.19 22:18:56 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.10.19 22:18:56 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012.10.19 22:18:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012.10.19 22:18:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012.10.19 22:19:24 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.06.15 00:46:57 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.09.13 10:35:04 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.06.15 00:46:57 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.06.15 00:46:57 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.15 00:46:57 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.15 00:46:56 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.09.17 08:46:10 | 000,331,192 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 全讯网,åšå½©ä¼˜æƒ*,皇å†*æ*£ç½‘cr67com,皇å†*比分,皇å†*å³æ—¶æŒ‡æ•°,太阳城代ç†112scg,tt娱ä¹åŸŽ8bc8,网上真钱娱 O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 ²©²Êͨ,²©²ÊÍø,½ð±¦²©188,²©²ÊͨÆÀ¼¶,°Ù¼ÒÀÖ,°ÂÃî°Ù¼ÒÀÖ O1 - Hosts: 127.0.0.1 100sexlinks.com - Informationen zum Thema Sex links. Diese Website steht zum Verkauf! O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 11345 more lines... O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation) O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation) O4 - HKLM..\Run: [KiesTrayAgent] C:\Programme\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKLM..\Run: [LG Intelligent Update] C:\Program Files\lg_swupdate\giljabistart.exe (BIT LEADER) O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe () O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\QuickCam\Quickcam.exe () O4 - HKLM..\Run: [osCheck] C:\Program Files\Norton AntiVirus\osCheck.exe (Symantec Corporation) O4 - HKLM..\Run: [PlusService] C:\Programme\Yuna Software\Messenger Plus!\PlusService.exe (Yuna Software) O4 - HKLM..\Run: [SwitchBoard] C:\Programme\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [uxyto.exe] C:\Users\Pandito.Sherly-Notebook\AppData\Roaming\Taecp\uxyto.exe File not found O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - Startup: C:\Users\Pandito.Sherly-Notebook\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe () O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} hxxp://gfx2.hotmail.com/mail/w3/pr01/resources/VistaMSNPUpldde-de.cab (MSN Photo Upload Tool) O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab (Solitaire Showdown Class) O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} hxxp://static.pe.studivz.net/photouploader/ImageUploader5.cab?nocache=1224341952 (Image Uploader Control) O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/DE-DE/a-UNO1/GAME_UNO1.cab (UnoCtrl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 10.9.2) O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class) O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 10.9.2) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab (Minesweeper Flags Class) O16 - DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 vpnweb.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{20B93560-8496-437E-B70F-F6360DFDCC79}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk /r \??\C:) O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.10.27 13:42:52 | 000,000,000 | ---D | C] -- C:\Users\Pandito.Sherly-Notebook\AppData\Roaming\Malwarebytes [2012.10.27 13:42:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.10.27 13:42:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.10.27 13:42:39 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.10.27 13:42:39 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.10.19 22:18:55 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2012.10.18 00:52:54 | 000,000,000 | ---D | C] -- C:\Users\Pandito.Sherly-Notebook\Desktop\Kendrick Lamar - good kid maad city (deluxe) [2012.10.15 17:25:29 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2012.09.30 16:14:53 | 000,000,000 | ---D | C] -- C:\Users\Pandito.Sherly-Notebook\AppData\Roaming\Taecp [2012.09.30 16:14:53 | 000,000,000 | ---D | C] -- C:\Users\Pandito.Sherly-Notebook\AppData\Roaming\Mariac [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.10.27 18:29:54 | 000,000,000 | ---- | M] () -- C:\Users\Pandito.Sherly-Notebook\defogger_reenable [2012.10.27 18:21:22 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.10.27 18:21:22 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.10.27 18:21:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.10.27 18:21:07 | 2137,448,448 | -HS- | M] () -- C:\hiberfil.sys [2012.10.27 18:18:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.10.27 18:10:00 | 000,000,936 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2840146642-603267185-3502564834-1001UA.job [2012.10.27 16:53:00 | 000,001,182 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2840146642-603267185-3502564834-1000UA.job [2012.10.27 13:42:42 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.10.26 22:53:00 | 000,001,160 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2840146642-603267185-3502564834-1000Core.job [2012.10.26 21:10:00 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2840146642-603267185-3502564834-1001Core.job [2012.10.26 16:20:57 | 000,088,406 | ---- | M] () -- C:\Users\Pandito.Sherly-Notebook\Desktop\0050e7ca956111e18bb812313804a181_7.jpg [2012.10.25 11:02:43 | 000,293,843 | ---- | M] () -- C:\Users\Pandito.Sherly-Notebook\Desktop\tumblr_mb2bdg48X41qlujc9o1_500.jpg [2012.10.25 10:42:06 | 000,227,100 | ---- | M] () -- C:\Users\Pandito.Sherly-Notebook\Desktop\tumblr_mcfdbyoeG41qcwdu2o1_500.jpg [2012.10.24 21:25:51 | 000,402,862 | ---- | M] () -- C:\Users\Pandito.Sherly-Notebook\Desktop\tumblr_m2u3b3t1M71qkkonqo1_500.png [2012.10.24 21:19:50 | 000,112,872 | ---- | M] () -- C:\Users\Pandito.Sherly-Notebook\Desktop\tumblr_mces4rQFhn1rn2s32o1_1280.jpg [2012.10.24 14:20:45 | 000,419,140 | ---- | M] () -- C:\Users\Pandito.Sherly-Notebook\Desktop\tumblr_m9rxpaG6Xj1rfy3yoo1_500.jpg [2012.10.19 09:23:52 | 000,004,608 | ---- | M] () -- C:\Users\Pandito.Sherly-Notebook\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.10.18 21:53:49 | 000,027,621 | ---- | M] () -- C:\Users\Pandito.Sherly-Notebook\Documents\28709_103646766347492_2613034_n.jpg [2012.10.18 00:52:07 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.10.18 00:52:07 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.10.18 00:52:07 | 000,126,260 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.10.18 00:52:07 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.10.09 20:22:26 | 001,221,459 | ---- | M] () -- C:\Users\Pandito.Sherly-Notebook\Desktop\video-2012-10-09-14-27-41.mp4 [2012.10.09 11:21:22 | 000,908,830 | ---- | M] () -- C:\Users\Pandito.Sherly-Notebook\Desktop\2012-10-09 12.36.55.jpg [2012.10.07 14:54:16 | 000,035,232 | ---- | M] () -- C:\Users\Pandito.Sherly-Notebook\Desktop\versace-for-h-and-m-leather-studded-jacket-profile.jpg [2012.10.06 14:36:39 | 000,001,887 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2012.10.03 14:48:32 | 000,001,465 | ---- | M] () -- C:\Users\Pandito.Sherly-Notebook\Desktop\Kündigung.rtf [2012.09.29 19:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.09.28 13:00:11 | 001,909,379 | ---- | M] () -- C:\Users\Pandito.Sherly-Notebook\Desktop\IMG_7570.JPG [2012.09.28 12:59:57 | 001,497,755 | ---- | M] () -- C:\Users\Pandito.Sherly-Notebook\Desktop\IMG_7560.JPG [2012.09.28 12:59:54 | 002,008,076 | ---- | M] () -- C:\Users\Pandito.Sherly-Notebook\Desktop\IMG_7566.JPG [2012.09.28 12:59:36 | 001,338,733 | ---- | M] () -- C:\Users\Pandito.Sherly-Notebook\Desktop\IMG_7579.JPG [2012.09.28 12:59:31 | 001,985,474 | ---- | M] () -- C:\Users\Pandito.Sherly-Notebook\Desktop\IMG_7562.JPG [2012.09.28 12:22:51 | 001,204,775 | ---- | M] () -- C:\Users\Pandito.Sherly-Notebook\Desktop\IMG_7559.JPG [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.10.27 18:29:54 | 000,000,000 | ---- | C] () -- C:\Users\Pandito.Sherly-Notebook\defogger_reenable [2012.10.27 13:42:42 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.10.26 16:20:52 | 000,088,406 | ---- | C] () -- C:\Users\Pandito.Sherly-Notebook\Desktop\0050e7ca956111e18bb812313804a181_7.jpg [2012.10.25 11:02:42 | 000,293,843 | ---- | C] () -- C:\Users\Pandito.Sherly-Notebook\Desktop\tumblr_mb2bdg48X41qlujc9o1_500.jpg [2012.10.25 10:42:06 | 000,227,100 | ---- | C] () -- C:\Users\Pandito.Sherly-Notebook\Desktop\tumblr_mcfdbyoeG41qcwdu2o1_500.jpg [2012.10.24 21:25:50 | 000,402,862 | ---- | C] () -- C:\Users\Pandito.Sherly-Notebook\Desktop\tumblr_m2u3b3t1M71qkkonqo1_500.png [2012.10.24 21:19:49 | 000,112,872 | ---- | C] () -- C:\Users\Pandito.Sherly-Notebook\Desktop\tumblr_mces4rQFhn1rn2s32o1_1280.jpg [2012.10.24 14:20:44 | 000,419,140 | ---- | C] () -- C:\Users\Pandito.Sherly-Notebook\Desktop\tumblr_m9rxpaG6Xj1rfy3yoo1_500.jpg [2012.10.18 21:53:48 | 000,027,621 | ---- | C] () -- C:\Users\Pandito.Sherly-Notebook\Documents\28709_103646766347492_2613034_n.jpg [2012.10.09 20:22:01 | 001,221,459 | ---- | C] () -- C:\Users\Pandito.Sherly-Notebook\Desktop\video-2012-10-09-14-27-41.mp4 [2012.10.09 20:22:00 | 000,908,830 | ---- | C] () -- C:\Users\Pandito.Sherly-Notebook\Desktop\2012-10-09 12.36.55.jpg [2012.10.07 14:54:15 | 000,035,232 | ---- | C] () -- C:\Users\Pandito.Sherly-Notebook\Desktop\versace-for-h-and-m-leather-studded-jacket-profile.jpg [2012.10.06 14:35:20 | 000,002,425 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk [2012.10.06 14:35:20 | 000,001,887 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2012.10.03 14:48:32 | 000,001,465 | ---- | C] () -- C:\Users\Pandito.Sherly-Notebook\Desktop\Kündigung.rtf [2012.09.30 04:47:30 | 000,004,608 | ---- | C] () -- C:\Users\Pandito.Sherly-Notebook\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.09.28 12:56:42 | 001,338,733 | ---- | C] () -- C:\Users\Pandito.Sherly-Notebook\Desktop\IMG_7579.JPG [2012.09.28 12:56:39 | 001,909,379 | ---- | C] () -- C:\Users\Pandito.Sherly-Notebook\Desktop\IMG_7570.JPG [2012.09.28 12:56:38 | 002,008,076 | ---- | C] () -- C:\Users\Pandito.Sherly-Notebook\Desktop\IMG_7566.JPG [2012.09.28 12:56:37 | 001,985,474 | ---- | C] () -- C:\Users\Pandito.Sherly-Notebook\Desktop\IMG_7562.JPG [2012.09.28 12:56:36 | 001,497,755 | ---- | C] () -- C:\Users\Pandito.Sherly-Notebook\Desktop\IMG_7560.JPG [2012.09.28 12:56:36 | 001,204,775 | ---- | C] () -- C:\Users\Pandito.Sherly-Notebook\Desktop\IMG_7559.JPG [2012.08.31 12:18:44 | 004,503,728 | ---- | C] () -- C:\ProgramData\0tbpw.pad [2012.01.12 16:13:33 | 000,058,163 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini [2011.10.31 12:22:42 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2011.10.31 12:22:40 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll [2011.10.31 12:22:40 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll [2011.10.31 12:22:40 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll [2011.10.31 12:22:38 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll [2011.10.14 11:24:03 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI [2010.09.14 17:54:49 | 000,000,127 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc [2008.11.26 00:01:20 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat ========== ZeroAccess Check ========== [2006.11.02 14:54:18 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 08:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2012.10.05 02:23:15 | 000,000,000 | ---D | M] -- C:\Users\Pandito.Sherly-Notebook\AppData\Roaming\Mariac [2012.09.25 12:23:11 | 000,000,000 | ---D | M] -- C:\Users\Pandito.Sherly-Notebook\AppData\Roaming\OpenOffice.org [2012.10.05 01:58:28 | 000,000,000 | ---D | M] -- C:\Users\Pandito.Sherly-Notebook\AppData\Roaming\Taecp ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 64 bytes -> C:\Users\Pandito.Sherly-Notebook\Desktop\video-2012-10-09-14-27-41.mp4:TOC.WMV < End of report > OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 27.10.2012 18:33:20 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Pandito.Sherly-Notebook\Downloads Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,99 Gb Total Physical Memory | 0,61 Gb Available Physical Memory | 30,49% Memory free 4,22 Gb Paging File | 2,50 Gb Available in Paging File | 59,21% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 231,38 Gb Total Space | 95,02 Gb Free Space | 41,07% Space Free | Partition Type: NTFS Computer Name: SHERLY-NOTEBOOK | User Name: Pandito | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" () Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "UacDisableNotify" = 1 "InternetSettingsDisableNotify" = 1 "AutoUpdateDisableNotify" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{741DEC80-24A1-40D6-B9CB-CA1A353409C3}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{D8C8D6C3-DA89-4793-9EB1-04241E514C1B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{ED35DEC4-6A1F-4702-8DFA-7B3042371D46}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{FBBF46BE-2B76-475B-B28F-0554ED425A6E}" = lport=2869 | protocol=6 | dir=in | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0FDA2838-76B6-42D1-B466-66B83A8BCEA2}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe | "{1ABC6F61-C3E3-4653-B5E5-CC8DFF40EF23}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | "{28865C62-9E26-4064-9942-1ADD717B6BEC}" = dir=in | app=c:\program files\itunes\itunes.exe | "{3DDBE938-02EF-48F9-A84B-BF5FF1CBE401}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | "{67E4C212-5C5B-4EC8-B936-D41C08536D24}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | "{68846423-F94E-44EF-B445-CD1AC1B87656}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{7BF0941A-4F6C-418F-838B-B2FF93961637}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{ACBBB2C5-61B2-4D08-B8EB-6B05F22D4D4D}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe | "{CD443F66-C283-4412-8976-5500C54C34CA}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{D5DE42CE-EB6E-4B26-ADB2-865428D222B7}" = dir=in | app=c:\users\schidil wisa män\appdata\local\facebook\video\skype\facebookvideocalling.exe | "{E18C96F1-367D-4BBD-B049-5BB20E329CC0}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "TCP Query User{0E73033C-C609-4DE1-8E41-63898A0F561E}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "TCP Query User{69180E2D-317F-48CF-93D4-B3664126E572}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe | "TCP Query User{87CB1787-BDB5-4C3C-B730-26E814804676}C:\users\pandito\appdata\local\facebook\video\skype\facebookvideocalling.exe" = protocol=6 | dir=in | app=c:\users\pandito\appdata\local\facebook\video\skype\facebookvideocalling.exe | "TCP Query User{B8B78552-829F-4C29-BE9C-0C82FE547D29}D:\kaspersky\setup.exe" = protocol=6 | dir=in | app=d:\kaspersky\setup.exe | "TCP Query User{BCB1174B-6E1F-490E-89FB-64318BD05732}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | "UDP Query User{332D9CF9-D16F-4C5D-9DF7-E4B7CDAA2677}C:\users\pandito\appdata\local\facebook\video\skype\facebookvideocalling.exe" = protocol=17 | dir=in | app=c:\users\pandito\appdata\local\facebook\video\skype\facebookvideocalling.exe | "UDP Query User{36289CEA-EC6A-40A4-AD3E-9EE41FF1F732}D:\kaspersky\setup.exe" = protocol=17 | dir=in | app=d:\kaspersky\setup.exe | "UDP Query User{4A82354E-6A76-47F9-8667-D4F28EC526E3}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "UDP Query User{85ED5F89-6AA8-4E75-B3F6-140B4E63295D}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | "UDP Query User{C407AE54-695B-487E-A544-9413BB44E554}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86 "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86 "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime "{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86 "{0F6F6876-6334-4977-B5DD-CFC12E193420}" = iTunes "{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate "{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger "{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{228F6876-A313-40A3-91C0-C3CBE6997D09}" = Symantec "{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 35 "{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9 "{278ED6CF-BDD7-4EFC-B66E-1FDE53A88512}" = SymNet "{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Driver Installation Program "{2D6E3D97-1FDF-4993-AC75-72F59EC445C5}" = Windows Live Family Safety "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help "{35725FBC-A136-4A46-9F29-091759D9BB93}" = MVision "{364EC092-93CF-4DDC-9D7A-7278452028E0}" = Logitech QuickCam "{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}" = ccCommon "{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting "{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4BF4BFFC-FE9B-A2D2-0AFE-BB91361DE7B6}" = SocialBro "{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync "{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86 "{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies "{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762 "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec "{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159 "{81717D01-32F6-449C-85E1-41AFD678E545}" = LG Intelligent Update "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player "{8CC68433-5837-4075-B81F-EA7E4F14CE60}" = iCloud "{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2 "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager "{90850407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003 "{9158FF30-78D7-40EF-B83E-451AC5334640}" = Adobe Photoshop CS5.1 "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86 "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{9455E8B0-4D73-4A9D-BFA3-D2C213BFD28F}" = LG Smart Cam "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{9A129ABC-A53A-4209-A21E-D5DEDFB7CCA8}" = Norton Protection Center "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5 "{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter "{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.2 - Deutsch "{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9 "{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder "{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter "{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie "{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call "{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86 "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player "{BA9A297F-0198-4EE8-90CB-F5036C180E1D}" = Novacomd "{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common "{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant "{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update "{C950420B-4182-49EA-850A-A6A2ABF06C6B}" = Marvell Miniport Driver "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CE67883D-6A00-4E71-9139-3310EE07C521}" = Facebook Messenger 2.1.4623.0 "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86 "{D1FF75E7-DD42-4CFD-B052-20B3FFF4EDB8}" = Norton AntiVirus SYMLT MSI "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D4DDFAA1-EC37-4529-AD5B-A433ADE68662}" = Apple Mobile Device Support "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86 "{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation) "{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E1845F1C-068C-F8F4-D31D-D3540D47C453}" = Adobe Download Assistant "{E2A36CC2-531D-4BD7-BB75-69F51CB31305}" = PC VGA Camera "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime "{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker "{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger "{E5EE9939-259F-4DE2-8023-5C49E16A4F43}" = Norton AntiVirus Parent MSI "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10 "{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}" = AppCore "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F4C6DD02-8ACA-4354-BA36-9FFC3B767E73}" = Cisco AnyConnect VPN Client "{F4DB525F-A986-4249-B98B-42A8066251CA}" = AV "{F5A4F780-DF0C-444F-BA82-637CCF5C8052}" = Windows Live Family Safety "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials "{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR "84713BEB4A2EB4B0E2F1346FDEBFFE94DAB5225D" = Windows Driver Package - Palm (WinUSB) Palm Devices (11/30/2008 1.0.0) "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9 "Avira AntiVir Desktop" = Avira Free Antivirus "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help "CNXT_AUDIO_HDA" = Conexant HD Audio "CNXT_MODEM_HDAUDIO_QPBVENZM" = HDAUDIO Soft Data Fax Modem with SmartCP "com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant "com.socialbro.air" = SocialBro "Digital Image Recovery_is1" = Digital Image Recovery 1.47 "DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters "doubleTwist" = doubleTwist "Easy GIF Animator_is1" = Easy GIF Animator 5.21 "Emicsoft DVD Ripper_is1" = Emicsoft DVD Ripper "Emsisoft Anti-Malware_is1" = Emsisoft Anti-Malware 5.0 "EzManual" = EzManual "ffdshow_is1" = ffdshow [rev 2527] [2008-12-19] "foobar2000" = foobar2000 v1.1.8 "Free Video Flip and Rotate_is1" = Free Video Flip and Rotate version 1.8.13.908 "HDMI" = Intel(R) Graphics Media Accelerator Driver "InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies "InstallShield_{E2A36CC2-531D-4BD7-BB75-69F51CB31305}" = PC VGA Camera "LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation) "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000 "Messenger Plus!" = Messenger Plus! 5 "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Mozilla Firefox 15.0.1 (x86 de)" = Mozilla Firefox 15.0.1 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "Mp3tag" = Mp3tag v2.49 "QcDrv" = Logitech® Camera-Treiber "SymSetup.{830D8CBD-C668-49e2-A969-C2C2106332E0}" = Norton AntiVirus (Symantec Corporation) "SynTPDeinstKey" = Synaptics Pointing Device Driver "Uninstall_is1" = Uninstall 1.0.0.1 "VLC media player" = VLC media player 0.9.8a "WinGimp-2.0_is1" = GIMP 2.6.12 "WinLiveSuite" = Windows Live Essentials "WinRAR archiver" = WinRAR ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Mozilla Firefox 16.0.1 (x86 de)" = Mozilla Firefox 16.0.1 (x86 de) ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 14.10.2012 04:43:45 | Computer Name = Sherly-Notebook | Source = Windows Search Service | ID = 3013 Description = Error - 14.10.2012 04:43:45 | Computer Name = Sherly-Notebook | Source = Windows Search Service | ID = 3013 Description = Error - 14.10.2012 04:44:12 | Computer Name = Sherly-Notebook | Source = Windows Search Service | ID = 3013 Description = Error - 14.10.2012 04:44:12 | Computer Name = Sherly-Notebook | Source = Windows Search Service | ID = 3013 Description = Error - 14.10.2012 04:44:13 | Computer Name = Sherly-Notebook | Source = Windows Search Service | ID = 3013 Description = Error - 14.10.2012 04:44:13 | Computer Name = Sherly-Notebook | Source = Windows Search Service | ID = 3013 Description = Error - 14.10.2012 04:44:13 | Computer Name = Sherly-Notebook | Source = Windows Search Service | ID = 3013 Description = Error - 24.10.2012 09:15:45 | Computer Name = Sherly-Notebook | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung firefox.exe, Version 16.0.1.4666, Zeitstempel 0x5076192e, fehlerhaftes Modul xul.dll, Version 16.0.1.4666, Zeitstempel 0x50761893, Ausnahmecode 0xc0000005, Fehleroffset 0x000be717, Prozess-ID 0x9d8, Anwendungsstartzeit 01cdb1d923ebb679. Error - 26.10.2012 08:40:06 | Computer Name = Sherly-Notebook | Source = Windows Search Service | ID = 3013 Description = Error - 26.10.2012 08:40:06 | Computer Name = Sherly-Notebook | Source = Windows Search Service | ID = 3013 Description = [ Cisco AnyConnect VPN Client Events ] Error - 27.10.2012 12:24:10 | Computer Name = Sherly-Notebook | Source = vpnagent | ID = 67108866 Description = Function: CTlsTransport::OnTransportInitiateComplete File: .\IP\TlsTransport.cpp Line: 344 Invoked Function: ISocketTransportCB::OnTransportInitiateComplete Return Code: -31522780 (0xFE1F0024) Description: SOCKETTRANSPORT_ERROR_CONNECT_TIMEOUT Error - 27.10.2012 12:24:10 | Computer Name = Sherly-Notebook | Source = vpnagent | ID = 67108866 Description = Function: CHttpSessionAsync::OnTransportInitiateComplete File: .\IP\HttpSessionAsync.cpp Line: 1002 Invoked Function: ISocketTransportCB::OnTransportInitiateComplete Return Code: -31522780 (0xFE1F0024) Description: SOCKETTRANSPORT_ERROR_CONNECT_TIMEOUT Error - 27.10.2012 12:24:10 | Computer Name = Sherly-Notebook | Source = vpnagent | ID = 67108866 Description = Function: CHttpProbeAsync::OnOpenRequestComplete File: .\IP\HttpProbeAsync.cpp Line: 254 Invoked Function: CHttpSessionAsync::OnOpenRequestComplete Return Code: -31522780 (0xFE1F0024) Description: SOCKETTRANSPORT_ERROR_CONNECT_TIMEOUT Error - 27.10.2012 12:24:10 | Computer Name = Sherly-Notebook | Source = vpnagent | ID = 67108866 Description = Function: CSocketTransport::OnTimerExpired File: .\IPC\SocketTransport.cpp Line: 1175 Invoked Function: CSocketTransport::postConnectProcessing Return Code: -31522780 (0xFE1F0024) Description: SOCKETTRANSPORT_ERROR_CONNECT_TIMEOUT Error - 27.10.2012 12:24:18 | Computer Name = Sherly-Notebook | Source = vpnagent | ID = 67108866 Description = Function: CHttpSessionAsync::OnTransportInitiateComplete File: .\IP\HttpSessionAsync.cpp Line: 1002 Invoked Function: ISocketTransportCB::OnTransportInitiateComplete Return Code: -31522780 (0xFE1F0024) Description: SOCKETTRANSPORT_ERROR_CONNECT_TIMEOUT Error - 27.10.2012 12:24:18 | Computer Name = Sherly-Notebook | Source = vpnagent | ID = 67108866 Description = Function: CHttpProbeAsync::OnOpenRequestComplete File: .\IP\HttpProbeAsync.cpp Line: 254 Invoked Function: CHttpSessionAsync::OnOpenRequestComplete Return Code: -31522780 (0xFE1F0024) Description: SOCKETTRANSPORT_ERROR_CONNECT_TIMEOUT Error - 27.10.2012 12:24:18 | Computer Name = Sherly-Notebook | Source = vpnagent | ID = 67108866 Description = Function: CSocketTransport::OnTimerExpired File: .\IPC\SocketTransport.cpp Line: 1175 Invoked Function: CSocketTransport::postConnectProcessing Return Code: -31522780 (0xFE1F0024) Description: SOCKETTRANSPORT_ERROR_CONNECT_TIMEOUT Error - 27.10.2012 12:24:18 | Computer Name = Sherly-Notebook | Source = vpnagent | ID = 67108866 Description = Function: CNetEnvironment::TestAccessToSG File: .\NetEnvironment.cpp Line: 1020 Invoked Function: CNetEnvironment::analyzeHttpResponse Return Code: -28901363 (0xFE47000D) Description: NETENVIRONMENT_ERROR_PROBE_INCOMPLETE:Network Probe could not contact target Error - 27.10.2012 12:24:18 | Computer Name = Sherly-Notebook | Source = vpnagent | ID = 67108866 Description = Function: CNetEnvironment::testNetwork File: .\NetEnvironment.cpp Line: 856 Invoked Function: CNetEnvironment::IsSGAccessible Return Code: -28901363 (0xFE47000D) Description: NETENVIRONMENT_ERROR_PROBE_INCOMPLETE:Network Probe could not contact target Error - 27.10.2012 12:24:18 | Computer Name = Sherly-Notebook | Source = vpnagent | ID = 67108866 Description = Function: CNetEnvironment::TestNetEnv File: .\NetEnvironment.cpp Line: 190 Invoked Function: CNetEnvironment::testNetwork Return Code: -28901363 (0xFE47000D) Description: NETENVIRONMENT_ERROR_PROBE_INCOMPLETE:Network Probe could not contact target [ System Events ] Error - 27.10.2012 12:14:17 | Computer Name = Sherly-Notebook | Source = Ntfs | ID = 262199 Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar. Führen Sie chkdsk auf Volume "\Device\HarddiskVolume2" aus. Error - 27.10.2012 12:19:42 | Computer Name = Sherly-Notebook | Source = DCOM | ID = 10010 Description = Error - 27.10.2012 12:22:16 | Computer Name = Sherly-Notebook | Source = Ntfs | ID = 262199 Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar. Führen Sie chkdsk auf Volume "C:" aus. Error - 27.10.2012 12:22:16 | Computer Name = Sherly-Notebook | Source = Ntfs | ID = 262199 Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar. Führen Sie chkdsk auf Volume "C:" aus. Error - 27.10.2012 12:23:04 | Computer Name = Sherly-Notebook | Source = Service Control Manager | ID = 7011 Description = Error - 27.10.2012 12:23:04 | Computer Name = Sherly-Notebook | Source = Service Control Manager | ID = 7000 Description = Error - 27.10.2012 12:24:56 | Computer Name = Sherly-Notebook | Source = Service Control Manager | ID = 7009 Description = Error - 27.10.2012 12:29:04 | Computer Name = Sherly-Notebook | Source = DCOM | ID = 10005 Description = Error - 27.10.2012 12:29:04 | Computer Name = Sherly-Notebook | Source = Service Control Manager | ID = 7009 Description = Error - 27.10.2012 12:29:04 | Computer Name = Sherly-Notebook | Source = Service Control Manager | ID = 7000 Description = < End of report > |
27.10.2012, 22:31 | #2 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner Ukash Bundespolizei 1. aswMBR
__________________Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop. Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehlalarm!
Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button. 2. TDSS-Killer Download TDSS-Killer auf Desktop siehe => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!
__________________ |
28.10.2012, 14:59 | #3 |
| Trojaner Ukash Bundespolizei x86 basierter- PC = 32bit System = Gmer anwenden ---> da stürzt mein pc immer ab
__________________aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software Run date: 2012-10-28 15:10:31 ----------------------------- 15:10:31.458 OS Version: Windows 6.0.6002 Service Pack 2 15:10:31.458 Number of processors: 2 586 0xF0D 15:10:31.458 ComputerName: SHERLY-NOTEBOOK UserName: Pandito 15:10:32.722 Initialize success 15:10:42.125 AVAST engine defs: 12102800 15:10:45.650 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 15:10:45.650 Disk 0 Vendor: Hitachi_ BBFO Size: 238475MB BusType: 3 15:10:45.681 Disk 0 MBR read successfully 15:10:45.681 Disk 0 MBR scan 15:10:45.697 Disk 0 Windows VISTA default MBR code 15:10:45.697 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 1536 MB offset 2048 15:10:45.728 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 236938 MB offset 3147776 15:10:45.728 Disk 0 scanning sectors +488396800 15:10:45.853 Disk 0 scanning C:\Windows\system32\drivers 15:11:09.208 Service scanning 15:11:55.014 Modules scanning 15:12:04.140 Disk 0 trace - called modules: 15:12:04.171 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll 15:12:04.171 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8677aac8] 15:12:04.187 3 CLASSPNP.SYS[8879f8b3] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x85616028] 15:12:05.513 AVAST engine scan C:\Windows 15:12:09.070 AVAST engine scan C:\Windows\system32 15:16:20.133 AVAST engine scan C:\Windows\system32\drivers 15:16:38.091 AVAST engine scan C:\Users\Pandito.Sherly-Notebook 15:19:20.822 Disk 0 MBR has been saved successfully to "C:\Users\Pandito.Sherly-Notebook\Desktop\MBR.dat" 15:19:20.838 The log file has been saved successfully to "C:\Users\Pandito.Sherly-Notebook\Desktop\aswMBR.txt" |
28.10.2012, 15:26 | #4 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner Ukash Bundespolizei Was ist mit dem Log vom tdsskiller?
__________________ Logfiles bitte immer in CODE-Tags posten |
28.10.2012, 15:34 | #5 |
| Trojaner Ukash Bundespolizei ja bin dabei |
28.10.2012, 16:02 | #6 |
| Trojaner Ukash Bundespolizei winzp/rar wollte nicht so wie ich wollte! soo jetzt aber |
28.10.2012, 16:15 | #7 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner Ukash Bundespolizei Die Logs sind ok Systemscan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.
Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
__________________ Logfiles bitte immer in CODE-Tags posten |
28.10.2012, 19:46 | #8 |
| Trojaner Ukash Bundespolizei OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 28.10.2012 18:24:35 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Pandito.Sherly-Notebook\Desktop\trojaner board Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,99 Gb Total Physical Memory | 0,92 Gb Available Physical Memory | 45,98% Memory free 4,22 Gb Paging File | 2,89 Gb Available in Paging File | 68,42% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 231,38 Gb Total Space | 97,11 Gb Free Space | 41,97% Space Free | Partition Type: NTFS Computer Name: SHERLY-NOTEBOOK | User Name: Pandito | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-2840146642-603267185-3502564834-1002\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" () Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "UacDisableNotify" = 1 "InternetSettingsDisableNotify" = 1 "AutoUpdateDisableNotify" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{741DEC80-24A1-40D6-B9CB-CA1A353409C3}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{D8C8D6C3-DA89-4793-9EB1-04241E514C1B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{ED35DEC4-6A1F-4702-8DFA-7B3042371D46}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{FBBF46BE-2B76-475B-B28F-0554ED425A6E}" = lport=2869 | protocol=6 | dir=in | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0FDA2838-76B6-42D1-B466-66B83A8BCEA2}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe | "{1ABC6F61-C3E3-4653-B5E5-CC8DFF40EF23}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | "{28865C62-9E26-4064-9942-1ADD717B6BEC}" = dir=in | app=c:\program files\itunes\itunes.exe | "{3DDBE938-02EF-48F9-A84B-BF5FF1CBE401}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | "{67E4C212-5C5B-4EC8-B936-D41C08536D24}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | "{68846423-F94E-44EF-B445-CD1AC1B87656}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{7BF0941A-4F6C-418F-838B-B2FF93961637}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{ACBBB2C5-61B2-4D08-B8EB-6B05F22D4D4D}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe | "{CD443F66-C283-4412-8976-5500C54C34CA}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{D5DE42CE-EB6E-4B26-ADB2-865428D222B7}" = dir=in | app=c:\users\schidil wisa män\appdata\local\facebook\video\skype\facebookvideocalling.exe | "{E18C96F1-367D-4BBD-B049-5BB20E329CC0}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "TCP Query User{0E73033C-C609-4DE1-8E41-63898A0F561E}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "TCP Query User{69180E2D-317F-48CF-93D4-B3664126E572}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe | "TCP Query User{87CB1787-BDB5-4C3C-B730-26E814804676}C:\users\pandito\appdata\local\facebook\video\skype\facebookvideocalling.exe" = protocol=6 | dir=in | app=c:\users\pandito\appdata\local\facebook\video\skype\facebookvideocalling.exe | "TCP Query User{B8B78552-829F-4C29-BE9C-0C82FE547D29}D:\kaspersky\setup.exe" = protocol=6 | dir=in | app=d:\kaspersky\setup.exe | "TCP Query User{BCB1174B-6E1F-490E-89FB-64318BD05732}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | "UDP Query User{332D9CF9-D16F-4C5D-9DF7-E4B7CDAA2677}C:\users\pandito\appdata\local\facebook\video\skype\facebookvideocalling.exe" = protocol=17 | dir=in | app=c:\users\pandito\appdata\local\facebook\video\skype\facebookvideocalling.exe | "UDP Query User{36289CEA-EC6A-40A4-AD3E-9EE41FF1F732}D:\kaspersky\setup.exe" = protocol=17 | dir=in | app=d:\kaspersky\setup.exe | "UDP Query User{4A82354E-6A76-47F9-8667-D4F28EC526E3}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "UDP Query User{85ED5F89-6AA8-4E75-B3F6-140B4E63295D}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | "UDP Query User{C407AE54-695B-487E-A544-9413BB44E554}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86 "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86 "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime "{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86 "{0F6F6876-6334-4977-B5DD-CFC12E193420}" = iTunes "{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate "{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger "{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{228F6876-A313-40A3-91C0-C3CBE6997D09}" = Symantec "{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 35 "{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9 "{278ED6CF-BDD7-4EFC-B66E-1FDE53A88512}" = SymNet "{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Driver Installation Program "{2D6E3D97-1FDF-4993-AC75-72F59EC445C5}" = Windows Live Family Safety "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help "{35725FBC-A136-4A46-9F29-091759D9BB93}" = MVision "{364EC092-93CF-4DDC-9D7A-7278452028E0}" = Logitech QuickCam "{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}" = ccCommon "{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting "{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4BF4BFFC-FE9B-A2D2-0AFE-BB91361DE7B6}" = SocialBro "{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync "{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86 "{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies "{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762 "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec "{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159 "{81717D01-32F6-449C-85E1-41AFD678E545}" = LG Intelligent Update "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player "{8CC68433-5837-4075-B81F-EA7E4F14CE60}" = iCloud "{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2 "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager "{90850407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003 "{9158FF30-78D7-40EF-B83E-451AC5334640}" = Adobe Photoshop CS5.1 "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86 "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{9455E8B0-4D73-4A9D-BFA3-D2C213BFD28F}" = LG Smart Cam "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{9A129ABC-A53A-4209-A21E-D5DEDFB7CCA8}" = Norton Protection Center "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5 "{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter "{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.2 - Deutsch "{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9 "{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder "{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter "{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie "{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call "{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86 "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player "{BA9A297F-0198-4EE8-90CB-F5036C180E1D}" = Novacomd "{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common "{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant "{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update "{C950420B-4182-49EA-850A-A6A2ABF06C6B}" = Marvell Miniport Driver "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CE67883D-6A00-4E71-9139-3310EE07C521}" = Facebook Messenger 2.1.4623.0 "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86 "{D1FF75E7-DD42-4CFD-B052-20B3FFF4EDB8}" = Norton AntiVirus SYMLT MSI "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D4DDFAA1-EC37-4529-AD5B-A433ADE68662}" = Apple Mobile Device Support "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86 "{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation) "{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E1845F1C-068C-F8F4-D31D-D3540D47C453}" = Adobe Download Assistant "{E2A36CC2-531D-4BD7-BB75-69F51CB31305}" = PC VGA Camera "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime "{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker "{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger "{E5EE9939-259F-4DE2-8023-5C49E16A4F43}" = Norton AntiVirus Parent MSI "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10 "{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}" = AppCore "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F4C6DD02-8ACA-4354-BA36-9FFC3B767E73}" = Cisco AnyConnect VPN Client "{F4DB525F-A986-4249-B98B-42A8066251CA}" = AV "{F5A4F780-DF0C-444F-BA82-637CCF5C8052}" = Windows Live Family Safety "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials "{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR "84713BEB4A2EB4B0E2F1346FDEBFFE94DAB5225D" = Windows Driver Package - Palm (WinUSB) Palm Devices (11/30/2008 1.0.0) "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9 "Avira AntiVir Desktop" = Avira Free Antivirus "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help "CNXT_AUDIO_HDA" = Conexant HD Audio "CNXT_MODEM_HDAUDIO_QPBVENZM" = HDAUDIO Soft Data Fax Modem with SmartCP "com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant "com.socialbro.air" = SocialBro "Digital Image Recovery_is1" = Digital Image Recovery 1.47 "DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters "doubleTwist" = doubleTwist "Easy GIF Animator_is1" = Easy GIF Animator 5.21 "Emicsoft DVD Ripper_is1" = Emicsoft DVD Ripper "Emsisoft Anti-Malware_is1" = Emsisoft Anti-Malware 5.0 "EzManual" = EzManual "ffdshow_is1" = ffdshow [rev 2527] [2008-12-19] "foobar2000" = foobar2000 v1.1.8 "Free Video Flip and Rotate_is1" = Free Video Flip and Rotate version 1.8.13.908 "HDMI" = Intel(R) Graphics Media Accelerator Driver "InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies "InstallShield_{E2A36CC2-531D-4BD7-BB75-69F51CB31305}" = PC VGA Camera "LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation) "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000 "Messenger Plus!" = Messenger Plus! 5 "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "Mp3tag" = Mp3tag v2.49 "QcDrv" = Logitech® Camera-Treiber "SymSetup.{830D8CBD-C668-49e2-A969-C2C2106332E0}" = Norton AntiVirus (Symantec Corporation) "SynTPDeinstKey" = Synaptics Pointing Device Driver "Uninstall_is1" = Uninstall 1.0.0.1 "VLC media player" = VLC media player 0.9.8a "WinGimp-2.0_is1" = GIMP 2.6.12 "WinLiveSuite" = Windows Live Essentials "WinRAR archiver" = WinRAR ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 27.10.2012 16:23:06 | Computer Name = Sherly-Notebook | Source = Windows Search Service | ID = 3013 Description = Error - 28.10.2012 13:18:36 | Computer Name = Sherly-Notebook | Source = Automatic LiveUpdate Scheduler | ID = 101 Description = Informationsebene: error Initialisierung des COM-Subsystems fehlgeschlagen. Fehlercode: 0x80080005 Error - 28.10.2012 13:21:55 | Computer Name = Sherly-Notebook | Source = Windows Search Service | ID = 3013 Description = Error - 28.10.2012 13:21:56 | Computer Name = Sherly-Notebook | Source = Windows Search Service | ID = 3013 Description = Error - 28.10.2012 13:21:56 | Computer Name = Sherly-Notebook | Source = Windows Search Service | ID = 3013 Description = Error - 28.10.2012 13:21:56 | Computer Name = Sherly-Notebook | Source = Windows Search Service | ID = 3013 Description = Error - 28.10.2012 13:21:56 | Computer Name = Sherly-Notebook | Source = Windows Search Service | ID = 3013 Description = Error - 28.10.2012 13:21:57 | Computer Name = Sherly-Notebook | Source = Windows Search Service | ID = 3013 Description = Error - 28.10.2012 13:21:57 | Computer Name = Sherly-Notebook | Source = Windows Search Service | ID = 3013 Description = Error - 28.10.2012 13:24:07 | Computer Name = Sherly-Notebook | Source = Windows Search Service | ID = 3013 Description = [ Cisco AnyConnect VPN Client Events ] Error - 28.10.2012 13:15:41 | Computer Name = Sherly-Notebook | Source = vpnagent | ID = 67108866 Description = Function: CTlsTransport::OnTransportInitiateComplete File: .\IP\TlsTransport.cpp Line: 344 Invoked Function: ISocketTransportCB::OnTransportInitiateComplete Return Code: -31522780 (0xFE1F0024) Description: SOCKETTRANSPORT_ERROR_CONNECT_TIMEOUT Error - 28.10.2012 13:15:41 | Computer Name = Sherly-Notebook | Source = vpnagent | ID = 67108866 Description = Function: CHttpSessionAsync::OnTransportInitiateComplete File: .\IP\HttpSessionAsync.cpp Line: 1002 Invoked Function: ISocketTransportCB::OnTransportInitiateComplete Return Code: -31522780 (0xFE1F0024) Description: SOCKETTRANSPORT_ERROR_CONNECT_TIMEOUT Error - 28.10.2012 13:15:41 | Computer Name = Sherly-Notebook | Source = vpnagent | ID = 67108866 Description = Function: CHttpProbeAsync::OnOpenRequestComplete File: .\IP\HttpProbeAsync.cpp Line: 254 Invoked Function: CHttpSessionAsync::OnOpenRequestComplete Return Code: -31522780 (0xFE1F0024) Description: SOCKETTRANSPORT_ERROR_CONNECT_TIMEOUT Error - 28.10.2012 13:15:41 | Computer Name = Sherly-Notebook | Source = vpnagent | ID = 67108866 Description = Function: CSocketTransport::OnTimerExpired File: .\IPC\SocketTransport.cpp Line: 1175 Invoked Function: CSocketTransport::postConnectProcessing Return Code: -31522780 (0xFE1F0024) Description: SOCKETTRANSPORT_ERROR_CONNECT_TIMEOUT Error - 28.10.2012 13:15:49 | Computer Name = Sherly-Notebook | Source = vpnagent | ID = 67108866 Description = Function: CHttpSessionAsync::OnTransportInitiateComplete File: .\IP\HttpSessionAsync.cpp Line: 1002 Invoked Function: ISocketTransportCB::OnTransportInitiateComplete Return Code: -31522780 (0xFE1F0024) Description: SOCKETTRANSPORT_ERROR_CONNECT_TIMEOUT Error - 28.10.2012 13:15:49 | Computer Name = Sherly-Notebook | Source = vpnagent | ID = 67108866 Description = Function: CHttpProbeAsync::OnOpenRequestComplete File: .\IP\HttpProbeAsync.cpp Line: 254 Invoked Function: CHttpSessionAsync::OnOpenRequestComplete Return Code: -31522780 (0xFE1F0024) Description: SOCKETTRANSPORT_ERROR_CONNECT_TIMEOUT Error - 28.10.2012 13:15:49 | Computer Name = Sherly-Notebook | Source = vpnagent | ID = 67108866 Description = Function: CSocketTransport::OnTimerExpired File: .\IPC\SocketTransport.cpp Line: 1175 Invoked Function: CSocketTransport::postConnectProcessing Return Code: -31522780 (0xFE1F0024) Description: SOCKETTRANSPORT_ERROR_CONNECT_TIMEOUT Error - 28.10.2012 13:15:49 | Computer Name = Sherly-Notebook | Source = vpnagent | ID = 67108866 Description = Function: CNetEnvironment::TestAccessToSG File: .\NetEnvironment.cpp Line: 1020 Invoked Function: CNetEnvironment::analyzeHttpResponse Return Code: -28901363 (0xFE47000D) Description: NETENVIRONMENT_ERROR_PROBE_INCOMPLETE:Network Probe could not contact target Error - 28.10.2012 13:15:49 | Computer Name = Sherly-Notebook | Source = vpnagent | ID = 67108866 Description = Function: CNetEnvironment::testNetwork File: .\NetEnvironment.cpp Line: 856 Invoked Function: CNetEnvironment::IsSGAccessible Return Code: -28901363 (0xFE47000D) Description: NETENVIRONMENT_ERROR_PROBE_INCOMPLETE:Network Probe could not contact target Error - 28.10.2012 13:15:49 | Computer Name = Sherly-Notebook | Source = vpnagent | ID = 67108866 Description = Function: CNetEnvironment::TestNetEnv File: .\NetEnvironment.cpp Line: 190 Invoked Function: CNetEnvironment::testNetwork Return Code: -28901363 (0xFE47000D) Description: NETENVIRONMENT_ERROR_PROBE_INCOMPLETE:Network Probe could not contact target [ System Events ] Error - 27.10.2012 15:25:03 | Computer Name = Sherly-Notebook | Source = Service Control Manager | ID = 7011 Description = Error - 27.10.2012 19:39:51 | Computer Name = Sherly-Notebook | Source = DCOM | ID = 10010 Description = Error - 28.10.2012 03:17:20 | Computer Name = Sherly-Notebook | Source = Service Control Manager | ID = 7000 Description = Error - 28.10.2012 03:17:20 | Computer Name = Sherly-Notebook | Source = Service Control Manager | ID = 7011 Description = Error - 28.10.2012 03:22:01 | Computer Name = Sherly-Notebook | Source = Service Control Manager | ID = 7022 Description = Error - 28.10.2012 13:12:41 | Computer Name = Sherly-Notebook | Source = EventLog | ID = 6008 Description = Das System wurde zuvor am 28.10.2012 um 16:19:41 unerwartet heruntergefahren. Error - 28.10.2012 13:13:51 | Computer Name = Sherly-Notebook | Source = Service Control Manager | ID = 7000 Description = Error - 28.10.2012 13:13:51 | Computer Name = Sherly-Notebook | Source = Service Control Manager | ID = 7011 Description = Error - 28.10.2012 13:18:36 | Computer Name = Sherly-Notebook | Source = DCOM | ID = 10010 Description = Error - 28.10.2012 13:19:33 | Computer Name = Sherly-Notebook | Source = Service Control Manager | ID = 7022 Description = < End of report > OTL Logfile: Code:
ATTFilter OTL logfile created on: 28.10.2012 18:24:35 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Pandito.Sherly-Notebook\Desktop\trojaner board Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,99 Gb Total Physical Memory | 0,92 Gb Available Physical Memory | 45,98% Memory free 4,22 Gb Paging File | 2,89 Gb Available in Paging File | 68,42% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 231,38 Gb Total Space | 97,11 Gb Free Space | 41,97% Space Free | Partition Type: NTFS Computer Name: SHERLY-NOTEBOOK | User Name: Pandito | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Pandito.Sherly-Notebook\Desktop\trojaner board\OTL.exe (OldTimer Tools) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Yuna Software\Messenger Plus!\PlusService.exe (Yuna Software) PRC - C:\Programme\Emsisoft Anti-Malware\a2service.exe (Emsi Software GmbH) PRC - C:\Programme\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) PRC - C:\Programme\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe (Cisco Systems, Inc.) PRC - C:\Programme\OpenOffice.org 3\program\soffice.bin (OpenOffice.org) PRC - C:\Programme\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) PRC - C:\Programme\Palm, Inc\novacom\x86\novacomd.exe (Palm) PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\lg_swupdate\GiljabiStart.exe (BIT LEADER) PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation) PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) PRC - C:\Programme\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation) PRC - C:\Programme\Logitech\QuickCam\Quickcam.exe () PRC - C:\Programme\Common Files\logishrd\LComMgr\Communications_Helper.exe () PRC - C:\Programme\Common Files\logishrd\LQCVFX\COCIManager.exe (Logitech Inc.) PRC - C:\Programme\Common Files\logishrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.) PRC - C:\Programme\Common Files\logishrd\LVCOMSER\LVComSer.exe (Logitech Inc.) PRC - C:\Programme\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation) PRC - C:\Programme\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation) PRC - C:\Programme\Common Files\Symantec Shared\AppCore\AppSvc32.exe (Symantec Corporation) PRC - C:\Windows\System32\PAStiSvc.exe () ========== Modules (No Company Name) ========== MOD - C:\Programme\Mozilla Firefox\mozjs.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\2467a133aee73396c830b9b0a9c7ec0d\Microsoft.VisualBasic.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\f3d4d5fe5ab848fbfcf91a49960dc8ae\System.Management.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\846b9cf2756fdd15f704c9bab9c70b6f\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bd76aaaa03ddc15d1840207b5a480644\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\1b337cf9a031145849bc48c11b2cfe58\Accessibility.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll () MOD - C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll () MOD - C:\Programme\OpenOffice.org 3\program\libxml2.dll () MOD - C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.Xml.resources\2.0.0.0_de_b77a5c561934e089\System.Xml.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_de_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dll () MOD - C:\Programme\WinRAR\RarExt.dll () MOD - C:\Programme\Logitech\QuickCam\LAppRes.DLL () MOD - C:\Programme\Logitech\QuickCam\Quickcam.exe () MOD - C:\Programme\Common Files\logishrd\LComMgr\LogiVOIPDevicePlugin.dll () MOD - C:\Programme\Common Files\logishrd\LComMgr\LogiCordless4001.dll () MOD - C:\Programme\Common Files\logishrd\LComMgr\LogiCordless.dll () MOD - C:\Programme\Logitech\QuickCam\EFVal.dll () MOD - C:\Programme\Common Files\logishrd\LComMgr\Communications_Helper.exe () MOD - C:\Programme\Common Files\logishrd\LComMgr\DevMngr.dll () MOD - C:\Programme\Common Files\logishrd\LVCOMSER\LVCSPS.dll () MOD - C:\Programme\lg_swupdate\AxInterop.InetCtlsObjects.dll () ========== Services (SafeList) ========== SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies) SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (fsssvc) -- C:\Programme\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation) SRV - (a2AntiMalware) -- C:\Programme\Emsisoft Anti-Malware\a2service.exe (Emsi Software GmbH) SRV - (wlidsvc) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (vpnagent) -- C:\Programme\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe (Cisco Systems, Inc.) SRV - (SwitchBoard) -- C:\Programme\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) SRV - (NovacomD) -- C:\Programme\Palm, Inc\novacom\x86\novacomd.exe (Palm) SRV - (Symantec Core LC) -- C:\Programme\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe () SRV - (LiveUpdate Notice Service) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) SRV - (IAANTMON) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) SRV - (LiveUpdate) -- C:\Programme\Symantec\LiveUpdate\LuComServer_3_2.EXE (Symantec Corporation) SRV - (Automatisches LiveUpdate - Scheduler) -- C:\Programme\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation) SRV - (LVSrvLauncher) -- C:\Programme\Common Files\logishrd\SrvLnch\SrvLnch.exe (Logitech Inc.) SRV - (LVPrcSrv) -- C:\Programme\Common Files\logishrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.) SRV - (LVCOMSer) -- C:\Programme\Common Files\logishrd\LVCOMSER\LVComSer.exe (Logitech Inc.) SRV - (ISPwdSvc) -- C:\Programme\Norton AntiVirus\isPwdSvc.exe (Symantec Corporation) SRV - (LiveUpdate Notice Ex) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation) SRV - (CLTNetCnService) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation) SRV - (ccSetMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation) SRV - (ccEvtMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation) SRV - (SymAppCore) -- C:\Programme\Common Files\Symantec Shared\AppCore\AppSvc32.exe (Symantec Corporation) SRV - (STI Simulator) -- C:\Windows\System32\PAStiSvc.exe () SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (a2acc) -- C:\Programme\Emsisoft Anti-Malware\a2accx86.sys (Emsi Software GmbH) DRV - (taphss) -- C:\Windows\System32\drivers\taphss.sys (AnchorFree Inc) DRV - (ssudobex) -- C:\Windows\System32\drivers\ssudobex.sys (DEVGURU Co., LTD.(www.devguru.co.kr)) DRV - (ssudmdm) -- C:\Windows\System32\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr)) DRV - (dg_ssudbus) -- C:\Windows\System32\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr)) DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH) DRV - (vpnva) -- C:\Windows\System32\drivers\vpnva.sys (Cisco Systems, Inc.) DRV - (iPodDrv) -- C:\Windows\System32\drivers\iPodDrv.sys (Windows (R) Codename Longhorn DDK provider) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.) DRV - (tap0901) -- C:\Windows\System32\drivers\tap0901.sys (The OpenVPN Project) DRV - (SYMNDISV) -- C:\Windows\System32\drivers\symndisv.sys (Symantec Corporation) DRV - (SYMTDI) -- C:\Windows\System32\drivers\symtdi.sys (Symantec Corporation) DRV - (SYMFW) -- C:\Windows\System32\drivers\symfw.sys (Symantec Corporation) DRV - (SYMIDS) -- C:\Windows\System32\drivers\symids.sys (Symantec Corporation) DRV - (SYMREDRV) -- C:\Windows\System32\drivers\symredrv.sys (Symantec Corporation) DRV - (SYMDNS) -- C:\Windows\System32\drivers\symdns.sys (Symantec Corporation) DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation) DRV - (WinUSB) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (eeCtrl) -- C:\Programme\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation) DRV - (EraserUtilRebootDrv) -- C:\Programme\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation) DRV - (CnxtHdAudAddService) -- C:\Windows\System32\drivers\CHDART.sys (Conexant Systems Inc.) DRV - (LVMVDrv) -- C:\Windows\System32\drivers\LVMVdrv.sys (Logitech Inc.) DRV - (LVcKap) -- C:\Windows\System32\drivers\Lvckap.sys (Logitech Inc.) DRV - (LVUVC) -- C:\Windows\System32\drivers\lvuvc.sys (Logitech Inc.) DRV - (LVUSBSta) -- C:\Windows\System32\drivers\LVUSBSta.sys (Logitech Inc.) DRV - (lvpopflt) -- C:\Windows\System32\drivers\lvpopflt.sys (Logitech Inc.) DRV - (LVPr2Mon) -- C:\Windows\System32\drivers\LVPr2Mon.sys () DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.) DRV - (NETw3v32) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel® Corporation) DRV - (PAC7311) -- C:\Windows\System32\drivers\PA707UCM.SYS (PixArt Imaging Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.lge.com IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2840146642-603267185-3502564834-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.lge.com IE - HKU\S-1-5-21-2840146642-603267185-3502564834-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.lge.com IE - HKU\S-1-5-21-2840146642-603267185-3502564834-1002\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-2840146642-603267185-3502564834-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: {b749fc7c-e949-447f-926c-3f4eed6accfe}:0.7.1.1 FF - prefs.js..network.proxy.type: 0 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.10.27 22:12:42 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.10.27 22:12:29 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.10.27 22:12:42 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.10.27 22:12:29 | 000,000,000 | ---D | M] [2012.09.03 18:39:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Pandito.Sherly-Notebook\AppData\Roaming\mozilla\Extensions [2012.10.23 16:18:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Pandito.Sherly-Notebook\AppData\Roaming\mozilla\Firefox\Profiles\xlkuak1l.default\extensions [2012.09.03 20:21:39 | 000,061,705 | ---- | M] () (No name found) -- C:\Users\Pandito.Sherly-Notebook\AppData\Roaming\mozilla\firefox\profiles\xlkuak1l.default\extensions\{b749fc7c-e949-447f-926c-3f4eed6accfe}.xpi [2012.10.27 22:12:23 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.10.27 22:12:21 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012.10.27 22:12:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012.10.27 22:12:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012.10.27 22:12:42 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.06.14 23:46:57 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.09.13 09:35:04 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.06.14 23:46:57 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.06.14 23:46:57 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.14 23:46:57 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.14 23:46:56 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.09.17 07:46:10 | 000,331,192 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 11345 more lines... O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation) O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation) O4 - HKLM..\Run: [KiesTrayAgent] C:\Programme\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKLM..\Run: [LG Intelligent Update] C:\Program Files\lg_swupdate\giljabistart.exe (BIT LEADER) O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe () O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\QuickCam\Quickcam.exe () O4 - HKLM..\Run: [osCheck] C:\Program Files\Norton AntiVirus\osCheck.exe (Symantec Corporation) O4 - HKLM..\Run: [PlusService] C:\Programme\Yuna Software\Messenger Plus!\PlusService.exe (Yuna Software) O4 - HKLM..\Run: [SwitchBoard] C:\Programme\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-2840146642-603267185-3502564834-1002..\Run: [uxyto.exe] C:\Users\Pandito.Sherly-Notebook\AppData\Roaming\Taecp\uxyto.exe File not found O4 - HKU\S-1-5-21-2840146642-603267185-3502564834-1002..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - Startup: C:\Users\Pandito.Sherly-Notebook\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe () O4 - Startup: C:\Users\schidil wisa män\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = File not found O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} hxxp://gfx2.hotmail.com/mail/w3/pr01/resources/VistaMSNPUpldde-de.cab (MSN Photo Upload Tool) O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab (Solitaire Showdown Class) O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} hxxp://static.pe.studivz.net/photouploader/ImageUploader5.cab?nocache=1224341952 (Image Uploader Control) O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/DE-DE/a-UNO1/GAME_UNO1.cab (UnoCtrl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 10.9.2) O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class) O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 10.9.2) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab (Minesweeper Flags Class) O16 - DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 vpnweb.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{20B93560-8496-437E-B70F-F6360DFDCC79}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk /r \??\C:) O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.10.28 18:20:11 | 000,000,000 | ---D | C] -- C:\Users\Pandito.Sherly-Notebook\Desktop\trojaner board [2012.10.27 22:12:20 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2012.10.27 12:42:52 | 000,000,000 | ---D | C] -- C:\Users\Pandito.Sherly-Notebook\AppData\Roaming\Malwarebytes [2012.10.27 12:42:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.10.27 12:42:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.10.27 12:42:39 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.10.27 12:42:39 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.10.18 09:49:37 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe [2012.10.18 09:49:37 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe [2012.10.18 09:49:37 | 000,093,672 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll [2012.10.17 23:52:54 | 000,000,000 | ---D | C] -- C:\Users\Pandito.Sherly-Notebook\Desktop\Kendrick Lamar - good kid maad city (deluxe) [2012.10.15 16:25:29 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2012.10.10 21:09:10 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll [2012.10.10 21:08:26 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2012.10.10 21:08:26 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2012.09.30 15:14:53 | 000,000,000 | ---D | C] -- C:\Users\Pandito.Sherly-Notebook\AppData\Roaming\Taecp [2012.09.30 15:14:53 | 000,000,000 | ---D | C] -- C:\Users\Pandito.Sherly-Notebook\AppData\Roaming\Mariac [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.10.28 18:21:18 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.10.28 18:21:18 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.10.28 18:21:18 | 000,126,260 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.10.28 18:21:18 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.10.28 18:18:06 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.10.28 18:12:49 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.10.28 18:12:49 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.10.28 18:12:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.10.28 18:12:26 | 2137,448,448 | -HS- | M] () -- C:\hiberfil.sys [2012.10.28 15:10:00 | 000,000,936 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2840146642-603267185-3502564834-1001UA.job [2012.10.28 13:53:00 | 000,001,182 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2840146642-603267185-3502564834-1000UA.job [2012.10.27 21:53:00 | 000,001,160 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2840146642-603267185-3502564834-1000Core.job [2012.10.27 18:16:20 | 223,492,338 | ---- | M] () -- C:\Windows\MEMORY.DMP [2012.10.27 17:29:54 | 000,000,000 | ---- | M] () -- C:\Users\Pandito.Sherly-Notebook\defogger_reenable [2012.10.26 20:10:00 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2840146642-603267185-3502564834-1001Core.job [2012.10.26 15:20:57 | 000,088,406 | ---- | M] () -- C:\Users\Pandito.Sherly-Notebook\Desktop\0050e7ca956111e18bb812313804a181_7.jpg [2012.10.25 10:02:43 | 000,293,843 | ---- | M] () -- C:\Users\Pandito.Sherly-Notebook\Desktop\tumblr_mb2bdg48X41qlujc9o1_500.jpg [2012.10.25 09:42:06 | 000,227,100 | ---- | M] () -- C:\Users\Pandito.Sherly-Notebook\Desktop\tumblr_mcfdbyoeG41qcwdu2o1_500.jpg [2012.10.24 20:25:51 | 000,402,862 | ---- | M] () -- C:\Users\Pandito.Sherly-Notebook\Desktop\tumblr_m2u3b3t1M71qkkonqo1_500.png [2012.10.24 20:19:50 | 000,112,872 | ---- | M] () -- C:\Users\Pandito.Sherly-Notebook\Desktop\tumblr_mces4rQFhn1rn2s32o1_1280.jpg [2012.10.24 13:20:45 | 000,419,140 | ---- | M] () -- C:\Users\Pandito.Sherly-Notebook\Desktop\tumblr_m9rxpaG6Xj1rfy3yoo1_500.jpg [2012.10.19 08:23:52 | 000,004,608 | ---- | M] () -- C:\Users\Pandito.Sherly-Notebook\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.10.18 20:53:49 | 000,027,621 | ---- | M] () -- C:\Users\Pandito.Sherly-Notebook\Documents\28709_103646766347492_2613034_n.jpg [2012.10.15 16:22:22 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npdeployJava1.dll [2012.10.15 16:22:22 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll [2012.10.09 19:22:26 | 001,221,459 | ---- | M] () -- C:\Users\Pandito.Sherly-Notebook\Desktop\video-2012-10-09-14-27-41.mp4 [2012.10.09 10:21:22 | 000,908,830 | ---- | M] () -- C:\Users\Pandito.Sherly-Notebook\Desktop\2012-10-09 12.36.55.jpg [2012.10.08 21:18:37 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2012.10.08 21:18:37 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2012.10.07 13:54:16 | 000,035,232 | ---- | M] () -- C:\Users\Pandito.Sherly-Notebook\Desktop\versace-for-h-and-m-leather-studded-jacket-profile.jpg [2012.10.06 13:36:39 | 000,001,887 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2012.10.03 13:48:32 | 000,001,465 | ---- | M] () -- C:\Users\Pandito.Sherly-Notebook\Desktop\Kündigung.rtf [2012.09.29 18:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.10.27 17:29:54 | 000,000,000 | ---- | C] () -- C:\Users\Pandito.Sherly-Notebook\defogger_reenable [2012.10.26 15:20:52 | 000,088,406 | ---- | C] () -- C:\Users\Pandito.Sherly-Notebook\Desktop\0050e7ca956111e18bb812313804a181_7.jpg [2012.10.25 10:02:42 | 000,293,843 | ---- | C] () -- C:\Users\Pandito.Sherly-Notebook\Desktop\tumblr_mb2bdg48X41qlujc9o1_500.jpg [2012.10.25 09:42:06 | 000,227,100 | ---- | C] () -- C:\Users\Pandito.Sherly-Notebook\Desktop\tumblr_mcfdbyoeG41qcwdu2o1_500.jpg [2012.10.24 20:25:50 | 000,402,862 | ---- | C] () -- C:\Users\Pandito.Sherly-Notebook\Desktop\tumblr_m2u3b3t1M71qkkonqo1_500.png [2012.10.24 20:19:49 | 000,112,872 | ---- | C] () -- C:\Users\Pandito.Sherly-Notebook\Desktop\tumblr_mces4rQFhn1rn2s32o1_1280.jpg [2012.10.24 13:20:44 | 000,419,140 | ---- | C] () -- C:\Users\Pandito.Sherly-Notebook\Desktop\tumblr_m9rxpaG6Xj1rfy3yoo1_500.jpg [2012.10.18 20:53:48 | 000,027,621 | ---- | C] () -- C:\Users\Pandito.Sherly-Notebook\Documents\28709_103646766347492_2613034_n.jpg [2012.10.09 19:22:01 | 001,221,459 | ---- | C] () -- C:\Users\Pandito.Sherly-Notebook\Desktop\video-2012-10-09-14-27-41.mp4 [2012.10.09 19:22:00 | 000,908,830 | ---- | C] () -- C:\Users\Pandito.Sherly-Notebook\Desktop\2012-10-09 12.36.55.jpg [2012.10.07 13:54:15 | 000,035,232 | ---- | C] () -- C:\Users\Pandito.Sherly-Notebook\Desktop\versace-for-h-and-m-leather-studded-jacket-profile.jpg [2012.10.06 13:35:20 | 000,002,425 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk [2012.10.06 13:35:20 | 000,001,887 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2012.10.03 13:48:32 | 000,001,465 | ---- | C] () -- C:\Users\Pandito.Sherly-Notebook\Desktop\Kündigung.rtf [2012.09.30 03:47:30 | 000,004,608 | ---- | C] () -- C:\Users\Pandito.Sherly-Notebook\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.08.31 11:18:44 | 004,503,728 | ---- | C] () -- C:\ProgramData\0tbpw.pad [2012.01.12 15:13:33 | 000,058,163 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini [2011.10.31 11:22:42 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2011.10.31 11:22:40 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll [2011.10.31 11:22:40 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll [2011.10.31 11:22:40 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll [2011.10.31 11:22:38 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll [2011.10.14 10:24:03 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI [2010.09.14 16:54:49 | 000,000,127 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc [2008.11.25 23:01:20 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat ========== ZeroAccess Check ========== [2006.11.02 13:54:18 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== Alternate Data Streams ========== @Alternate Data Stream - 64 bytes -> C:\Users\Pandito.Sherly-Notebook\Desktop\video-2012-10-09-14-27-41.mp4:TOC.WMV < End of report > |
29.10.2012, 11:31 | #9 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner Ukash BundespolizeiCode:
ATTFilter Windows Vista Business Edition Service Pack 2 Ist das rein zufällig ein Büro-/Firmen-PC? Oder ein Uni-Rechner?
__________________ Logfiles bitte immer in CODE-Tags posten |
29.10.2012, 20:48 | #10 |
| Trojaner Ukash Bundespolizei ne ist n normaler laptop und vista busines war vorinstalliert |
31.10.2012, 16:24 | #11 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner Ukash Bundespolizei Das beantwortet nicht wirklich meine Frage Die Frage war nach der dem Nutzungsprofil - und ein Vista Business ist auf den gängigsten Notebooks nicht vorinstalliert
__________________ Logfiles bitte immer in CODE-Tags posten |
31.10.2012, 22:49 | #12 |
| Trojaner Ukash Bundespolizei Leider verstehe ich deine frage nicht. Das ist ein rein privat genutzer Laptop, den ich gekauft habe und dieses Betriebssystem war schon vorinstalliert |
01.11.2012, 14:28 | #13 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner Ukash BundespolizeiZitat:
Reine private Nutzung <=> Business Edition Merkst du das, dass die Edition eher unpassend ist? Die Business Edition wurde für Firmenbetrieb bzw. Domänrechner konzipiert und vorinstalliert trifft man diese Edition wohl eher nicht auf den Rechnern im nächsten Billigdiscounter Wer hat dir das installiert woher hast du das Gerät?
__________________ Logfiles bitte immer in CODE-Tags posten |
04.11.2012, 18:50 | #14 |
| Trojaner Ukash Bundespolizei ooook?! der ist bei amazon bestellt worden! |
05.11.2012, 12:24 | #15 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner Ukash Bundespolizei Wenn du meinst Ich halte aber eine BusinessEdition für Heimanwender für ziemlich fragwürdig, aber nun gut Code:
ATTFilter PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Emsisoft Anti-Malware\a2service.exe (Emsi Software GmbH) Bitte sowas unbedingt sein lassen, Emsisoft und AntiVir werden sich irgendwann in die Quere kommen. Verwende immer nur einen Virenscanner mit Hintergrundwächter und nicht mehr! Wenn du dir zusätzliche "Meinungen" einholen willst, dann verwende Malwarebytes Free oder den Online Scanner von ESET. Ich würde dir empfehlen, beide zu deinstallieren und dann Avast zu verwenden.
__________________ Logfiles bitte immer in CODE-Tags posten |
Themen zu Trojaner Ukash Bundespolizei |
.dll, administrator, anti-malware, appdata, autostart, backdoor.bot.citdl, dateien, dringend, emsisoft, explorer, gelöscht, gesperrt, install.exe, löschen, meldung, microsoft, plug-in, pup.blabbers, recycle.bin, roaming, safer networking, software, speicher, trojan.agent, trojan.fakems, trojan.ransom.gen, trojan.spyeyes, trojaner, uninstall.exe, usb 2.0 |