| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Umleitung auf falsche Seiten bei Google-SuchergebnissenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
16.11.2012, 21:46
| #1 |
 |  Umleitung auf falsche Seiten bei Google-Suchergebnissen Dieses Problem hab ich nun auf meinem Windows Vista, dass ich wenn ich bei der Google suche auf eine Seite klicke, immer eine andere erscheint, und das mehrfach hintereinander. Es fing alles an, als plötzlich mein Antivirus (Panda Cloud) sich immer deaktivierte. Immer wenn ich auf "Virenschutz" aktivieren klickte, deaktivierte es sich nach kurzer Zeit wieder. Kurz danach schaltete sich mein Laptop aus und als ich es wieder startete waren all meine Dateien nicht mehr zu sehen, die Programme, die icons, alles im Startmenü weg. Daraufhin habe ich im abgesicherten Modus eine Systemwiederherstellung gemacht, und konnte die Dateien die verteckt waren wieder sichtbar machen. Einige Tage später kam eine Meldung von einem BKA Trojaner, die ich durch den Vollscan mit panda cloud und alwarebytes die betreffende Datei wegkriegte. Ein paar Dateien wurden verschlüsselt, auch die im USB Stick  Greift dieser Trojaner auch auf externe Festplatten und andere Datenträger über ? Nur bleibt jetzt das Prblem mit der Umleitung und das Mein Laptop nach dem Vorfall langsamer läuft und lädt. Ich würde mich über eine Hilfe sehr freuen. ^^ vom defogger Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 19:06 on 16/11/2012 (t.dung)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
OTL : Code:
ATTFilter OTL logfile created on: 16.11.2012 19:31:30 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\t.dung\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,99 Gb Total Physical Memory | 1,54 Gb Available Physical Memory | 51,44% Memory free 6,19 Gb Paging File | 4,83 Gb Available in Paging File | 78,13% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 288,32 Gb Total Space | 116,89 Gb Free Space | 40,54% Space Free | Partition Type: NTFS Computer Name: TDUNG-PC | User Name: t.dung | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.11.16 19:07:41 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\t.dung\Desktop\OTL.exe PRC - [2012.10.09 09:53:36 | 004,441,920 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\t.dung\AppData\Local\Akamai\netsession_win.exe PRC - [2012.09.29 10:32:12 | 000,296,096 | ---- | M] (RealNetworks, Inc.) -- C:\Programme\Real\RealPlayer\Update\realsched.exe PRC - [2012.08.29 11:03:36 | 001,385,896 | ---- | M] (LogMeIn Inc.) -- C:\Programme\LogMeIn Hamachi\hamachi-2.exe PRC - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.07.13 06:15:56 | 000,037,152 | ---- | M] (Panda Security, S.L.) -- C:\Programme\Panda Security\Panda Cloud Antivirus\PSUAMain.exe PRC - [2012.07.13 06:15:56 | 000,036,640 | ---- | M] (Panda Security, S.L.) -- C:\Programme\Panda Security\Panda Cloud Antivirus\PSUAService.exe PRC - [2012.07.13 05:57:41 | 000,140,064 | ---- | M] (Panda Security, S.L.) -- C:\Programme\Panda Security\Panda Cloud Antivirus\PSANHost.exe PRC - [2012.07.02 16:25:14 | 002,232,504 | ---- | M] (Giraffic) -- C:\Programme\Giraffic\Veoh_GirafficWatchdog.exe PRC - [2012.03.19 09:51:36 | 000,217,256 | ---- | M] (Panda Security) -- C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filtering.exe PRC - [2011.07.29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe PRC - [2011.03.28 19:31:16 | 000,193,920 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE PRC - [2011.03.28 19:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE PRC - [2010.10.06 12:39:27 | 002,002,728 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version5\TeamViewer_Service.exe PRC - [2009.04.15 15:18:00 | 000,707,104 | ---- | M] (Acer Incorporated) -- C:\Programme\Packard Bell\Packard Bell PowerSave Solution\ePowerTray.exe PRC - [2009.04.15 15:17:58 | 000,703,008 | ---- | M] (Acer Incorporated) -- C:\Programme\Packard Bell\Packard Bell PowerSave Solution\ePowerSvc.exe PRC - [2009.04.15 15:17:56 | 000,453,152 | ---- | M] (Acer Incorporated) -- C:\Programme\Packard Bell\Packard Bell PowerSave Solution\ePowerEvent.exe PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.04.11 07:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe PRC - [2009.03.18 09:46:30 | 001,160,736 | ---- | M] (Acer Incorporated) -- C:\Programme\Packard Bell\SetupMyPC\SmpSys.exe PRC - [2009.03.09 23:53:08 | 000,250,624 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Programme\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe PRC - [2009.03.09 23:53:02 | 000,044,800 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Programme\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe PRC - [2009.02.19 04:42:50 | 000,866,824 | ---- | M] (Dritek System Inc.) -- C:\Programme\Launch Manager\LManager.exe PRC - [2008.11.06 04:53:58 | 000,474,168 | ---- | M] (Conexant Systems, Inc.) -- C:\Programme\CONEXANT\cAudioFilterAgent\cAudioFilterAgent.exe PRC - [2008.10.17 09:44:58 | 000,091,432 | ---- | M] (CyberLink Corp.) -- C:\Programme\CyberLink\PowerDVD8\PDVD8Serv.exe PRC - [2008.01.21 03:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2008.01.21 03:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe PRC - [2008.01.21 03:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe PRC - [2007.09.11 00:45:04 | 000,124,832 | ---- | M] () -- C:\Programme\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe PRC - [2007.01.25 02:52:26 | 000,065,536 | ---- | M] () -- C:\Programme\Common Files\NMSAccessU.exe ========== Modules (No Company Name) ========== MOD - [2011.07.29 00:09:42 | 000,096,112 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll MOD - [2011.07.29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe MOD - [2009.03.01 20:54:46 | 000,040,960 | ---- | M] () -- C:\Programme\VideoWebCamera\Utility.dll MOD - [2009.02.01 21:28:14 | 000,460,199 | ---- | M] () -- C:\Programme\NewTech Infosystems\Packard Bell MyBackup\sqlite3.dll MOD - [2003.06.07 22:30:08 | 000,057,344 | ---- | M] () -- C:\Programme\Launch Manager\PowerUtl.dll ========== Services (SafeList) ========== SRV - [2012.11.16 18:47:41 | 004,539,712 | ---- | M] () [Auto | Running] -- c:\program files\common files\akamai/netsession_win_ce5ba24.dll -- (Akamai) SRV - [2012.10.09 19:25:53 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.09.06 02:25:06 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.08.29 11:03:36 | 001,385,896 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Programme\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc) SRV - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.07.13 06:15:56 | 000,036,640 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Programme\Panda Security\Panda Cloud Antivirus\PSUAService.exe -- (PSUAService) SRV - [2012.07.13 05:57:41 | 000,140,064 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Programme\Panda Security\Panda Cloud Antivirus\PSANHost.exe -- (NanoServiceMain) SRV - [2012.07.02 16:25:14 | 002,232,504 | ---- | M] (Giraffic) [Auto | Running] -- C:\Programme\Giraffic\Veoh_GirafficWatchdog.exe -- (Giraffic) SRV - [2012.03.08 17:32:24 | 001,492,840 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Live\Family Safety\fsssvc.exe -- (fsssvc) SRV - [2011.12.15 14:59:48 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011.12.15 14:59:38 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.07.20 05:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2011.03.28 19:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2010.10.18 19:33:23 | 000,435,008 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Programme\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag) SRV - [2010.10.06 12:39:27 | 002,002,728 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Programme\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5) SRV - [2010.09.30 15:58:02 | 000,030,016 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp) SRV - [2010.09.22 15:33:04 | 000,051,040 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV - [2010.01.04 20:55:00 | 003,404,560 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc) SRV - [2009.04.15 15:17:58 | 000,703,008 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Packard Bell\Packard Bell PowerSave Solution\ePowerSvc.exe -- (ePowerSvc) SRV - [2009.03.25 18:52:50 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2009.03.09 23:53:02 | 000,044,800 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Programme\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe -- (NTI IScheduleSvc) SRV - [2008.01.21 03:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007.09.11 00:45:04 | 000,124,832 | ---- | M] () [Auto | Running] -- C:\Programme\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor6.0) SRV - [2007.01.25 02:52:26 | 000,065,536 | ---- | M] () [Auto | Running] -- C:\Programme\Common Files\NMSAccessU.exe -- (NMSAccessU) SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva380.sys -- (XDva380) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva375.sys -- (XDva375) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva370.sys -- (XDva370) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva358.sys -- (XDva358) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva354.sys -- (XDva354) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva352.sys -- (XDva352) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva351.sys -- (XDva351) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva349.sys -- (XDva349) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva347.sys -- (XDva347) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva346.sys -- (XDva346) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva343.sys -- (XDva343) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva341.sys -- (XDva341) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva337.sys -- (XDva337) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva332.sys -- (XDva332) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nlndis.sys -- (NLNdisPT) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nlndis.sys -- (NLNdisMP) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleXNt.sys -- (EagleXNt) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleNT.sys -- (EagleNT) DRV - [2012.07.13 06:01:51 | 000,120,872 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\PSINProt.sys -- (PSINProt) DRV - [2012.07.13 06:01:50 | 000,174,632 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\PSINKNC.sys -- (PSINKNC) DRV - [2012.07.13 06:01:50 | 000,114,216 | ---- | M] (Panda Security, S.L.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\PSINProc.sys -- (PSINProc) DRV - [2012.07.13 06:01:16 | 000,103,464 | ---- | M] (Panda Security, S.L.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\PSINFile.sys -- (PSINFile) DRV - [2012.07.13 06:01:15 | 000,148,520 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\PSINAflt.sys -- (PSINAflt) DRV - [2012.07.12 10:18:32 | 000,206,632 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\NNSStrm.sys -- (NNSSTRM) DRV - [2012.06.27 14:51:07 | 000,092,840 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\NNStlsc.sys -- (NNSTLSC) DRV - [2012.06.27 14:51:06 | 000,286,376 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\NNSProt.sys -- (NNSPROT) DRV - [2012.06.27 14:51:06 | 000,153,000 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\NNSPrv.sys -- (NNSPRV) DRV - [2012.06.27 14:51:06 | 000,106,536 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\NNSSmtp.sys -- (NNSSMTP) DRV - [2012.06.27 14:51:05 | 000,104,104 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\NNSPop3.sys -- (NNSPOP3) DRV - [2012.06.27 14:51:05 | 000,060,968 | ---- | M] (Panda Security, S.L.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\NNSPihsw.sys -- (NNSPIHSW) DRV - [2012.06.27 14:51:04 | 000,122,664 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\NNSIds.sys -- (NNSIDS) DRV - [2012.06.27 14:51:04 | 000,093,992 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\NNSpicc.sys -- (NNSPICC) DRV - [2012.06.27 14:51:04 | 000,028,712 | ---- | M] (Panda Security, S.L.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\NNSNAHSL.sys -- (NNSNAHSL) DRV - [2012.06.27 14:51:03 | 000,120,744 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\NNSHttp.sys -- (NNSHTTP) DRV - [2012.06.27 14:51:03 | 000,082,472 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\NNSAlpc.sys -- (NNSALPC) DRV - [2012.02.15 21:51:18 | 000,137,416 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2011.12.15 15:00:00 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2011.12.15 15:00:00 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2011.03.10 17:04:57 | 000,046,280 | ---- | M] (Panda Security) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PSKMAD.sys -- (PSKMAD) DRV - [2010.12.07 13:23:00 | 000,025,088 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgandmodem.sys -- (ANDModem) DRV - [2010.12.07 13:23:00 | 000,020,736 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lganddiag.sys -- (AndDiag) DRV - [2010.12.07 13:23:00 | 000,020,096 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgandgps.sys -- (AndGps) DRV - [2010.12.07 13:22:58 | 000,014,336 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgandbus.sys -- (Andbus) DRV - [2010.08.02 15:19:22 | 000,025,728 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgandadb.sys -- (androidusb) DRV - [2010.06.23 03:47:58 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\taphss.sys -- (taphss) DRV - [2010.06.17 14:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.03.18 16:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi) DRV - [2009.03.17 19:28:50 | 000,452,096 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService) DRV - [2009.02.10 14:01:00 | 007,545,120 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2009.01.22 23:43:54 | 000,052,768 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA) DRV - [2008.12.29 18:51:14 | 003,715,072 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) DRV - [2008.09.04 05:12:56 | 000,223,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\k57nd60x.sys -- (k57nd60x) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&s=2&o=vp32&d=0609&m=easynote_tj66 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&s=2&o=vp32&d=0609&m=easynote_tj66 IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACPW IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2604146 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&s=2&o=vp32&d=0609&m=easynote_tj66 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = {860F2751-420C-4F95-8B0B-07D986B0125A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?FORM=IEFM1&q={searchTerms}&src={referrer:source?} IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=BT5&o=15443&src=crm&q={searchTerms}&locale=de_DE IE - HKCU\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = hxxp://www.google.com/search?ie=utf-8&oe=utf-8&rlz=1V4IPYX&q={searchTerms} IE - HKCU\..\SearchScopes\{539C11B5-7A97-4A07-8468-073E6EAAFFB9}: "URL" = hxxp://www.google.de/search?q={searchTerms} IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACPW IE - HKCU\..\SearchScopes\{860F2751-420C-4F95-8B0B-07D986B0125A}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ACPW_deDE342DE342 IE - HKCU\..\SearchScopes\{8B63A8D6-BBED-4341-8867-790E5F524C96}: "URL" = hxxp://mystart.hiyo.com/?search={searchTerms}&loc=ie_search IE - HKCU\..\SearchScopes\{9B6103C1-F818-48a8-9683-314055BE6075}: "URL" = hxxp://mystart.hiyo.com/?search={searchTerms}&loc=ie_search IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2604146 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421;<local> ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultthis.engineName: "HotSpot International Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2604146&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.selectedEngine: "Panda Safe Search" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "google.de" FF - prefs.js..extensions.enabledAddons: {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}:3.0 FF - prefs.js..extensions.enabledAddons: {45d8ff86-d909-11db-9705-005056c00008}:1.1.0 FF - prefs.js..extensions.enabledItems: {d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}:1.0.0.1 FF - prefs.js..extensions.enabledItems: firefoxhelper@mozilla.org:1.0 FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.5 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.7 FF - prefs.js..extensions.enabledItems: illimitux@illimitux.net:4.0 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: virtualKeyboard@kaspersky.ru:11.0.2.579 FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:11.0.2.579 FF - prefs.js..extensions.enabledItems: KavAntiBanner@Kaspersky.ru:11.0.2.579 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..keyword.URL: "hxxp://www.google.com/search?rlz=1V2IPYX&ie=utf-8&q=" FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "chrome://browser-region/locale/region.properties" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon) FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Users\t.dung\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\virtualKeyboard@kaspersky.ru FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\KavAntiBanner@kaspersky.ru FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\linkfilter@kaspersky.ru FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.09.29 10:32:58 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.04.08 14:41:04 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0153E448-190B-4987-BDE1-F256CADA672F}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.09.29 10:32:58 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.09.29 10:31:44 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.09.29 10:33:22 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}: C:\Users\t.dung\Program Files\DNA [2012.09.07 08:47:25 | 000,000,000 | ---D | M] [2009.08.28 18:46:56 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\t.dung\AppData\Roaming\mozilla\Extensions [2012.05.07 20:01:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\t.dung\AppData\Roaming\mozilla\Firefox\Profiles\ls5c6otl.default\extensions [2012.09.07 08:47:25 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\t.dung\AppData\Roaming\mozilla\Firefox\Profiles\ls5c6otl.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2012.09.07 08:47:25 | 000,000,000 | ---D | M] (Panda Security Toolbar) -- C:\Users\t.dung\AppData\Roaming\mozilla\Firefox\Profiles\ls5c6otl.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} [2012.09.07 08:47:25 | 000,000,000 | ---D | M] (Illimitux) -- C:\Users\t.dung\AppData\Roaming\mozilla\Firefox\Profiles\ls5c6otl.default\extensions\illimitux@illimitux.net [2012.05.07 15:27:09 | 000,060,243 | -H-- | M] () (No name found) -- C:\Users\t.dung\AppData\Roaming\mozilla\firefox\profiles\ls5c6otl.default\extensions\{45d8ff86-d909-11db-9705-005056c00008}.xpi [2010.06.01 13:04:51 | 000,002,252 | -H-- | M] () -- C:\Users\t.dung\AppData\Roaming\mozilla\firefox\profiles\ls5c6otl.default\searchplugins\askcom.xml [2009.11.24 19:31:04 | 000,002,163 | -H-- | M] () -- C:\Users\t.dung\AppData\Roaming\mozilla\firefox\profiles\ls5c6otl.default\searchplugins\bing.xml [2010.04.21 19:07:06 | 000,000,945 | -H-- | M] () -- C:\Users\t.dung\AppData\Roaming\mozilla\firefox\profiles\ls5c6otl.default\searchplugins\conduit.xml [2012.09.01 22:59:47 | 000,000,950 | -H-- | M] () -- C:\Users\t.dung\AppData\Roaming\mozilla\firefox\profiles\ls5c6otl.default\searchplugins\icqplugin-1.xml [2010.12.10 15:16:25 | 000,000,950 | -H-- | M] () -- C:\Users\t.dung\AppData\Roaming\mozilla\firefox\profiles\ls5c6otl.default\searchplugins\icqplugin-10.xml [2010.12.15 15:58:27 | 000,000,950 | -H-- | M] () -- C:\Users\t.dung\AppData\Roaming\mozilla\firefox\profiles\ls5c6otl.default\searchplugins\icqplugin-11.xml [2011.03.03 06:42:50 | 000,000,950 | -H-- | M] () -- C:\Users\t.dung\AppData\Roaming\mozilla\firefox\profiles\ls5c6otl.default\searchplugins\icqplugin-12.xml [2011.03.06 09:23:50 | 000,000,950 | -H-- | M] () -- C:\Users\t.dung\AppData\Roaming\mozilla\firefox\profiles\ls5c6otl.default\searchplugins\icqplugin-13.xml [2011.03.23 20:11:10 | 000,000,950 | -H-- | M] () -- C:\Users\t.dung\AppData\Roaming\mozilla\firefox\profiles\ls5c6otl.default\searchplugins\icqplugin-14.xml [2011.04.30 12:56:47 | 000,000,950 | -H-- | M] () -- C:\Users\t.dung\AppData\Roaming\mozilla\firefox\profiles\ls5c6otl.default\searchplugins\icqplugin-15.xml [2011.06.25 19:43:23 | 000,000,950 | -H-- | M] () -- C:\Users\t.dung\AppData\Roaming\mozilla\firefox\profiles\ls5c6otl.default\searchplugins\icqplugin-16.xml [2011.08.23 16:12:36 | 000,000,950 | -H-- | M] () -- C:\Users\t.dung\AppData\Roaming\mozilla\firefox\profiles\ls5c6otl.default\searchplugins\icqplugin-17.xml [2011.09.06 18:43:46 | 000,000,950 | -H-- | M] () -- C:\Users\t.dung\AppData\Roaming\mozilla\firefox\profiles\ls5c6otl.default\searchplugins\icqplugin-18.xml [2011.09.15 05:14:16 | 000,000,950 | -H-- | M] () -- C:\Users\t.dung\AppData\Roaming\mozilla\firefox\profiles\ls5c6otl.default\searchplugins\icqplugin-19.xml [2009.12.18 18:38:33 | 000,000,950 | -H-- | M] () -- C:\Users\t.dung\AppData\Roaming\mozilla\firefox\profiles\ls5c6otl.default\searchplugins\icqplugin-2.xml [2011.10.29 11:47:36 | 000,000,950 | -H-- | M] () -- C:\Users\t.dung\AppData\Roaming\mozilla\firefox\profiles\ls5c6otl.default\searchplugins\icqplugin-20.xml [2011.12.31 01:52:47 | 000,000,950 | -H-- | M] () -- C:\Users\t.dung\AppData\Roaming\mozilla\firefox\profiles\ls5c6otl.default\searchplugins\icqplugin-21.xml [2011.12.31 10:07:05 | 000,000,950 | -H-- | M] () -- C:\Users\t.dung\AppData\Roaming\mozilla\firefox\profiles\ls5c6otl.default\searchplugins\icqplugin-22.xml [2012.03.13 17:01:04 | 000,000,950 | -H-- | M] () -- C:\Users\t.dung\AppData\Roaming\mozilla\firefox\profiles\ls5c6otl.default\searchplugins\icqplugin-23.xml [2012.03.25 16:15:05 | 000,000,950 | -H-- | M] () -- C:\Users\t.dung\AppData\Roaming\mozilla\firefox\profiles\ls5c6otl.default\searchplugins\icqplugin-24.xml [2010.01.12 14:43:25 | 000,000,950 | -H-- | M] () -- C:\Users\t.dung\AppData\Roaming\mozilla\firefox\profiles\ls5c6otl.default\searchplugins\icqplugin-3.xml [2010.02.19 23:20:00 | 000,000,950 | -H-- | M] () -- C:\Users\t.dung\AppData\Roaming\mozilla\firefox\profiles\ls5c6otl.default\searchplugins\icqplugin-4.xml [2010.04.01 10:20:45 | 000,000,950 | -H-- | M] () -- C:\Users\t.dung\AppData\Roaming\mozilla\firefox\profiles\ls5c6otl.default\searchplugins\icqplugin-5.xml [2010.04.01 12:55:50 | 000,000,950 | -H-- | M] () -- C:\Users\t.dung\AppData\Roaming\mozilla\firefox\profiles\ls5c6otl.default\searchplugins\icqplugin-6.xml [2010.04.01 21:44:26 | 000,000,950 | -H-- | M] () -- C:\Users\t.dung\AppData\Roaming\mozilla\firefox\profiles\ls5c6otl.default\searchplugins\icqplugin-7.xml [2010.08.07 21:56:53 | 000,000,950 | -H-- | M] () -- C:\Users\t.dung\AppData\Roaming\mozilla\firefox\profiles\ls5c6otl.default\searchplugins\icqplugin-8.xml [2010.10.07 19:52:46 | 000,000,950 | -H-- | M] () -- C:\Users\t.dung\AppData\Roaming\mozilla\firefox\profiles\ls5c6otl.default\searchplugins\icqplugin-9.xml [2009.09.17 13:30:04 | 000,000,944 | -H-- | M] () -- C:\Users\t.dung\AppData\Roaming\mozilla\firefox\profiles\ls5c6otl.default\searchplugins\icqplugin.xml [2010.07.11 15:25:35 | 000,002,135 | -H-- | M] () -- C:\Users\t.dung\AppData\Roaming\mozilla\firefox\profiles\ls5c6otl.default\searchplugins\MyStart Search.xml [2009.10.11 18:53:49 | 000,003,915 | -H-- | M] () -- C:\Users\t.dung\AppData\Roaming\mozilla\firefox\profiles\ls5c6otl.default\searchplugins\sweetim.xml [2012.09.07 18:44:47 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2009.10.26 21:22:13 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2012.09.07 14:24:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2009.10.22 16:15:35 | 000,000,000 | ---D | M] (FirefoxHelper) -- C:\Programme\Mozilla Firefox\extensions\firefoxhelper@mozilla.org [2010.12.28 20:10:39 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\Programme\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak [2010.12.28 20:10:25 | 000,000,000 | ---D | M] (Modul zur Link-Untersuchung) -- C:\Programme\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak [2012.09.06 02:26:03 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.09.29 10:32:26 | 000,129,176 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll [2012.09.06 03:07:37 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.09.06 03:07:37 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.09.06 03:07:37 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.09.06 03:07:37 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.01.27 16:11:08 | 000,002,325 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pandasecuritytb.xml [2012.09.06 03:07:37 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.09.06 03:07:37 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation) O2 - BHO: (Panda Security Toolbar) - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Programme\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll () O3 - HKLM\..\Toolbar: (Panda Security Toolbar) - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Programme\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll () O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found. O4 - HKLM..\Run: [Acer ePower Management] C:\Programme\Packard Bell\Packard Bell PowerSave Solution\ePowerTrayLauncher.exe (Acer Incorporated) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe (NewTech Infosystems, Inc.) O4 - HKLM..\Run: [cAudioFilterAgent] C:\Programme\CONEXANT\cAudioFilterAgent\cAudioFilterAgent.exe (Conexant Systems, Inc.) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [FILSHtray] "C:\Program Files\FILSHtray\FILSHtray.exe" File not found O4 - HKLM..\Run: [LELA] "C:\Program Files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe" /minimized File not found O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [Panda Security URL Filtering] C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filtering.exe (Panda Security) O4 - HKLM..\Run: [PDVD8LanguageShortcut] c:\Program Files\CyberLink\PowerDVD8\Language\Language.exe () O4 - HKLM..\Run: [PSUAMain] C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe (Panda Security, S.L.) O4 - HKLM..\Run: [RemoteControl8] c:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.) O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [VideoWebCamera] C:\Program Files\VideoWebCamera\VideoWebCamera.exe (Suyin) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\t.dung\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.) O4 - HKCU..\Run: [SmpcSys] C:\Programme\Packard Bell\SetupMyPC\SmpSys.exe (Acer Incorporated) O4 - HKCU..\Run: [VeohPlugin] C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (Veoh Networks) O8 - Extra context menu item: Free YouTube Download - C:\Users\t.dung\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm () O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation) O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: fritz.box ([]* in Lokales Intranet) O15 - HKCU\..Trusted Ranges: Range1 ([*] in Lokales Intranet) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35) O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35) O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{848DEB77-6767-4AB8-821C-490AC8438F8F}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{99316BF3-6B18-43A7-A84D-4F0446665C57}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{3315199a-1fcf-11df-a2dc-001f16a6d496}\Shell\AutoRun\command - "" = E:\EmDesk.exe O33 - MountPoints2\{3315199a-1fcf-11df-a2dc-001f16a6d496}\Shell\EmDesk\command - "" = E:\EmDesk.exe O33 - MountPoints2\E\Shell\AutoRun\command - "" = C:\Windows\System32\setupSNK.exe -- [2008.01.21 03:23:31 | 000,013,312 | ---- | M] (Microsoft Corporation) O33 - MountPoints2\F\Shell\AutoRun\command - "" = C:\Windows\System32\setupSNK.exe -- [2008.01.21 03:23:31 | 000,013,312 | ---- | M] (Microsoft Corporation) O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.11.16 19:07:41 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\t.dung\Desktop\OTL.exe [2012.11.16 17:46:16 | 000,000,000 | R--D | C] -- C:\Users\t.dung\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 8 [2012.10.24 06:44:37 | 000,046,280 | ---- | C] (Panda Security) -- C:\Windows\System32\drivers\PSKMAD.sys [2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.11.16 19:28:02 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.11.16 19:25:18 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.11.16 19:07:41 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\t.dung\Desktop\OTL.exe [2012.11.16 19:06:23 | 000,000,000 | ---- | M] () -- C:\Users\t.dung\defogger_reenable [2012.11.16 19:05:26 | 000,050,477 | ---- | M] () -- C:\Users\t.dung\Desktop\Defogger.exe [2012.11.16 18:58:39 | 000,000,560 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for t.dung.job [2012.11.16 17:49:51 | 000,671,674 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.11.16 17:49:51 | 000,632,180 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.11.16 17:49:51 | 000,144,810 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.11.16 17:49:51 | 000,118,806 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.11.16 17:45:18 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.11.16 17:43:18 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.11.16 17:43:18 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.11.16 17:43:17 | 000,079,942 | ---- | M] () -- C:\ProgramData\nvModes.001 [2012.11.16 17:43:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.10.26 18:17:06 | 000,006,400 | ---- | M] () -- C:\ProgramData\NanoRepository.bin [2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.11.16 19:06:23 | 000,000,000 | ---- | C] () -- C:\Users\t.dung\defogger_reenable [2012.11.16 19:05:26 | 000,050,477 | ---- | C] () -- C:\Users\t.dung\Desktop\Defogger.exe [2012.10.08 19:18:12 | 000,011,872 | ---- | C] () -- C:\Users\t.dung\bewerbungt 1.odt [2012.10.08 17:09:30 | 000,010,261 | ---- | C] () -- C:\Users\t.dung\Lebenslauf.odt [2012.09.21 21:16:15 | 000,005,441 | ---- | C] () -- C:\Users\t.dung\safe_image[3].jpg [2012.09.08 14:31:21 | 000,394,120 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2012.09.05 20:40:24 | 000,006,400 | ---- | C] () -- C:\ProgramData\NanoRepository.bin.bak [2012.09.05 20:40:24 | 000,006,400 | ---- | C] () -- C:\ProgramData\NanoRepository.bin [2012.09.05 19:59:27 | 000,000,176 | ---- | C] () -- C:\ProgramData\-7ADZ5g9QZthTedr [2012.09.05 19:59:26 | 000,000,160 | ---- | C] () -- C:\ProgramData\-7ADZ5g9QZthTed [2012.09.05 19:59:24 | 000,000,368 | ---- | C] () -- C:\ProgramData\7ADZ5g9QZthTed [2012.08.31 01:31:58 | 000,719,644 | ---- | C] () -- C:\Users\t.dung\bio.rtf [2012.08.10 21:12:51 | 004,503,728 | ---- | C] () -- C:\ProgramData\00etadpu.pad [2012.08.03 19:21:03 | 000,000,000 | ---- | C] () -- C:\ProgramData\0x0304A000.sfl [2012.07.30 13:44:30 | 000,229,470 | ---- | C] () -- C:\Users\t.dung\beelzebub-3380623.jpg [2012.05.17 22:45:44 | 000,003,089 | ---- | C] () -- C:\Users\t.dung\songs.rtf [2012.05.13 10:42:31 | 000,000,127 | ---- | C] () -- C:\Windows\System32\MRT.INI [2012.05.03 16:46:42 | 000,000,167 | ---- | C] () -- C:\Users\t.dung\fr8tz.rtf [2012.01.28 17:39:14 | 000,000,000 | ---- | C] () -- C:\Users\t.dung\AppData\Local\{2741957C-0A26-4715-A593-AEB61F61C992} [2011.12.31 16:37:46 | 000,000,185 | ---- | C] () -- C:\Users\t.dung\grkushf.rtf [2011.11.15 14:28:38 | 000,224,844 | ---- | C] () -- C:\Users\t.dung\Chemie.odt [2011.09.27 04:37:13 | 000,002,728 | ---- | C] () -- C:\Users\t.dung\.recently-used.xbel [2011.09.26 22:31:21 | 000,018,082 | ---- | C] () -- C:\Users\t.dung\kloster_corin2_01.jpg [2011.09.02 22:54:22 | 000,000,277 | ---- | C] () -- C:\Users\t.dung\Gedanken.rtf [2011.08.29 21:32:52 | 000,000,356 | ---- | C] () -- C:\Users\t.dung\dieser SATZ !!!.rtf [2011.08.26 16:07:30 | 000,000,354 | ---- | C] () -- C:\Users\t.dung\ort in berlin.rtf [2011.08.17 21:27:01 | 000,012,614 | ---- | C] () -- C:\Users\t.dung\scheiß elli, hure.rtf [2011.08.11 22:13:17 | 000,012,499 | ---- | C] () -- C:\Users\t.dung\an.rtf [2011.08.07 11:01:06 | 001,245,491 | ---- | C] () -- C:\Users\t.dung\ydfh bdf.JPG [2011.08.04 12:01:04 | 000,000,624 | ---- | C] () -- C:\Users\t.dung\Ich.rtf [2011.07.26 00:12:28 | 000,036,112 | ---- | C] () -- C:\Users\t.dung\ende mit.rtf [2011.06.10 15:32:01 | 000,001,987 | ---- | C] () -- C:\Users\t.dung\antrag auf rücktritt.rtf [2011.06.09 18:45:04 | 000,002,699 | ---- | C] () -- C:\Users\t.dung\fritzbox einstellungen.rtf [2011.05.05 19:18:01 | 000,066,808 | ---- | C] () -- C:\Users\t.dung\spirited_away_006.jpg [2011.05.05 19:15:49 | 000,230,993 | ---- | C] () -- C:\Users\t.dung\Chihiros Reise ins Zauberland.jpg [2011.04.30 15:20:43 | 000,086,004 | ---- | C] () -- C:\Users\t.dung\parasyte-1169925.jpg [2011.04.10 17:01:28 | 000,073,069 | ---- | C] () -- C:\Users\t.dung\c915a1053aa83de2667dbb6c36c11c79_0.jpg [2011.03.11 21:50:40 | 026,128,352 | ---- | C] () -- C:\Users\t.dung\DSCN1910.AVI [2010.11.06 18:57:19 | 000,367,254 | ---- | C] () -- C:\Users\t.dung\AppData\Local\TempBeispiel 5.bmp [2010.11.06 18:55:33 | 000,095,572 | ---- | C] () -- C:\Users\t.dung\AppData\Local\Tempsexy-manga-1-4.jpg [2010.08.06 21:19:48 | 000,000,150 | ---- | C] () -- C:\Users\t.dung\AppData\Roaming\delme.bat [2010.05.28 11:32:48 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat [2010.05.17 07:04:00 | 000,001,332 | ---- | C] () -- C:\Users\t.dung\Aktuelle Wiedergabe1.wpl [2010.02.01 18:04:35 | 000,000,330 | ---- | C] () -- C:\Users\t.dung\gmxnr.rtf [2010.01.27 18:53:01 | 000,118,805 | ---- | C] () -- C:\Users\t.dung\castle-jinmeri sheet.pdf [2010.01.20 07:40:48 | 000,002,741 | ---- | C] () -- C:\Users\t.dung\Aktuelle Wiedergabe.wpl [2010.01.14 07:42:23 | 000,000,438 | ---- | C] () -- C:\Users\t.dung\quellen nihei.rtf [2010.01.13 07:49:28 | 000,002,030 | ---- | C] () -- C:\Users\t.dung\weerke.rtf [2010.01.13 07:49:17 | 000,000,780 | ---- | C] () -- C:\Users\t.dung\nuhei.rtf [2010.01.12 21:01:26 | 000,002,011 | ---- | C] () -- C:\Users\t.dung\tsutomu nihei werke.rtf [2010.01.10 22:53:28 | 000,002,269 | ---- | C] () -- C:\Users\t.dung\tsutomu nihei.rtf [2010.01.06 07:02:16 | 000,002,665 | ---- | C] () -- C:\Users\t.dung\frauen kafka.rtf [2010.01.03 17:40:02 | 000,000,982 | ---- | C] () -- C:\Users\t.dung\elli infos.rtf [2009.12.23 18:09:34 | 000,000,344 | ---- | C] () -- C:\Users\t.dung\flyff dialog XD.rtf [2009.12.14 23:59:18 | 000,008,556 | ---- | C] () -- C:\Users\t.dung\heinrich.rtf [2009.12.13 22:45:10 | 000,000,553 | ---- | C] () -- C:\Users\t.dung\termine.rtf [2009.11.15 20:02:14 | 000,007,123 | -HS- | C] () -- C:\Users\t.dung\Folder.jpg [2009.11.15 20:02:14 | 000,007,123 | -HS- | C] () -- C:\Users\t.dung\AlbumArt_{0FA16295-43E1-48B8-B2D1-EA960B18B30C}_Large.jpg [2009.11.15 20:02:14 | 000,001,982 | -HS- | C] () -- C:\Users\t.dung\AlbumArtSmall.jpg [2009.11.15 20:02:14 | 000,001,982 | -HS- | C] () -- C:\Users\t.dung\AlbumArt_{0FA16295-43E1-48B8-B2D1-EA960B18B30C}_Small.jpg [2009.10.28 23:48:34 | 000,247,431 | ---- | C] () -- C:\Users\t.dung\Unbenannt merry.wma [2009.10.26 20:56:36 | 006,262,762 | ---- | C] () -- C:\Users\t.dung\05-polysics-kaja_kaja_goo.mp3 [2009.10.04 08:45:08 | 000,000,552 | ---- | C] () -- C:\Users\t.dung\AppData\Local\d3d8caps.dat [2009.09.10 14:27:29 | 000,001,356 | ---- | C] () -- C:\Users\t.dung\AppData\Local\d3d9caps.dat [2009.09.07 13:58:15 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2009.08.30 15:34:22 | 1029,197,824 | ---- | C] () -- C:\Users\t.dung\VTS_03_1.VOB [2009.08.30 15:34:21 | 000,001,980 | ---- | C] () -- C:\Users\t.dung\Visubands.rtf [2009.08.30 15:34:19 | 000,000,496 | ---- | C] () -- C:\Users\t.dung\musicliste.rtf [2009.08.24 21:22:46 | 000,130,560 | ---- | C] () -- C:\Users\t.dung\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.06.13 14:29:50 | 000,079,942 | ---- | C] () -- C:\ProgramData\nvModes.001 [2009.06.13 14:29:44 | 000,079,942 | ---- | C] () -- C:\ProgramData\nvModes.dat [2007.01.25 02:52:26 | 000,065,536 | ---- | C] () -- C:\Program Files\Common Files\NMSAccessU.exe ========== ZeroAccess Check ========== [2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2011.06.23 16:22:59 | 000,000,000 | ---D | M] -- C:\Users\t.dung\AppData\Roaming\.minecraft [2010.03.29 17:49:37 | 000,000,000 | -H-D | M] -- C:\Users\t.dung\AppData\Roaming\Any Video Converter [2012.11.16 17:50:09 | 000,000,000 | -H-D | M] -- C:\Users\t.dung\AppData\Roaming\BitTorrent [2012.09.07 08:47:24 | 000,000,000 | ---D | M] -- C:\Users\t.dung\AppData\Roaming\DNA [2012.03.06 18:32:51 | 000,000,000 | -H-D | M] -- C:\Users\t.dung\AppData\Roaming\Dohyw [2011.02.07 20:24:16 | 000,000,000 | ---D | M] -- C:\Users\t.dung\AppData\Roaming\Downloaded Installations [2010.10.18 15:55:06 | 000,000,000 | -H-D | M] -- C:\Users\t.dung\AppData\Roaming\DVDVideoSoftIEHelpers [2010.07.20 21:23:06 | 000,000,000 | -H-D | M] -- C:\Users\t.dung\AppData\Roaming\FOG Downloader [2012.09.07 08:47:24 | 000,000,000 | ---D | M] -- C:\Users\t.dung\AppData\Roaming\GetRightToGo [2012.09.07 08:47:24 | 000,000,000 | ---D | M] -- C:\Users\t.dung\AppData\Roaming\gtk-2.0 [2010.12.30 21:22:19 | 000,000,000 | -H-D | M] -- C:\Users\t.dung\AppData\Roaming\ICQ [2009.09.17 14:03:28 | 000,000,000 | ---D | M] -- C:\Users\t.dung\AppData\Roaming\MAGIX [2010.10.30 11:25:34 | 000,000,000 | -H-D | M] -- C:\Users\t.dung\AppData\Roaming\MyVideoDownloader [2009.09.18 05:33:30 | 000,000,000 | ---D | M] -- C:\Users\t.dung\AppData\Roaming\OpenOffice.org [2010.08.08 17:17:01 | 000,000,000 | ---D | M] -- C:\Users\t.dung\AppData\Roaming\Opera [2009.08.24 18:54:26 | 000,000,000 | -H-D | M] -- C:\Users\t.dung\AppData\Roaming\Packard Bell [2012.04.20 21:17:52 | 000,000,000 | ---D | M] -- C:\Users\t.dung\AppData\Roaming\Panda Security [2010.07.15 20:09:54 | 000,000,000 | -H-D | M] -- C:\Users\t.dung\AppData\Roaming\PhotoLine [2012.05.09 11:56:07 | 000,000,000 | ---D | M] -- C:\Users\t.dung\AppData\Roaming\TeamViewer [2012.09.07 08:47:25 | 000,000,000 | ---D | M] -- C:\Users\t.dung\AppData\Roaming\TS3Client [2010.09.24 19:16:07 | 000,000,000 | ---D | M] -- C:\Users\t.dung\AppData\Roaming\TuneUp Software [2010.08.05 10:39:37 | 000,000,000 | -H-D | M] -- C:\Users\t.dung\AppData\Roaming\Uniblue [2009.08.25 18:32:13 | 000,000,000 | -H-D | M] -- C:\Users\t.dung\AppData\Roaming\YoudaGames [2012.03.06 18:32:53 | 000,000,000 | -H-D | M] -- C:\Users\t.dung\AppData\Roaming\Zobiw ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 64 bytes -> C:\Users\t.dung\VTS_03_1.VOB:TOC.WMV @Alternate Data Stream - 64 bytes -> C:\Users\t.dung\DSCN1910.AVI:TOC.WMV @Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:0651F96C @Alternate Data Stream - 111 bytes -> C:\ProgramData\Temp:F63A059B < End of report > Code:
ATTFilter OTL Extras logfile created on: 16.11.2012 19:31:30 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\t.dung\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,99 Gb Total Physical Memory | 1,54 Gb Available Physical Memory | 51,44% Memory free
6,19 Gb Paging File | 4,83 Gb Available in Paging File | 78,13% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288,32 Gb Total Space | 116,89 Gb Free Space | 40,54% Space Free | Partition Type: NTFS
Computer Name: TDUNG-PC | User Name: t.dung | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AntiVirusDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00301B2F-9A85-478D-ADC9-F2DA9C01ECF1}" = rport=2869 | protocol=6 | dir=out | app=system |
"{04874073-7CAF-4A7A-A16C-39147171F85F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{0DCFF7E8-E9BA-43A2-80A1-0E59859EC497}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{0E0A3944-3718-48D3-9464-215F928E599E}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{17E15091-B784-4BD2-9854-DDFCBCA0E93E}" = lport=2869 | protocol=6 | dir=in | app=system |
"{1814E8FD-FB24-4C73-86BB-602FBFF28406}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=c:\windows\system32\svchost.exe |
"{27DC23C0-108B-4BBC-82BF-2D70DBAB4F59}" = lport=49177 | protocol=6 | dir=in | name=akamai netsession interface |
"{30BE9797-CB63-456E-88FB-EBEBADE08430}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{3DD07163-DB56-492D-A736-1E52D6F92ABA}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe |
"{46682535-74FC-4804-BE6A-CD983FF7F439}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=c:\windows\system32\svchost.exe |
"{49E5EE38-C0F3-467D-9E64-C2B71522D0A0}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{55425BC0-D33F-4E8E-90CE-3E1F7EDDCCD6}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=c:\windows\system32\svchost.exe |
"{631B22F9-11A4-4DF9-9C27-553FFB89C453}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=c:\windows\system32\svchost.exe |
"{7687FB33-BAD6-41E0-B0DC-5A47085B2425}" = lport=49185 | protocol=6 | dir=in | name=akamai netsession interface |
"{78F3AA63-C09A-4959-A9FB-EB0DCE0EC843}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=c:\windows\system32\svchost.exe |
"{7AA0920A-18A0-4677-9D2D-009A895D81D9}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 |
"{85936755-AF83-478D-9281-23F52C080D87}" = lport=2869 | protocol=6 | dir=in | app=system |
"{87D24086-5D81-4A1A-B743-826734BA873B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{88DFC6DA-DD93-4720-B100-2A45333C5E9E}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{AE41CA38-443F-4E6D-B954-41030968C8BA}" = lport=67 | protocol=17 | dir=in | name=dhcp discovery service |
"{B4D05A89-E3BC-400F-AE0E-E0EDFBCE7411}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{BD4F18FE-F333-401D-A6F1-A2FB78D8923C}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{CD3661AE-E683-4C8F-8C8F-C183B8738250}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{D4802EA6-0211-4AE1-A6DF-DF7FD3E9713F}" = lport=49977 | protocol=6 | dir=in | name=akamai netsession interface |
"{DF1BD78F-6CC4-42B0-9389-9E6ACD608132}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{E9469BA3-09E3-4C6D-8B51-78F6F77874AA}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=c:\windows\system32\svchost.exe |
"{EB4E5E13-9512-4C81-B4CA-21D07D28063A}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{F1B29396-EDC1-4473-896E-39C75AE82DEF}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{045FB334-7578-4F12-BD4A-07A5652C8B16}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{119B4D9B-A9DE-4981-A1FA-D16A3027494F}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version5\teamviewer.exe |
"{14CF75CF-FBEB-478E-8307-EE4433CBD618}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{16A4861A-AA4A-46F2-912B-126051A09435}" = protocol=17 | dir=in | app=c:\program files\gameforge4d\elsword_de\data\x2.exe |
"{1EB12BE3-CCD3-4EA1-898B-46F6200DD605}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{26B1F04B-E80B-488B-A9E2-61398C78C253}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{28107E13-35DB-4F6E-B9AA-D1363C12DD47}" = protocol=6 | dir=in | app=c:\program files\gameforge4d\elsword_de\data\x2.exe |
"{29B635A2-2F2D-4009-8FD9-ED70B0C88519}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{29E70CA9-79A0-48D2-986B-E1D63F0AAB38}" = protocol=6 | dir=in | app=c:\program files\panda security\panda security toolbar\dtuser.exe |
"{2FD5E674-892D-445F-8997-A3B41A9E4968}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{314DC154-1DE6-4395-90FF-E8A390189167}" = protocol=6 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"{424BBE6D-78E1-406D-99D6-B6A174459F2E}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
"{42C78116-E29B-4055-A33C-3EAAFEAF84DA}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{45AC146B-FEB2-4B9D-9767-B5C505B900D2}" = protocol=17 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe |
"{4B5A7CC6-EC18-4E86-B573-D8B673E6EF34}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{4EF96C7C-2CA5-4E12-8C38-36B725335489}" = dir=in | app=c:\program files\cyberlink\powerdvd8\powerdvd8.exe |
"{51E424E8-C9FB-4601-94A9-6E9D84E5A911}" = protocol=17 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"{520EDC86-EE62-455A-85F6-555668667106}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{5F9B8D23-9240-4BA0-8633-8366EF8CA825}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{5FE542EB-18AC-4979-B41B-2EC8A6F58B1E}" = protocol=6 | dir=in | app=c:\program files\giraffic\veoh_giraffic.exe |
"{61EB8BB7-5694-4A66-824C-05CB3D76D6F3}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{64E4C831-CA97-499C-B238-8D108600FE29}" = protocol=6 | dir=in | app=c:\program files\giraffic\veoh_girafficwatchdog.exe |
"{6ECF214D-E1A6-4ECF-B31B-F269C5E0D298}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version5\teamviewer_service.exe |
"{78922F1C-956E-4BE3-933C-8B2ADB62EE7F}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{8523839A-8760-4195-8ABD-03135066E812}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version5\teamviewer.exe |
"{8A7B7522-D73F-47C9-8CEB-7557F23DB616}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{9406ECB2-248D-4E00-AFC2-204EE3D1EED8}" = protocol=6 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe |
"{954F1335-4CDE-41E9-8B87-1445D6F36FC0}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{A79C20D4-4938-4F93-9458-6BC97BA5EBD9}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe |
"{B21590E7-96E6-4CDA-B781-D56633BBE616}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{B335D1CE-21AB-494B-9EDC-02168AD2D300}" = protocol=17 | dir=in | app=c:\program files\gameforge4d\elsword_de\data\x2.exe |
"{B575E7F5-9CF8-497F-9020-1B92C375F707}" = protocol=6 | dir=in | app=c:\program files\gameforge4d\elsword_de\data\x2.exe |
"{BA3DF97D-D16B-4B46-B96E-D8B4F3E11A43}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{BD326DF9-9783-4B6D-B70F-5B75E35C0620}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{BEF05DE3-A2A3-4330-8C49-A98DBEBB53F3}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version5\teamviewer_service.exe |
"{C3184A17-53E3-4BC6-963F-798F49F412FD}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{C869956C-320D-4888-9764-410D6E0E7965}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{CD25C6C2-BCE5-4106-941D-AB606C3442C6}" = protocol=17 | dir=in | app=c:\program files\giraffic\veoh_giraffic.exe |
"{D3603C44-5D7C-4AFC-9533-97CF8B487D78}" = protocol=17 | dir=in | app=c:\users\t.dung\appdata\local\akamai\netsession_win.exe |
"{D62854FD-5CAA-4F40-B749-25AB40C11F5B}" = protocol=6 | dir=in | app=c:\users\t.dung\appdata\local\akamai\netsession_win.exe |
"{E5D2D365-B87E-4A4D-A91D-8ADA1F814394}" = protocol=17 | dir=in | app=c:\program files\panda security\panda security toolbar\dtuser.exe |
"{E91BBCD3-663A-4574-8A59-D3358BE1ED58}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{F9FB3A41-A0E3-4379-9787-AFAB5B9EA221}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{FEEADB9B-2069-46B9-B6E9-079E6F50EB29}" = protocol=17 | dir=in | app=c:\program files\giraffic\veoh_girafficwatchdog.exe |
"{FF1E95A8-4FA5-41D4-844F-458DC26D14E4}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"TCP Query User{2931268F-C893-4F11-9CFA-5A038405D425}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{3C0CF658-7210-4D4B-B87D-2288F6308F65}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{3E86B31A-F666-4F9F-984C-7CAEC6853270}E:\metin2 privat server\blacknight-mt2 client 1.2\lib\game\game.exe" = protocol=6 | dir=in | app=e:\metin2 privat server\blacknight-mt2 client 1.2\lib\game\game.exe |
"TCP Query User{59AEA3ED-76B4-4989-8E2F-440FE18817EC}C:\program files\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"TCP Query User{72C83951-B207-4B31-BD80-E30A03A798DD}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe" = protocol=6 | dir=in | app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe |
"TCP Query User{752A0F10-225C-445E-8212-1A0735BA19A3}C:\users\t.dung\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\t.dung\program files\dna\btdna.exe |
"TCP Query User{A8DF7592-D65B-4309-B151-7EC8F7167AFD}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"UDP Query User{02EA6A6F-5003-41A4-A2E8-8B7A9D628129}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{26D1DA44-5EDD-4FAA-83AB-FBB1FF93B34E}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{83F044C1-3890-40BA-966D-87F132A13F77}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe" = protocol=17 | dir=in | app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe |
"UDP Query User{DAC4F8E4-6AEF-4655-895B-748BB92F9F3E}C:\users\t.dung\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\t.dung\program files\dna\btdna.exe |
"UDP Query User{DC937AAB-6BE5-4892-B9B1-F034CF759AD4}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"UDP Query User{E3D89688-C1D2-4FF6-BBDB-47AC961815D3}E:\metin2 privat server\blacknight-mt2 client 1.2\lib\game\game.exe" = protocol=17 | dir=in | app=e:\metin2 privat server\blacknight-mt2 client 1.2\lib\game\game.exe |
"UDP Query User{FEB7E17D-08B9-4683-9880-CEA1EF70BBCA}C:\program files\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{02602409-9189-4567-BC07-562605243B69}" = Windows Live Remote Client Resources
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{256FA7E0-D9C2-44FE-AA9E-42AE2CCC2D50}_is1" = Hello Kitty Online
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83216035FF}" = Java(TM) 6 Update 35
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{292E65F1-E9F8-4416-90A6-5916A8C95672}_is1" = Hello Kitty Online Download Manager
"{2A3A4BD6-6CE0-4E2A-80D2-1D0FF6ACBFBA}" = LG United Mobile Driver
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{2D6E3D97-1FDF-4993-AC75-72F59EC445C5}" = Windows Live Family Safety
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3A65A74A-5B6E-451A-92D8-50F1182BBE9A}" = Windows Live Remote Service Resources
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Packard Bell PowerSave Solution
"{3E2C691B-B7E6-4053-B5C3-94B8BC407E7A}" = Adobe Premiere Elements 4.0
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5928359F-BF46-4646-BF19-B64E55171EB5}_is1" = FILSHtray Version 0.8
"{5C1BF3AC-B19D-4C26-B0A0-90833A521031}" = Nero 8 Essentials
"{5CE74A57-75E8-43A9-9BAA-CB97A1A23043}" = Panda Cloud Antivirus
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{62F7DA7E-CCCB-439C-A760-00C3926E761F}" = Microsoft Works
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69F0CEA4-43E2-4CBB-92DF-41860A40A631}" = Formelrechner
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6C1E7AA1-44E9-446D-AAB2-0DE6D9EFEAB1}" = Safari
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7B15D70E-9449-4CFB-B9BC-798465B2BD5C}" = Norton Internet Security
"{7E210E1C-52A1-40E3-817B-D504E9F64DFA}_is1" = Flyff
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Packard Bell Recovery Management
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8EDBA74D-0686-4C99-BFDD-F894678E5102}" = Adobe Common File Installer
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A4-0409-0000-0000000FF1CE}" = Microsoft Office 2003 Web Components
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{94056AE8-EF0F-45E4-A1B4-D754115F8A28}" = Numedia CD-DVD writing as non-admin user
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9AF0B106-56F1-461B-A270-95BC1682E282}" = Broadcom Gigabit NetLink Controller
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9E1BAB75-EB78-440D-94C0-A3857BE2E733}" = System Requirements Lab
"{9EBDAF91-DADA-47CE-94F2-F5B004007934}" = System Requirements Lab
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}" = Video Web Camera
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AB49B509-8FCA-45E6-9FB9-9E4AEEB8F148}" = System Requirements Lab CYRI
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{b2042d5e-986d-44ec-aee3-afe4108ccc93}" = Python 3.2
"{B8ABD8C7-991E-4A70-B5A3-20C6FC680680}" = LogMeIn Hamachi
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C34FAEF3-4241-4C4E-9CFF-7BBD8BCEABE7}" = WebEx Support Manager for Internet Explorer
"{C3592426-531E-4110-911D-BFECE2CE284C}" = osu!
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C6254BE3-C3FE-4F2B-AB15-397170553FF2}" = Setup
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D5E94E74-0D14-48F5-B1F4-F38BB37BEE9B}" = S4 League_EU
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E63E34A7-E552-412B-9E40-FD6FC5227ABA}_is1" = Uniblue RegistryBooster 2010
"{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F54AC413-D2C6-4A24-B324-370C223C6250}" = Adobe Photoshop Elements 6.0
"{F5A4F780-DF0C-444F-BA82-637CCF5C8052}" = Windows Live Family Safety
"{F68A7F48-9F26-4FB1-A7C2-DF3C0F2D849C}" = Crazy Taxi
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F85C7118-F3DC-4ED9-AB27-3E7931EA3D88}" = Adobe Premiere Elements 4.0 Templates
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop Elements 6" = Adobe Photoshop Elements 6.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Akamai" = Akamai NetSession Interface
"Any Video Converter_is1" = Any Video Converter 2.7.6
"Audition Online1.2.6064" = Audition Online
"Avira AntiVir Desktop" = Avira Free Antivirus
"AVMFBox" = AVM FRITZ!Box Dokumentation
"AVMFBoxPrinter" = AVM FRITZ!Box Druckeranschluss
"B991B020-2968-11D8-AF23-444553540000_is1" = FreeMind
"CCleaner" = CCleaner
"CNXT_AUDIO_HDA" = Conexant HD Audio
"Cute CD DVD Burner V6.0" = Cute CD DVD Burner V6.0
"DivX Setup" = DivX-Setup
"Elsword_DE_is1" = Elsword_DE
"FantasyTennis" = FantasyTennis
"FlorensiaEN" = FlorensiaEN 1.10.26
"Free RAR Extract Frog 1.00" = Free RAR Extract Frog 1.00
"Free YouTube Download_is1" = Free YouTube Download 2.10
"Giraffic" = Veoh Giraffic Video Accelerator
"Grand Fantasia" = Grand Fantasia
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HyperCam 2" = HyperCam 2
"Identity Card" = Identity Card
"Infocenter" = Infocenter
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Packard Bell MyBackup
"LManager" = Launch Manager
"LogMeIn Hamachi" = LogMeIn Hamachi
"Mabinogi" = Mabinogi
"MAGIX 3D Maker D" = MAGIX 3D Maker (embeded)
"MAGIX Screenshare D" = MAGIX Screenshare 4.3.6.1987 (D)
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"MinecraftAlpha" = MinecraftAlpha
"Mozilla Firefox 15.0.1 (x86 de)" = Mozilla Firefox 15.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NSS" = Norton Security Scan
"NVIDIA Drivers" = NVIDIA Drivers
"Packard Bell Customer Registration" = Packard Bell Customer Registration
"PackardBell Screensaver" = PackardBell ScreenSaver
"Panda Security URL Filtering" = Panda Security URL Filtering
"Panda Universal Agent Endpoint" = Panda Cloud Antivirus
"pandasecuritytb" = Panda Security Toolbar
"PhotoLine_is1" = PhotoLine 15.5.0.0
"PremElem40" = Adobe Premiere Elements 4.0
"PremElem40Templates" = Adobe Premiere Elements 4.0 Templates
"RealPlayer 15.0" = RealPlayer
"SetupMyPC" = SetupMyPC
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamViewer 5" = TeamViewer 5
"Uninstall_is1" = Uninstall 1.0.0.1
"Updator" = Updator
"Veoh Web Player Beta" = Veoh Web Player
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.01 (32-Bit)
"Xvid_is1" = Xvid 1.2.2 final uninstall
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"BitTorrent DNA" = DNA
"TeamSpeak 3 Client" = TeamSpeak 3 Client
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 06.11.2012 02:27:46 | Computer Name = tdung-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\wksss.exe".
Die
abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 06.11.2012 02:27:46 | Computer Name = tdung-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksWP.exe".
Die
abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 09.11.2012 20:35:15 | Computer Name = tdung-PC | Source = WinMgmt | ID = 10
Description =
Error - 09.11.2012 20:53:47 | Computer Name = tdung-PC | Source = WinMgmt | ID = 10
Description =
Error - 16.11.2012 12:43:49 | Computer Name = tdung-PC | Source = WinMgmt | ID = 10
Description =
Error - 16.11.2012 12:45:48 | Computer Name = tdung-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\wksdb.exe".
Die
abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 16.11.2012 12:45:48 | Computer Name = tdung-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksCal.exe".
Die
abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 16.11.2012 12:45:49 | Computer Name = tdung-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\wksss.exe".
Die
abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 16.11.2012 12:45:50 | Computer Name = tdung-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksWP.exe".
Die
abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 16.11.2012 12:54:38 | Computer Name = tdung-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung SetCDF8.tmp, Version 9.0.0.333, Zeitstempel
0x3f55989c, fehlerhaftes Modul SetCDF8.tmp, Version 9.0.0.333, Zeitstempel 0x3f55989c,
Ausnahmecode 0xc0000005, Fehleroffset 0x00007d69, Prozess-ID 0xf1c, Anwendungsstartzeit
01cdc41b1034df52.
[ OSession Events ]
Error - 11.11.2010 02:43:37 | Computer Name = tdung-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 12
seconds with 0 seconds of active time. This session ended with a crash.
Error - 13.12.2011 01:08:44 | Computer Name = tdung-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4
seconds with 0 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 13.10.2009 08:17:12 | Computer Name = tdung-PC | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.1.101 für die Netzwerkkarte mit der Netzwerkadresse
0022FA20BF6E wurde durch den DHCP-Server 192.168.1.1 abgelehnt (der DHCP-Server
hat eine DHCPNACK-Meldung gesendet).
Error - 13.10.2009 11:41:43 | Computer Name = tdung-PC | Source = HTTP | ID = 15016
Description =
Error - 13.10.2009 11:42:34 | Computer Name = tdung-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 13.10.2009 14:25:15 | Computer Name = tdung-PC | Source = iaStor | ID = 262153
Description = Das Gerät \Device\Ide\iaStor0 hat innerhalb der Fehlerwartezeit nicht
geantwortet.
Error - 13.10.2009 15:14:05 | Computer Name = tdung-PC | Source = HTTP | ID = 15016
Description =
Error - 13.10.2009 15:15:00 | Computer Name = tdung-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 14.10.2009 01:17:42 | Computer Name = tdung-PC | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.1.101 für die Netzwerkkarte mit der Netzwerkadresse
0022FA20BF6E wurde durch den DHCP-Server 192.168.1.1 abgelehnt (der DHCP-Server
hat eine DHCPNACK-Meldung gesendet).
Error - 14.10.2009 10:32:17 | Computer Name = tdung-PC | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.1.101 für die Netzwerkkarte mit der Netzwerkadresse
0022FA20BF6E wurde durch den DHCP-Server 192.168.1.1 abgelehnt (der DHCP-Server
hat eine DHCPNACK-Meldung gesendet).
Error - 14.10.2009 11:55:49 | Computer Name = tdung-PC | Source = HTTP | ID = 15016
Description =
Error - 14.10.2009 11:57:27 | Computer Name = tdung-PC | Source = Service Control Manager | ID = 7000
Description =
< End of report >
Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 18:10:39, on 16.11.2012 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v9.00 (9.00.8112.16450) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent.exe C:\Windows\System32\rundll32.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe C:\Program Files\DivX\DivX Update\DivXUpdate.exe C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filtering.exe C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe C:\Program Files\Real\RealPlayer\Update\realsched.exe C:\Program Files\Packard Bell\SetupMyPC\SmpSys.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Users\t.dung\AppData\Local\Akamai\netsession_win.exe C:\Program Files\Packard Bell\Packard Bell PowerSave Solution\ePowerTray.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\ehome\ehmsas.exe C:\Users\t.dung\AppData\Local\Akamai\netsession_win.exe C:\Windows\system32\wuauclt.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\Explorer.exe C:\Users\t.dung\Documents\Downloads\HiJackThis204.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&s=2&o=vp32&d=0609&m=easynote_tj66 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&s=2&o=vp32&d=0609&m=easynote_tj66 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&s=2&o=vp32&d=0609&m=easynote_tj66 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local> R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: (no name) - - (no file) O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Panda Security Toolbar - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Panda Security Toolbar - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [cAudioFilterAgent] C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [VideoWebCamera] "C:\Program Files\VideoWebCamera\VideoWebCamera.exe" -a O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe O4 - HKLM\..\Run: [BackupManagerTray] "C:\Program Files\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe" -k O4 - HKLM\..\Run: [RemoteControl8] "c:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe" O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "c:\Program Files\CyberLink\PowerDVD8\Language\Language.exe" O4 - HKLM\..\Run: [Acer ePower Management] C:\Program Files\Packard Bell\Packard Bell PowerSave Solution\ePowerTrayLauncher.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [FILSHtray] "C:\Program Files\FILSHtray\FILSHtray.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW O4 - HKLM\..\Run: [LELA] "C:\Program Files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe" /minimized O4 - HKLM\..\Run: [Panda Security URL Filtering] "C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filtering.exe" O4 - HKLM\..\Run: [PSUAMain] "C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe" /LaunchSysTray O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start O4 - HKLM\..\Run: [TkBellExe] "c:\program files\real\realplayer\Update\realsched.exe" -osboot O4 - HKCU\..\Run: [SmpcSys] C:\Program Files\Packard Bell\SetupMyPC\SmpSys.exe O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\t.dung\AppData\Local\Akamai\netsession_win.exe" O4 - HKUS\S-1-5-18\..\RunOnce: [panda2_0dn] reg.exe delete "HKCU\Software\AppDataLow\Software\panda2_0dn" /f (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [panda2_0dn_XP] reg.exe delete "HKCU\Software\panda2_0dn" /f (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [panda2_0dn] reg.exe delete "HKCU\Software\AppDataLow\Software\panda2_0dn" /f (User 'Default user') O8 - Extra context menu item: Free YouTube Download - C:\Users\t.dung\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Avira Planer (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira Echtzeit Scanner (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Packard Bell\Packard Bell PowerSave Solution\ePowerSvc.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Veoh Giraffic Video Accelerator (Giraffic) - Unknown owner - C:\Program Files\Giraffic\Veoh_GirafficWatchdog.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-Dienst (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: Panda Cloud Antivirus Service (NanoServiceMain) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\Common Files\NMSAccessU.exe O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing) O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe O23 - Service: Panda Product Service (PSUAService) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAService.exe O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe O23 - Service: @C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe -- End of file - 12964 bytes Geändert von Pheles (16.11.2012 um 22:08 Uhr) |
|
19.11.2012, 08:16
| #2 |
| /// the machine /// TB-Ausbilder    | Umleitung auf falsche Seiten bei Google-Suchergebnissen Hi,
__________________Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.
__________________ |
|
20.11.2012, 18:48
| #3 |
| | Umleitung auf falsche Seiten bei Google-Suchergebnissen Vielen Dank für die Anwort und für die Hilfe ^^
__________________da ist ein problem, bei mir startet aswMBR nicht : ( |
|
21.11.2012, 07:10
| #4 | |
| /// the machine /// TB-Ausbilder | Umleitung auf falsche Seiten bei Google-Suchergebnissen Es startet gar nicht? Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!Downloade dir bitte Combofix vom folgenden Downloadspiegel Link 1 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
21.11.2012, 16:28
| #5 |
| | Umleitung auf falsche Seiten bei Google-Suchergebnissen ja, awsMBR.exe öffnete nicht, auch als ich den laptop nochmal hochgefahren hab.. hier ist der Log vom combofix: Code:
ATTFilter ComboFix 12-11-21.01 - t.dung 21.11.2012 14:15:35.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.3066.1533 [GMT 1:00]
ausgeführt von:: c:\users\t.dung\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AV: Panda Cloud Antivirus *Disabled/Updated* {3456760B-FDAA-FFFD-06C2-7BB528D2066C}
FW: Cloud Antivirus Firewall *Disabled* {0C6DF72E-B7C5-FEA5-2D9D-D280D6014117}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Panda Cloud Antivirus *Disabled/Updated* {8F3797EF-DB90-F073-3C72-40C753554CD1}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\00etadpu.pad
c:\users\t.dung\AppData\Roaming\delme.bat
c:\users\t.dung\AppData\Roaming\Dohyw
c:\users\t.dung\AppData\Roaming\Dohyw\uzgiul.fai
c:\users\t.dung\AppData\Roaming\Dohyw\uzgiul.tmp
c:\users\t.dung\AppData\Roaming\Help\coredb\storage
c:\users\t.dung\c915a1053aa83de2667dbb6c36c11c79_0.jpg
c:\windows\system32\2095c688.dll
c:\windows\system32\2b6eb600.dll
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\logs
c:\windows\system32\logs\UIError.txt
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-10-21 bis 2012-11-21 ))))))))))))))))))))))))))))))
.
.
2012-11-21 14:07 . 2012-11-21 14:10 -------- d-----w- c:\users\t.dung\AppData\Local\temp
2012-11-21 14:07 . 2012-11-21 14:07 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-21 12:53 . 2012-11-21 12:53 -------- d-----w- c:\program files\LogMeIn Hamachi
2012-11-20 17:53 . 2012-11-08 18:00 6812136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9B5A2265-E962-4D00-B688-1E6BBFDA93AD}\mpengine.dll
2012-11-16 17:03 . 2012-09-25 16:19 75776 ----a-w- c:\windows\system32\synceng.dll
2012-11-16 17:02 . 2012-10-12 14:29 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-10-24 05:44 . 2011-03-10 16:04 46280 ----a-w- c:\windows\system32\drivers\PSKMAD.sys
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-20 18:37 . 2012-09-05 19:40 6400 ----a-w- c:\programdata\NanoRepository.bin
2012-10-09 18:25 . 2012-04-12 09:00 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-09 18:25 . 2011-06-20 18:49 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-09 18:25 . 2012-09-21 15:25 10220472 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2012-09-29 09:32 . 2009-06-13 13:45 499712 ----a-w- c:\windows\system32\msvcp71.dll
2012-09-13 13:28 . 2012-10-10 08:38 2048 ----a-w- c:\windows\system32\tzres.dll
2012-09-07 13:24 . 2012-09-07 13:24 477168 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-09-07 13:24 . 2010-05-12 16:54 473072 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-29 11:27 . 2012-10-10 08:38 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-08-29 11:27 . 2012-10-10 08:38 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-24 15:53 . 2012-10-10 08:39 172544 ----a-w- c:\windows\system32\wintrust.dll
2007-01-25 01:52 . 2007-01-25 01:52 65536 ----a-w- c:\program files\Common Files\NMSAccessU.exe
2012-09-06 01:26 . 2012-09-07 17:44 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}]
2012-03-15 21:02 86696 ----a-w- c:\program files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}"= "c:\program files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll" [2012-03-15 86696]
.
[HKEY_CLASSES_ROOT\clsid\{b821bf60-5c2d-41eb-92dc-3e4ccd3a22e4}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmpcSys"="c:\program files\Packard Bell\SetupMyPC\SmpSys.exe" [2009-03-18 1160736]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-08-24 68856]
"VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2011-10-26 2816328]
"Akamai NetSession Interface"="c:\users\t.dung\AppData\Local\Akamai\netsession_win.exe" [2012-10-09 4441920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent.exe" [2008-11-06 474168]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-02-10 13605408]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-02-10 92704]
"VideoWebCamera"="c:\program files\VideoWebCamera\VideoWebCamera.exe" [2009-04-02 1552497]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-02-06 1430824]
"LManager"="c:\program files\Launch Manager\LManager.exe" [2009-02-19 866824]
"BackupManagerTray"="c:\program files\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe" [2009-03-09 250624]
"RemoteControl8"="c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2008-10-17 91432]
"PDVD8LanguageShortcut"="c:\program files\CyberLink\PowerDVD8\Language\Language.exe" [2007-12-14 50472]
"Acer ePower Management"="c:\program files\Packard Bell\Packard Bell PowerSave Solution\ePowerTrayLauncher.exe" [2009-04-15 440864]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-12-15 258512]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"Panda Security URL Filtering"="c:\programdata\Panda Security URL Filtering\Panda_URL_Filtering.exe" [2012-03-19 217256]
"PSUAMain"="c:\program files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe" [2012-07-13 37152]
"TkBellExe"="c:\program files\real\realplayer\Update\realsched.exe" [2012-09-29 296096]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-11-19 2254768]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"panda2_0dn"="reg.exe delete HKCU\Software\AppDataLow\Software\panda2_0dn" [X]
"panda2_0dn_XP"="reg.exe delete HKCU\Software\panda2_0dn" [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Pando Media Booster"=c:\program files\Pando Networks\Media Booster\PMB.exe
"BitTorrent DNA"="c:\users\t.dung\Program Files\DNA\btdna.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
Akamai REG_MULTI_SZ Akamai
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Inhalt des "geplante Tasks" Ordners
.
2012-11-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-12 18:25]
.
2012-11-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-07 20:04]
.
2012-11-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-07 20:04]
.
2012-11-16 c:\windows\Tasks\Norton Security Scan for t.dung.job
- c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-10-09 07:48]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
mStart Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&s=2&o=vp32&d=0609&m=easynote_tj66
uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>
IE: Free YouTube Download - c:\users\t.dung\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\t.dung\AppData\Roaming\Mozilla\Firefox\Profiles\ls5c6otl.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2604146&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Panda Safe Search
FF - prefs.js: browser.startup.homepage - google.de
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?rlz=1V2IPYX&ie=utf-8&q=
FF - user.js: yahoo.homepage.dontask - true
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
FF - user.js: extensions.Softonic.rvrtMsg - Click Yes to keep current home page and default search settings, Click No to restore original settings
FF - user.js: extensions.Softonic.autoRvrt - false
FF - user.js: extensions.Softonic_i.newTab - false
FF - user.js: extensions.Softonic.tlbrSrchUrl - hxxp://search.softonic.com/MON00001/tb_v1?SearchSource=1&cc=&q=
FF - user.js: extensions.Softonic.id - 26d83d52000000000000001f16a6d496
FF - user.js: extensions.Softonic.instlDay - 15548
FF - user.js: extensions.Softonic.vrsn - 1.5.21.0
FF - user.js: extensions.Softonic.vrsni - 1.5.21.0
FF - user.js: extensions.Softonic_i.vrsnTs - 1.5.21.09:39
FF - user.js: extensions.Softonic.prtnrId - softonic
FF - user.js: extensions.Softonic.prdct - Softonic
FF - user.js: extensions.Softonic.aflt - orgnl
FF - user.js: extensions.Softonic_i.smplGrp - none
FF - user.js: extensions.Softonic.tlbrId - base
FF - user.js: extensions.Softonic.instlRef - MON00001
FF - user.js: extensions.Softonic.dfltLng -
FF - user.js: extensions.Softonic.excTlbr - false
FF - user.js: extensions.Softonic.admin - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-FILSHtray - c:\program files\FILSHtray\FILSHtray.exe
HKLM-Run-LELA - c:\program files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-11-21 15:09
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Akamai]
"ServiceDll"="c:\program files\common files\akamai/netsession_win_ce5ba24.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2012-11-21 15:27:32
ComboFix-quarantined-files.txt 2012-11-21 14:27
.
Vor Suchlauf: 23 Verzeichnis(se), 134.553.513.984 Bytes frei
Nach Suchlauf: 26 Verzeichnis(se), 138.108.825.600 Bytes frei
.
- - End Of File - - 63F2CD3C1F00B2B88A2FCBBF24F1FB69
|
|
21.11.2012, 16:44
| #6 | |
| /// the machine /// TB-Ausbilder | Umleitung auf falsche Seiten bei Google-SuchergebnissenZitat:
__________________ --> Umleitung auf falsche Seiten bei Google-Suchergebnissen |
|
21.11.2012, 16:55
| #7 |
| | Umleitung auf falsche Seiten bei Google-Suchergebnissen was ist nochmal ein proxy ? ich weiß jetzt grad nichts davon ö ö |
|
21.11.2012, 17:02
| #8 |
| /// the machine /// TB-Ausbilder | Umleitung auf falsche Seiten bei Google-Suchergebnissen Dacht ich mir  Combofix-Skript
ESET Online Scanner
Und ein frisches OTL log bitte. Wie läuft der Rechner?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
22.11.2012, 22:25
| #9 |
| | Umleitung auf falsche Seiten bei Google-Suchergebnissen Mein Rechner läuft wie vorher, er ist immer noch langsam :/ Das Umleitungsproblem besteht immer noch.. Aber OTL brachte nur ein Log raus. : Code:
ATTFilter OTL logfile created on: 22.11.2012 21:59:59 - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\t.dung\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,99 Gb Total Physical Memory | 1,47 Gb Available Physical Memory | 48,98% Memory free 6,19 Gb Paging File | 4,81 Gb Available in Paging File | 77,64% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 288,32 Gb Total Space | 121,12 Gb Free Space | 42,01% Space Free | Partition Type: NTFS Drive E: | 1,89 Gb Total Space | 1,77 Gb Free Space | 93,88% Space Free | Partition Type: FAT32 Computer Name: TDUNG-PC | User Name: t.dung | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\t.dung\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.) PRC - C:\Users\t.dung\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.) PRC - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation) PRC - C:\Programme\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.) PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Programme\Panda Security\Panda Cloud Antivirus\PSUAMain.exe (Panda Security, S.L.) PRC - C:\Programme\Panda Security\Panda Cloud Antivirus\PSUAService.exe (Panda Security, S.L.) PRC - C:\Programme\Panda Security\Panda Cloud Antivirus\PSANHost.exe (Panda Security, S.L.) PRC - C:\Programme\Giraffic\Veoh_GirafficWatchdog.exe (Giraffic) PRC - C:\Programme\Giraffic\Veoh_Giraffic.exe (Giraffic) PRC - C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filtering.exe (Panda Security) PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe () PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) PRC - C:\Programme\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH) PRC - C:\Programme\Packard Bell\Packard Bell PowerSave Solution\ePowerTray.exe (Acer Incorporated) PRC - C:\Programme\Packard Bell\Packard Bell PowerSave Solution\ePowerSvc.exe (Acer Incorporated) PRC - C:\Programme\Packard Bell\Packard Bell PowerSave Solution\ePowerEvent.exe (Acer Incorporated) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Windows\System32\conime.exe (Microsoft Corporation) PRC - C:\Programme\Packard Bell\SetupMyPC\SmpSys.exe (Acer Incorporated) PRC - C:\Programme\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe (NewTech Infosystems, Inc.) PRC - C:\Programme\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe (NewTech Infosystems, Inc.) PRC - C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.) PRC - C:\Programme\CONEXANT\cAudioFilterAgent\cAudioFilterAgent.exe (Conexant Systems, Inc.) PRC - C:\Programme\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.) PRC - C:\Programme\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe () PRC - C:\Programme\Common Files\NMSAccessU.exe () ========== Modules (No Company Name) ========== MOD - C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll () MOD - C:\Programme\DivX\DivX Update\DivXUpdate.exe () MOD - C:\Programme\WinRAR\RarExt.dll () MOD - C:\Programme\NewTech Infosystems\Packard Bell MyBackup\sqlite3.dll () MOD - C:\Programme\Launch Manager\PowerUtl.dll () ========== Services (SafeList) ========== SRV - (Hamachi2Svc) -- C:\Programme\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.) SRV - (Akamai) -- c:\program files\common files\akamai/netsession_win_ce5ba24.dll () SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies) SRV - (PSUAService) -- C:\Programme\Panda Security\Panda Cloud Antivirus\PSUAService.exe (Panda Security, S.L.) SRV - (NanoServiceMain) -- C:\Programme\Panda Security\Panda Cloud Antivirus\PSANHost.exe (Panda Security, S.L.) SRV - (Giraffic) -- C:\Programme\Giraffic\Veoh_GirafficWatchdog.exe (Giraffic) SRV - (fsssvc) -- C:\Programme\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation) SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation) SRV - (wlidsvc) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (TuneUp.Defrag) -- C:\Programme\TuneUp Utilities 2010\TuneUpDefragService.exe (TuneUp Software) SRV - (TeamViewer5) -- C:\Programme\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software) SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation) SRV - (npggsvc) -- C:\Windows\System32\GameMon.des (INCA Internet Co., Ltd.) SRV - (ePowerSvc) -- C:\Programme\Packard Bell\Packard Bell PowerSave Solution\ePowerSvc.exe (Acer Incorporated) SRV - (FLEXnet Licensing Service) -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.) SRV - (NTI IScheduleSvc) -- C:\Programme\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe (NewTech Infosystems, Inc.) SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (AdobeActiveFileMonitor6.0) -- C:\Programme\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe () SRV - (NMSAccessU) -- C:\Programme\Common Files\NMSAccessU.exe () SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (XDva380) -- C:\Windows\system32\XDva380.sys File not found DRV - (XDva375) -- C:\Windows\system32\XDva375.sys File not found DRV - (XDva370) -- C:\Windows\system32\XDva370.sys File not found DRV - (XDva358) -- C:\Windows\system32\XDva358.sys File not found DRV - (XDva354) -- C:\Windows\system32\XDva354.sys File not found DRV - (XDva352) -- C:\Windows\system32\XDva352.sys File not found DRV - (XDva351) -- C:\Windows\system32\XDva351.sys File not found DRV - (XDva349) -- C:\Windows\system32\XDva349.sys File not found DRV - (XDva347) -- C:\Windows\system32\XDva347.sys File not found DRV - (XDva346) -- C:\Windows\system32\XDva346.sys File not found DRV - (XDva343) -- C:\Windows\system32\XDva343.sys File not found DRV - (XDva341) -- C:\Windows\system32\XDva341.sys File not found DRV - (XDva337) -- C:\Windows\system32\XDva337.sys File not found DRV - (XDva332) -- C:\Windows\system32\XDva332.sys File not found DRV - (TuneUpUtilitiesDrv) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys File not found DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found DRV - (NLNdisPT) -- system32\DRIVERS\nlndis.sys File not found DRV - (NLNdisMP) -- system32\DRIVERS\nlndis.sys File not found DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found DRV - (EagleXNt) -- C:\Windows\system32\drivers\EagleXNt.sys File not found DRV - (EagleNT) -- C:\Windows\system32\drivers\EagleNT.sys File not found DRV - (catchme) -- C:\Users\TDADB~1.DUN\AppData\Local\Temp\catchme.sys File not found DRV - (PSINProt) -- C:\Windows\System32\drivers\PSINProt.sys (Panda Security, S.L.) DRV - (PSINKNC) -- C:\Windows\System32\drivers\PSINKNC.sys (Panda Security, S.L.) DRV - (PSINProc) -- C:\Windows\System32\drivers\PSINProc.sys (Panda Security, S.L.) DRV - (PSINFile) -- C:\Windows\System32\drivers\PSINFile.sys (Panda Security, S.L.) DRV - (PSINAflt) -- C:\Windows\System32\drivers\PSINAflt.sys (Panda Security, S.L.) DRV - (NNSSTRM) -- C:\Windows\System32\drivers\NNSStrm.sys (Panda Security, S.L.) DRV - (NNSTLSC) -- C:\Windows\System32\drivers\NNStlsc.sys (Panda Security, S.L.) DRV - (NNSPROT) -- C:\Windows\System32\drivers\NNSProt.sys (Panda Security, S.L.) DRV - (NNSPRV) -- C:\Windows\System32\drivers\NNSPrv.sys (Panda Security, S.L.) DRV - (NNSSMTP) -- C:\Windows\System32\drivers\NNSSmtp.sys (Panda Security, S.L.) DRV - (NNSPOP3) -- C:\Windows\System32\drivers\NNSPop3.sys (Panda Security, S.L.) DRV - (NNSPIHSW) -- C:\Windows\System32\drivers\NNSPihsw.sys (Panda Security, S.L.) DRV - (NNSIDS) -- C:\Windows\System32\drivers\NNSIds.sys (Panda Security, S.L.) DRV - (NNSPICC) -- C:\Windows\System32\drivers\NNSpicc.sys (Panda Security, S.L.) DRV - (NNSNAHSL) -- C:\Windows\System32\drivers\NNSNAHSL.sys (Panda Security, S.L.) DRV - (NNSHTTP) -- C:\Windows\System32\drivers\NNSHttp.sys (Panda Security, S.L.) DRV - (NNSALPC) -- C:\Windows\System32\drivers\NNSAlpc.sys (Panda Security, S.L.) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH) DRV - (PSKMAD) -- C:\Windows\System32\drivers\PSKMAD.sys (Panda Security) DRV - (ANDModem) -- C:\Windows\System32\drivers\lgandmodem.sys (LG Electronics Inc.) DRV - (AndDiag) -- C:\Windows\System32\drivers\lganddiag.sys (LG Electronics Inc.) DRV - (AndGps) -- C:\Windows\System32\drivers\lgandgps.sys (LG Electronics Inc.) DRV - (Andbus) -- C:\Windows\System32\drivers\lgandbus.sys (LG Electronics Inc.) DRV - (androidusb) -- C:\Windows\System32\drivers\lgandadb.sys (Google Inc) DRV - (taphss) -- C:\Windows\System32\drivers\taphss.sys (AnchorFree Inc) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.) DRV - (CnxtHdAudService) -- C:\Windows\System32\drivers\CHDRT32.sys (Conexant Systems Inc.) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation) DRV - (NETw5v32) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation) DRV - (k57nd60x) -- C:\Windows\System32\drivers\k57nd60x.sys (Broadcom Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&s=2&o=vp32&d=0609&m=easynote_tj66 IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACPW IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2604146 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-4013871444-3156557118-42536487-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKU\S-1-5-21-4013871444-3156557118-42536487-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKU\S-1-5-21-4013871444-3156557118-42536487-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-4013871444-3156557118-42536487-1000\..\URLSearchHook: - No CLSID value found IE - HKU\S-1-5-21-4013871444-3156557118-42536487-1000\..\SearchScopes,DefaultScope = {860F2751-420C-4F95-8B0B-07D986B0125A} IE - HKU\S-1-5-21-4013871444-3156557118-42536487-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?FORM=IEFM1&q={searchTerms}&src={referrer:source?} IE - HKU\S-1-5-21-4013871444-3156557118-42536487-1000\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=BT5&o=15443&src=crm&q={searchTerms}&locale=de_DE IE - HKU\S-1-5-21-4013871444-3156557118-42536487-1000\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = hxxp://www.google.com/search?ie=utf-8&oe=utf-8&rlz=1V4IPYX&q={searchTerms} IE - HKU\S-1-5-21-4013871444-3156557118-42536487-1000\..\SearchScopes\{539C11B5-7A97-4A07-8468-073E6EAAFFB9}: "URL" = hxxp://www.google.de/search?q={searchTerms} IE - HKU\S-1-5-21-4013871444-3156557118-42536487-1000\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd IE - HKU\S-1-5-21-4013871444-3156557118-42536487-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACPW IE - HKU\S-1-5-21-4013871444-3156557118-42536487-1000\..\SearchScopes\{860F2751-420C-4F95-8B0B-07D986B0125A}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ACPW_deDE342DE342 IE - HKU\S-1-5-21-4013871444-3156557118-42536487-1000\..\SearchScopes\{8B63A8D6-BBED-4341-8867-790E5F524C96}: "URL" = hxxp://mystart.hiyo.com/?search={searchTerms}&loc=ie_search IE - HKU\S-1-5-21-4013871444-3156557118-42536487-1000\..\SearchScopes\{9B6103C1-F818-48a8-9683-314055BE6075}: "URL" = hxxp://mystart.hiyo.com/?search={searchTerms}&loc=ie_search IE - HKU\S-1-5-21-4013871444-3156557118-42536487-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2604146 IE - HKU\S-1-5-21-4013871444-3156557118-42536487-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-4013871444-3156557118-42536487-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultthis.engineName: "HotSpot International Customized Web Search" FF - prefs.js..browser.search.selectedEngine: "Panda Safe Search" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "google.de" FF - prefs.js..extensions.enabledAddons: {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}:3.0 FF - prefs.js..extensions.enabledAddons: {45d8ff86-d909-11db-9705-005056c00008}:1.1.0 FF - prefs.js..extensions.enabledItems: {d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}:1.0.0.1 FF - prefs.js..extensions.enabledItems: firefoxhelper@mozilla.org:1.0 FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.5 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.7 FF - prefs.js..extensions.enabledItems: illimitux@illimitux.net:4.0 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: virtualKeyboard@kaspersky.ru:11.0.2.579 FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:11.0.2.579 FF - prefs.js..extensions.enabledItems: KavAntiBanner@Kaspersky.ru:11.0.2.579 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..keyword.URL: "hxxp://www.google.com/search?rlz=1V2IPYX&ie=utf-8&q=" FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "chrome://browser-region/locale/region.properties" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon) FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Users\t.dung\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\virtualKeyboard@kaspersky.ru FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\KavAntiBanner@kaspersky.ru FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\linkfilter@kaspersky.ru FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.09.29 10:32:58 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.04.08 14:41:04 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0153E448-190B-4987-BDE1-F256CADA672F}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.09.29 10:32:58 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.09.29 10:31:44 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.09.29 10:33:22 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}: C:\Users\t.dung\Program Files\DNA [2012.09.07 08:47:25 | 000,000,000 | ---D | M] [2009.08.28 18:46:56 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\t.dung\AppData\Roaming\mozilla\Extensions [2012.05.07 20:01:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\t.dung\AppData\Roaming\mozilla\Firefox\Profiles\ls5c6otl.default\extensions [2012.09.07 08:47:25 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\t.dung\AppData\Roaming\mozilla\Firefox\Profiles\ls5c6otl.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2012.09.07 08:47:25 | 000,000,000 | ---D | M] (Panda Security Toolbar) -- C:\Users\t.dung\AppData\Roaming\mozilla\Firefox\Profiles\ls5c6otl.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} [2012.09.07 08:47:25 | 000,000,000 | ---D | M] (Illimitux) -- C:\Users\t.dung\AppData\Roaming\mozilla\Firefox\Profiles\ls5c6otl.default\extensions\illimitux@illimitux.net [2012.05.07 15:27:09 | 000,060,243 | -H-- | M] () (No name found) -- C:\Users\t.dung\AppData\Roaming\mozilla\firefox\profiles\ls5c6otl.default\extensions\{45d8ff86-d909-11db-9705-005056c00008}.xpi [2010.06.01 13:04:51 | 000,002,252 | -H-- | M] () -- C:\Users\t.dung\AppData\Roaming\mozilla\firefox\profiles\ls5c6otl.default\searchplugins\askcom.xml [2009.11.24 19:31:04 | 000,002,163 | -H-- | M] () -- C:\Users\t.dung\AppData\Roaming\mozilla\firefox\profiles\ls5c6otl.default\searchplugins\bing.xml [2010.04.21 19:07:06 | 000,000,945 | -H-- | M] () -- C:\Users\t.dung\AppData\Roaming\mozilla\firefox\profiles\ls5c6otl.default\searchplugins\conduit.xml [2012.09.01 22:59:47 | 000,000,950 | -H-- | M] () -- C:\Users\t.dung\AppData\Roaming\mozilla\firefox\profiles\ls5c6otl.default\searchplugins\icqplugin-1.xml [2010.12.10 15:16:25 | 000,000,950 | -H-- | M] () -- C:\Users\t.dung\AppData\Roaming\mozilla\firefox\profiles\ls5c6otl.default\searchplugins\icqplugin-10.xml [2010.12.15 15:58:27 | 000,000,950 | -H-- | M] () -- C:\Users\t.dung\AppData\Roaming\mozilla\firefox\profiles\ls5c6otl.default\searchplugins\icqplugin-11.xml [2011.03.03 06:42:50 | 000,000,950 | -H-- | M] () -- C:\Users\t.dung\AppData\Roaming\mozilla\firefox\profiles\ls5c6otl.default\searchplugins\icqplugin-12.xml [2011.03.06 09:23:50 | 000,000,950 | -H-- | M] () -- C:\Users\t.dung\AppData\Roaming\mozilla\firefox\profiles\ls5c6otl.default\searchplugins\icqplugin-13.xml [2011.03.23 20:11:10 | 000,000,950 | -H-- | M] () -- C:\Users\t.dung\AppData\Roaming\mozilla\firefox\profiles\ls5c6otl.default\searchplugins\icqplugin-14.xml [2011.04.30 12:56:47 | 000,000,950 | -H-- | M] () -- C:\Users\t.dung\AppData\Roaming\mozilla\firefox\profiles\ls5c6otl.default\searchplugins\icqplugin-15.xml [2011.06.25 19:43:23 | 000,000,950 | -H-- | M] () -- C:\Users\t.dung\AppData\Roaming\mozilla\firefox\profiles\ls5c6otl.default\searchplugins\icqplugin-16.xml [2011.08.23 16:12:36 | 000,000,950 | -H-- | M] () -- C:\Users\t.dung\AppData\Roaming\mozilla\firefox\profiles\ls5c6otl.default\searchplugins\icqplugin-17.xml [2011.09.06 18:43:46 | 000,000,950 | -H-- | M] () -- C:\Users\t.dung\AppData\Roaming\mozilla\firefox\profiles\ls5c6otl.default\searchplugins\icqplugin-18.xml [2011.09.15 05:14:16 | 000,000,950 | -H-- | M] () -- C:\Users\t.dung\AppData\Roaming\mozilla\firefox\profiles\ls5c6otl.default\searchplugins\icqplugin-19.xml [2009.12.18 18:38:33 | 000,000,950 | -H-- | M] () -- C:\Users\t.dung\AppData\Roaming\mozilla\firefox\profiles\ls5c6otl.default\searchplugins\icqplugin-2.xml [2011.10.29 11:47:36 | 000,000,950 | -H-- | M] () -- C:\Users\t.dung\AppData\Roaming\mozilla\firefox\profiles\ls5c6otl.default\searchplugins\icqplugin-20.xml [2011.12.31 01:52:47 | 000,000,950 | -H-- | M] () -- C:\Users\t.dung\AppData\Roaming\mozilla\firefox\profiles\ls5c6otl.default\searchplugins\icqplugin-21.xml [2011.12.31 10:07:05 | 000,000,950 | -H-- | M] () -- C:\Users\t.dung\AppData\Roaming\mozilla\firefox\profiles\ls5c6otl.default\searchplugins\icqplugin-22.xml [2012.03.13 17:01:04 | 000,000,950 | -H-- | M] () -- C:\Users\t.dung\AppData\Roaming\mozilla\firefox\profiles\ls5c6otl.default\searchplugins\icqplugin-23.xml [2012.03.25 16:15:05 | 000,000,950 | -H-- | M] () -- C:\Users\t.dung\AppData\Roaming\mozilla\firefox\profiles\ls5c6otl.default\searchplugins\icqplugin-24.xml [2010.01.12 14:43:25 | 000,000,950 | -H-- | M] () -- C:\Users\t.dung\AppData\Roaming\mozilla\firefox\profiles\ls5c6otl.default\searchplugins\icqplugin-3.xml [2010.02.19 23:20:00 | 000,000,950 | -H-- | M] () -- C:\Users\t.dung\AppData\Roaming\mozilla\firefox\profiles\ls5c6otl.default\searchplugins\icqplugin-4.xml [2010.04.01 10:20:45 | 000,000,950 | -H-- | M] () -- C:\Users\t.dung\AppData\Roaming\mozilla\firefox\profiles\ls5c6otl.default\searchplugins\icqplugin-5.xml [2010.04.01 12:55:50 | 000,000,950 | -H-- | M] () -- C:\Users\t.dung\AppData\Roaming\mozilla\firefox\profiles\ls5c6otl.default\searchplugins\icqplugin-6.xml [2010.04.01 21:44:26 | 000,000,950 | -H-- | M] () -- C:\Users\t.dung\AppData\Roaming\mozilla\firefox\profiles\ls5c6otl.default\searchplugins\icqplugin-7.xml [2010.08.07 21:56:53 | 000,000,950 | -H-- | M] () -- C:\Users\t.dung\AppData\Roaming\mozilla\firefox\profiles\ls5c6otl.default\searchplugins\icqplugin-8.xml [2010.10.07 19:52:46 | 000,000,950 | -H-- | M] () -- C:\Users\t.dung\AppData\Roaming\mozilla\firefox\profiles\ls5c6otl.default\searchplugins\icqplugin-9.xml [2009.09.17 13:30:04 | 000,000,944 | -H-- | M] () -- C:\Users\t.dung\AppData\Roaming\mozilla\firefox\profiles\ls5c6otl.default\searchplugins\icqplugin.xml [2010.07.11 15:25:35 | 000,002,135 | -H-- | M] () -- C:\Users\t.dung\AppData\Roaming\mozilla\firefox\profiles\ls5c6otl.default\searchplugins\MyStart Search.xml [2009.10.11 18:53:49 | 000,003,915 | -H-- | M] () -- C:\Users\t.dung\AppData\Roaming\mozilla\firefox\profiles\ls5c6otl.default\searchplugins\sweetim.xml [2012.09.07 18:44:47 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2009.10.26 21:22:13 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2012.09.07 14:24:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2009.10.22 16:15:35 | 000,000,000 | ---D | M] (FirefoxHelper) -- C:\Programme\Mozilla Firefox\extensions\firefoxhelper@mozilla.org [2010.12.28 20:10:39 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\Programme\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak [2010.12.28 20:10:25 | 000,000,000 | ---D | M] (Modul zur Link-Untersuchung) -- C:\Programme\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak [2012.09.06 02:26:03 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.09.29 10:32:26 | 000,129,176 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll [2012.09.06 03:07:37 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.09.06 03:07:37 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.09.06 03:07:37 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.09.06 03:07:37 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.01.27 16:11:08 | 000,002,325 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pandasecuritytb.xml [2012.09.06 03:07:37 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.09.06 03:07:37 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2012.11.21 18:33:24 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation) O2 - BHO: (Panda Security Toolbar) - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Programme\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll () O3 - HKLM\..\Toolbar: (Panda Security Toolbar) - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Programme\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll () O4 - HKLM..\Run: [Acer ePower Management] C:\Programme\Packard Bell\Packard Bell PowerSave Solution\ePowerTrayLauncher.exe (Acer Incorporated) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe (NewTech Infosystems, Inc.) O4 - HKLM..\Run: [cAudioFilterAgent] C:\Programme\CONEXANT\cAudioFilterAgent\cAudioFilterAgent.exe (Conexant Systems, Inc.) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [Panda Security URL Filtering] C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filtering.exe (Panda Security) O4 - HKLM..\Run: [PDVD8LanguageShortcut] c:\Program Files\CyberLink\PowerDVD8\Language\Language.exe () O4 - HKLM..\Run: [PSUAMain] C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe (Panda Security, S.L.) O4 - HKLM..\Run: [RemoteControl8] c:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.) O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [VideoWebCamera] C:\Program Files\VideoWebCamera\VideoWebCamera.exe (Suyin) O4 - HKU\S-1-5-21-4013871444-3156557118-42536487-1000..\Run: [Akamai NetSession Interface] C:\Users\t.dung\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.) O4 - HKU\S-1-5-21-4013871444-3156557118-42536487-1000..\Run: [SmpcSys] C:\Programme\Packard Bell\SetupMyPC\SmpSys.exe (Acer Incorporated) O4 - HKU\S-1-5-21-4013871444-3156557118-42536487-1000..\Run: [VeohPlugin] C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (Veoh Networks) O4 - HKU\.DEFAULT..\RunOnce: [panda2_0dn] reg.exe delete "HKCU\Software\AppDataLow\Software\panda2_0dn" /f File not found O4 - HKU\.DEFAULT..\RunOnce: [panda2_0dn_XP] reg.exe delete "HKCU\Software\panda2_0dn" /f File not found O4 - HKU\S-1-5-18..\RunOnce: [panda2_0dn] reg.exe delete "HKCU\Software\AppDataLow\Software\panda2_0dn" /f File not found O4 - HKU\S-1-5-18..\RunOnce: [panda2_0dn_XP] reg.exe delete "HKCU\Software\panda2_0dn" /f File not found O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present O7 - HKU\S-1-5-21-4013871444-3156557118-42536487-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-4013871444-3156557118-42536487-1000\Software\Policies\Microsoft\Internet Explorer\Recovery present O7 - HKU\S-1-5-21-4013871444-3156557118-42536487-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Free YouTube Download - C:\Users\t.dung\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm () O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation) O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O15 - HKU\S-1-5-21-4013871444-3156557118-42536487-1000\..Trusted Domains: fritz.box ([]* in Lokales Intranet) O15 - HKU\S-1-5-21-4013871444-3156557118-42536487-1000\..Trusted Ranges: Range1 ([*] in Lokales Intranet) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35) O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35) O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{848DEB77-6767-4AB8-821C-490AC8438F8F}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{99316BF3-6B18-43A7-A84D-4F0446665C57}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.11.22 21:40:38 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\t.dung\Desktop\OTL.exe [2012.11.22 20:20:36 | 000,000,000 | R--D | C] -- C:\Users\t.dung\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 8 [2012.11.22 06:54:49 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2012.11.21 20:46:21 | 002,322,184 | ---- | C] (ESET) -- C:\Users\t.dung\Desktop\esetsmartinstaller_enu.exe [2012.11.21 18:53:10 | 000,000,000 | ---D | C] -- C:\Windows\temp [2012.11.21 18:53:08 | 000,000,000 | ---D | C] -- C:\Users\t.dung\AppData\Local\temp [2012.11.21 18:52:58 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2012.11.21 17:15:17 | 000,000,000 | ---D | C] -- C:\ComboFix [2012.11.21 17:07:17 | 005,004,435 | R--- | C] (Swearware) -- C:\Users\t.dung\Desktop\ComboFix.exe [2012.11.21 14:05:51 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2012.11.21 14:05:51 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2012.11.21 14:05:51 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2012.11.21 14:02:08 | 000,000,000 | ---D | C] -- C:\Qoobox [2012.11.21 14:00:44 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2012.11.21 13:53:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi [2012.11.21 13:53:48 | 000,000,000 | ---D | C] -- C:\Program Files\LogMeIn Hamachi [2012.11.20 19:18:29 | 000,000,000 | ---D | C] -- C:\Users\t.dung\Desktop\Neuer Ordner (4) [2012.11.20 19:18:13 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\t.dung\Desktop\aswMBR.exe [2012.10.24 06:44:37 | 000,046,280 | ---- | C] (Panda Security) -- C:\Windows\System32\drivers\PSKMAD.sys [2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.11.22 21:40:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\t.dung\Desktop\OTL.exe [2012.11.22 21:28:07 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.11.22 21:25:12 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.11.22 20:26:19 | 000,671,674 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.11.22 20:26:19 | 000,632,364 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.11.22 20:26:19 | 000,144,810 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.11.22 20:26:19 | 000,118,990 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.11.22 20:20:21 | 000,000,438 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics [2012.11.22 20:19:43 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.11.22 20:19:33 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.11.22 20:19:33 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.11.22 20:19:31 | 000,079,942 | ---- | M] () -- C:\ProgramData\nvModes.001 [2012.11.22 20:19:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.11.22 06:48:16 | 414,289,096 | ---- | M] () -- C:\Windows\MEMORY.DMP [2012.11.21 20:46:21 | 002,322,184 | ---- | M] (ESET) -- C:\Users\t.dung\Desktop\esetsmartinstaller_enu.exe [2012.11.21 20:33:20 | 000,000,560 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for t.dung.job [2012.11.21 18:33:24 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2012.11.21 17:07:44 | 005,004,435 | R--- | M] (Swearware) -- C:\Users\t.dung\Desktop\ComboFix.exe [2012.11.21 13:53:49 | 000,000,809 | ---- | M] () -- C:\Users\Public\Desktop\LogMeIn Hamachi.lnk [2012.11.20 19:37:07 | 000,006,400 | ---- | M] () -- C:\ProgramData\NanoRepository.bin [2012.11.20 19:18:50 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\t.dung\Desktop\aswMBR.exe [2012.11.20 18:26:28 | 000,394,120 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.11.16 20:05:41 | 000,302,592 | ---- | M] () -- C:\Users\t.dung\Desktop\wj3feti9.exe [2012.11.16 19:06:23 | 000,000,000 | ---- | M] () -- C:\Users\t.dung\defogger_reenable [2012.11.16 19:05:26 | 000,050,477 | ---- | M] () -- C:\Users\t.dung\Desktop\Defogger.exe [2012.10.26 18:17:06 | 000,006,400 | ---- | M] () -- C:\ProgramData\NanoRepository.bin.bak [2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.11.22 06:48:16 | 414,289,096 | ---- | C] () -- C:\Windows\MEMORY.DMP [2012.11.21 14:05:51 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012.11.21 14:05:51 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012.11.21 14:05:51 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012.11.21 14:05:51 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012.11.21 14:05:51 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012.11.16 20:05:41 | 000,302,592 | ---- | C] () -- C:\Users\t.dung\Desktop\wj3feti9.exe [2012.11.16 19:06:23 | 000,000,000 | ---- | C] () -- C:\Users\t.dung\defogger_reenable [2012.11.16 19:05:26 | 000,050,477 | ---- | C] () -- C:\Users\t.dung\Desktop\Defogger.exe [2012.10.08 19:18:12 | 000,011,872 | ---- | C] () -- C:\Users\t.dung\bewerbungt 1.odt [2012.10.08 17:09:30 | 000,010,261 | ---- | C] () -- C:\Users\t.dung\Lebenslauf.odt [2012.09.21 21:16:15 | 000,005,441 | ---- | C] () -- C:\Users\t.dung\safe_image[3].jpg [2012.09.08 14:31:21 | 000,394,120 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2012.09.05 20:40:24 | 000,006,400 | ---- | C] () -- C:\ProgramData\NanoRepository.bin.bak [2012.09.05 20:40:24 | 000,006,400 | ---- | C] () -- C:\ProgramData\NanoRepository.bin [2012.09.05 19:59:27 | 000,000,176 | ---- | C] () -- C:\ProgramData\-7ADZ5g9QZthTedr [2012.09.05 19:59:26 | 000,000,160 | ---- | C] () -- C:\ProgramData\-7ADZ5g9QZthTed [2012.09.05 19:59:24 | 000,000,368 | ---- | C] () -- C:\ProgramData\7ADZ5g9QZthTed [2012.08.31 01:31:58 | 000,719,644 | ---- | C] () -- C:\Users\t.dung\bio.rtf [2012.08.03 19:21:03 | 000,000,000 | ---- | C] () -- C:\ProgramData\0x0304A000.sfl [2012.07.30 13:44:30 | 000,229,470 | ---- | C] () -- C:\Users\t.dung\beelzebub-3380623.jpg [2012.05.17 22:45:44 | 000,003,089 | ---- | C] () -- C:\Users\t.dung\songs.rtf [2012.05.13 10:42:31 | 000,000,127 | ---- | C] () -- C:\Windows\System32\MRT.INI [2012.05.03 16:46:42 | 000,000,167 | ---- | C] () -- C:\Users\t.dung\fr8tz.rtf [2012.01.28 17:39:14 | 000,000,000 | ---- | C] () -- C:\Users\t.dung\AppData\Local\{2741957C-0A26-4715-A593-AEB61F61C992} [2011.12.31 16:37:46 | 000,000,185 | ---- | C] () -- C:\Users\t.dung\grkushf.rtf [2011.11.15 14:28:38 | 000,224,844 | ---- | C] () -- C:\Users\t.dung\Chemie.odt [2011.09.27 04:37:13 | 000,002,728 | ---- | C] () -- C:\Users\t.dung\.recently-used.xbel [2011.09.26 22:31:21 | 000,018,082 | ---- | C] () -- C:\Users\t.dung\kloster_corin2_01.jpg [2011.09.02 22:54:22 | 000,000,277 | ---- | C] () -- C:\Users\t.dung\Gedanken.rtf [2011.08.29 21:32:52 | 000,000,356 | ---- | C] () -- C:\Users\t.dung\dieser SATZ !!!.rtf [2011.08.26 16:07:30 | 000,000,354 | ---- | C] () -- C:\Users\t.dung\ort in berlin.rtf [2011.08.17 21:27:01 | 000,012,614 | ---- | C] () -- C:\Users\t.dung\scheiß elli, hure.rtf [2011.08.11 22:13:17 | 000,012,499 | ---- | C] () -- C:\Users\t.dung\an.rtf [2011.08.07 11:01:06 | 001,245,491 | ---- | C] () -- C:\Users\t.dung\ydfh bdf.JPG [2011.08.04 12:01:04 | 000,000,624 | ---- | C] () -- C:\Users\t.dung\Ich.rtf [2011.07.26 00:12:28 | 000,036,112 | ---- | C] () -- C:\Users\t.dung\ende mit.rtf [2011.06.10 15:32:01 | 000,001,987 | ---- | C] () -- C:\Users\t.dung\antrag auf rücktritt.rtf [2011.06.09 18:45:04 | 000,002,699 | ---- | C] () -- C:\Users\t.dung\fritzbox einstellungen.rtf [2011.05.05 19:18:01 | 000,066,808 | ---- | C] () -- C:\Users\t.dung\spirited_away_006.jpg [2011.05.05 19:15:49 | 000,230,993 | ---- | C] () -- C:\Users\t.dung\Chihiros Reise ins Zauberland.jpg [2011.04.30 15:20:43 | 000,086,004 | ---- | C] () -- C:\Users\t.dung\parasyte-1169925.jpg [2011.03.11 21:50:40 | 026,128,352 | ---- | C] () -- C:\Users\t.dung\DSCN1910.AVI [2010.11.06 18:57:19 | 000,367,254 | ---- | C] () -- C:\Users\t.dung\AppData\Local\TempBeispiel 5.bmp [2010.11.06 18:55:33 | 000,095,572 | ---- | C] () -- C:\Users\t.dung\AppData\Local\Tempsexy-manga-1-4.jpg [2010.05.28 11:32:48 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat [2010.05.17 07:04:00 | 000,001,332 | ---- | C] () -- C:\Users\t.dung\Aktuelle Wiedergabe1.wpl [2010.02.01 18:04:35 | 000,000,330 | ---- | C] () -- C:\Users\t.dung\gmxnr.rtf [2010.01.27 18:53:01 | 000,118,805 | ---- | C] () -- C:\Users\t.dung\castle-jinmeri sheet.pdf [2010.01.20 07:40:48 | 000,002,741 | ---- | C] () -- C:\Users\t.dung\Aktuelle Wiedergabe.wpl [2010.01.14 07:42:23 | 000,000,438 | ---- | C] () -- C:\Users\t.dung\quellen nihei.rtf [2010.01.13 07:49:28 | 000,002,030 | ---- | C] () -- C:\Users\t.dung\weerke.rtf [2010.01.13 07:49:17 | 000,000,780 | ---- | C] () -- C:\Users\t.dung\nuhei.rtf [2010.01.12 21:01:26 | 000,002,011 | ---- | C] () -- C:\Users\t.dung\tsutomu nihei werke.rtf [2010.01.10 22:53:28 | 000,002,269 | ---- | C] () -- C:\Users\t.dung\tsutomu nihei.rtf [2010.01.06 07:02:16 | 000,002,665 | ---- | C] () -- C:\Users\t.dung\frauen kafka.rtf [2010.01.03 17:40:02 | 000,000,982 | ---- | C] () -- C:\Users\t.dung\elli infos.rtf [2009.12.23 18:09:34 | 000,000,344 | ---- | C] () -- C:\Users\t.dung\flyff dialog XD.rtf [2009.12.14 23:59:18 | 000,008,556 | ---- | C] () -- C:\Users\t.dung\heinrich.rtf [2009.12.13 22:45:10 | 000,000,553 | ---- | C] () -- C:\Users\t.dung\termine.rtf [2009.11.15 20:02:14 | 000,007,123 | -HS- | C] () -- C:\Users\t.dung\Folder.jpg [2009.11.15 20:02:14 | 000,007,123 | -HS- | C] () -- C:\Users\t.dung\AlbumArt_{0FA16295-43E1-48B8-B2D1-EA960B18B30C}_Large.jpg [2009.11.15 20:02:14 | 000,001,982 | -HS- | C] () -- C:\Users\t.dung\AlbumArtSmall.jpg [2009.11.15 20:02:14 | 000,001,982 | -HS- | C] () -- C:\Users\t.dung\AlbumArt_{0FA16295-43E1-48B8-B2D1-EA960B18B30C}_Small.jpg [2009.10.28 23:48:34 | 000,247,431 | ---- | C] () -- C:\Users\t.dung\Unbenannt merry.wma [2009.10.26 20:56:36 | 006,262,762 | ---- | C] () -- C:\Users\t.dung\05-polysics-kaja_kaja_goo.mp3 [2009.10.04 08:45:08 | 000,000,552 | ---- | C] () -- C:\Users\t.dung\AppData\Local\d3d8caps.dat [2009.09.10 14:27:29 | 000,001,356 | ---- | C] () -- C:\Users\t.dung\AppData\Local\d3d9caps.dat [2009.09.07 13:58:15 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2009.08.30 15:34:22 | 1029,197,824 | ---- | C] () -- C:\Users\t.dung\VTS_03_1.VOB [2009.08.30 15:34:21 | 000,001,980 | ---- | C] () -- C:\Users\t.dung\Visubands.rtf [2009.08.30 15:34:19 | 000,000,496 | ---- | C] () -- C:\Users\t.dung\musicliste.rtf [2009.08.24 21:22:46 | 000,130,560 | ---- | C] () -- C:\Users\t.dung\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.06.13 14:29:50 | 000,079,942 | ---- | C] () -- C:\ProgramData\nvModes.001 [2009.06.13 14:29:44 | 000,079,942 | ---- | C] () -- C:\ProgramData\nvModes.dat [2007.01.25 02:52:26 | 000,065,536 | ---- | C] () -- C:\Program Files\Common Files\NMSAccessU.exe ========== ZeroAccess Check ========== [2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2011.06.23 16:22:59 | 000,000,000 | ---D | M] -- C:\Users\t.dung\AppData\Roaming\.minecraft [2010.03.29 17:49:37 | 000,000,000 | -H-D | M] -- C:\Users\t.dung\AppData\Roaming\Any Video Converter [2012.11.16 17:50:09 | 000,000,000 | -H-D | M] -- C:\Users\t.dung\AppData\Roaming\BitTorrent [2012.09.07 08:47:24 | 000,000,000 | ---D | M] -- C:\Users\t.dung\AppData\Roaming\DNA [2011.02.07 20:24:16 | 000,000,000 | ---D | M] -- C:\Users\t.dung\AppData\Roaming\Downloaded Installations [2010.10.18 15:55:06 | 000,000,000 | -H-D | M] -- C:\Users\t.dung\AppData\Roaming\DVDVideoSoftIEHelpers [2010.07.20 21:23:06 | 000,000,000 | -H-D | M] -- C:\Users\t.dung\AppData\Roaming\FOG Downloader [2012.09.07 08:47:24 | 000,000,000 | ---D | M] -- C:\Users\t.dung\AppData\Roaming\GetRightToGo [2012.09.07 08:47:24 | 000,000,000 | ---D | M] -- C:\Users\t.dung\AppData\Roaming\gtk-2.0 [2010.12.30 21:22:19 | 000,000,000 | -H-D | M] -- C:\Users\t.dung\AppData\Roaming\ICQ [2009.09.17 14:03:28 | 000,000,000 | ---D | M] -- C:\Users\t.dung\AppData\Roaming\MAGIX [2010.10.30 11:25:34 | 000,000,000 | -H-D | M] -- C:\Users\t.dung\AppData\Roaming\MyVideoDownloader [2009.09.18 05:33:30 | 000,000,000 | ---D | M] -- C:\Users\t.dung\AppData\Roaming\OpenOffice.org [2010.08.08 17:17:01 | 000,000,000 | ---D | M] -- C:\Users\t.dung\AppData\Roaming\Opera [2009.08.24 18:54:26 | 000,000,000 | -H-D | M] -- C:\Users\t.dung\AppData\Roaming\Packard Bell [2012.04.20 21:17:52 | 000,000,000 | ---D | M] -- C:\Users\t.dung\AppData\Roaming\Panda Security [2010.07.15 20:09:54 | 000,000,000 | -H-D | M] -- C:\Users\t.dung\AppData\Roaming\PhotoLine [2012.05.09 11:56:07 | 000,000,000 | ---D | M] -- C:\Users\t.dung\AppData\Roaming\TeamViewer [2012.09.07 08:47:25 | 000,000,000 | ---D | M] -- C:\Users\t.dung\AppData\Roaming\TS3Client [2010.09.24 19:16:07 | 000,000,000 | ---D | M] -- C:\Users\t.dung\AppData\Roaming\TuneUp Software [2010.08.05 10:39:37 | 000,000,000 | -H-D | M] -- C:\Users\t.dung\AppData\Roaming\Uniblue [2009.08.25 18:32:13 | 000,000,000 | -H-D | M] -- C:\Users\t.dung\AppData\Roaming\YoudaGames [2012.03.06 18:32:53 | 000,000,000 | -H-D | M] -- C:\Users\t.dung\AppData\Roaming\Zobiw ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 64 bytes -> C:\Users\t.dung\VTS_03_1.VOB:TOC.WMV @Alternate Data Stream - 64 bytes -> C:\Users\t.dung\DSCN1910.AVI:TOC.WMV @Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:0651F96C @Alternate Data Stream - 111 bytes -> C:\ProgramData\Temp:F63A059B < End of report > Combofixlog : Code:
ATTFilter ComboFix 12-11-21.01 - t.dung 21.11.2012 17:24:53.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.3066.1478 [GMT 1:00]
ausgeführt von:: c:\users\t.dung\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\t.dung\Desktop\CFScript.txt
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AV: Panda Cloud Antivirus *Disabled/Updated* {3456760B-FDAA-FFFD-06C2-7BB528D2066C}
FW: Cloud Antivirus Firewall *Disabled* {0C6DF72E-B7C5-FEA5-2D9D-D280D6014117}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Panda Cloud Antivirus *Disabled/Updated* {8F3797EF-DB90-F073-3C72-40C753554CD1}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\t.dung\Music\von alwi\30 Seconds To Mars - A Beautiful Lie\_desktop.ini
c:\users\t.dung\Music\von alwi\Die Ärzte\Die Ärzte - Jazz ist anders\_desktop.ini
c:\users\t.dung\Music\von alwi\disturbed\_desktop.ini
c:\users\t.dung\Music\von alwi\Fall Out Boy\_desktop.ini
c:\users\t.dung\Music\von alwi\Fall Out Boy\Fall Out Boy - Folie à Deux\_desktop.ini
c:\users\t.dung\Music\von alwi\Good Charlotte\Good Charlotte - Good Charlotte\_desktop.ini
c:\users\t.dung\Music\von alwi\Good Charlotte\Good Charlotte - Good Morning Revival\_desktop.ini
c:\users\t.dung\Music\von alwi\Good Charlotte\Good Charlotte - The Young & The Hopeless\_desktop.ini
c:\users\t.dung\Music\von alwi\Green Day\Green Day - Dookie\_desktop.ini
c:\users\t.dung\Music\von alwi\Green Day\Green Day - Insomniac\_desktop.ini
c:\users\t.dung\Music\von alwi\Limp Bizkit - Chocolate Starfish & The Hot Dog Flavored Water\_desktop.ini
c:\users\t.dung\Music\von alwi\Papa Roach - Getting Away With Murder\_desktop.ini
c:\users\t.dung\Music\von alwi\Papa Roach - Infest\_desktop.ini
c:\users\t.dung\Music\von alwi\Pretty Odd\_desktop.ini
c:\users\t.dung\Music\von alwi\silverstein1\_desktop.ini
c:\users\t.dung\Music\von alwi\You Me At Six\_desktop.ini
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-10-21 bis 2012-11-21 ))))))))))))))))))))))))))))))
.
.
2012-11-21 17:32 . 2012-11-21 17:34 -------- d-----w- c:\users\t.dung\AppData\Local\temp
2012-11-21 17:32 . 2012-11-21 17:32 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-21 12:53 . 2012-11-21 12:53 -------- d-----w- c:\program files\LogMeIn Hamachi
2012-11-20 17:53 . 2012-11-08 18:00 6812136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9B5A2265-E962-4D00-B688-1E6BBFDA93AD}\mpengine.dll
2012-11-16 17:03 . 2012-09-25 16:19 75776 ----a-w- c:\windows\system32\synceng.dll
2012-11-16 17:02 . 2012-10-12 14:29 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-10-24 05:44 . 2011-03-10 16:04 46280 ----a-w- c:\windows\system32\drivers\PSKMAD.sys
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-20 18:37 . 2012-09-05 19:40 6400 ----a-w- c:\programdata\NanoRepository.bin
2012-10-09 18:25 . 2012-04-12 09:00 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-09 18:25 . 2011-06-20 18:49 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-09 18:25 . 2012-09-21 15:25 10220472 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2012-09-29 09:32 . 2009-06-13 13:45 499712 ----a-w- c:\windows\system32\msvcp71.dll
2012-09-13 13:28 . 2012-10-10 08:38 2048 ----a-w- c:\windows\system32\tzres.dll
2012-09-07 13:24 . 2012-09-07 13:24 477168 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-09-07 13:24 . 2010-05-12 16:54 473072 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-29 11:27 . 2012-10-10 08:38 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-08-29 11:27 . 2012-10-10 08:38 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-24 15:53 . 2012-10-10 08:39 172544 ----a-w- c:\windows\system32\wintrust.dll
2007-01-25 01:52 . 2007-01-25 01:52 65536 ----a-w- c:\program files\Common Files\NMSAccessU.exe
2012-09-06 01:26 . 2012-09-07 17:44 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}]
2012-03-15 21:02 86696 ----a-w- c:\program files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}"= "c:\program files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll" [2012-03-15 86696]
.
[HKEY_CLASSES_ROOT\clsid\{b821bf60-5c2d-41eb-92dc-3e4ccd3a22e4}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmpcSys"="c:\program files\Packard Bell\SetupMyPC\SmpSys.exe" [2009-03-18 1160736]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-08-24 68856]
"VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2011-10-26 2816328]
"Akamai NetSession Interface"="c:\users\t.dung\AppData\Local\Akamai\netsession_win.exe" [2012-10-09 4441920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent.exe" [2008-11-06 474168]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-02-10 13605408]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-02-10 92704]
"VideoWebCamera"="c:\program files\VideoWebCamera\VideoWebCamera.exe" [2009-04-02 1552497]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-02-06 1430824]
"LManager"="c:\program files\Launch Manager\LManager.exe" [2009-02-19 866824]
"BackupManagerTray"="c:\program files\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe" [2009-03-09 250624]
"RemoteControl8"="c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2008-10-17 91432]
"PDVD8LanguageShortcut"="c:\program files\CyberLink\PowerDVD8\Language\Language.exe" [2007-12-14 50472]
"Acer ePower Management"="c:\program files\Packard Bell\Packard Bell PowerSave Solution\ePowerTrayLauncher.exe" [2009-04-15 440864]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-12-15 258512]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"Panda Security URL Filtering"="c:\programdata\Panda Security URL Filtering\Panda_URL_Filtering.exe" [2012-03-19 217256]
"PSUAMain"="c:\program files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe" [2012-07-13 37152]
"TkBellExe"="c:\program files\real\realplayer\Update\realsched.exe" [2012-09-29 296096]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-11-19 2254768]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"panda2_0dn"="reg.exe delete HKCU\Software\AppDataLow\Software\panda2_0dn" [X]
"panda2_0dn_XP"="reg.exe delete HKCU\Software\panda2_0dn" [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Pando Media Booster"=c:\program files\Pando Networks\Media Booster\PMB.exe
"BitTorrent DNA"="c:\users\t.dung\Program Files\DNA\btdna.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
Akamai REG_MULTI_SZ Akamai
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Inhalt des "geplante Tasks" Ordners
.
2012-11-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-12 18:25]
.
2012-11-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-07 20:04]
.
2012-11-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-07 20:04]
.
2012-11-21 c:\windows\Tasks\Norton Security Scan for t.dung.job
- c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-10-09 07:48]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
mStart Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&s=2&o=vp32&d=0609&m=easynote_tj66
IE: Free YouTube Download - c:\users\t.dung\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\t.dung\AppData\Roaming\Mozilla\Firefox\Profiles\ls5c6otl.default\
FF - prefs.js: browser.search.selectedEngine - Panda Safe Search
FF - prefs.js: browser.startup.homepage - google.de
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?rlz=1V2IPYX&ie=utf-8&q=
FF - user.js: yahoo.homepage.dontask - true
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-11-21 18:34
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Akamai]
"ServiceDll"="c:\program files\common files\akamai/netsession_win_ce5ba24.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2012-11-21 18:52:30
ComboFix-quarantined-files.txt 2012-11-21 17:52
ComboFix2.txt 2012-11-21 14:27
.
Vor Suchlauf: 25 Verzeichnis(se), 138.125.357.056 Bytes frei
Nach Suchlauf: 26 Verzeichnis(se), 134.046.121.984 Bytes frei
.
- - End Of File - - D59716CAA9C304955A99D94C9F1A3321
ESET: Code:
ATTFilter ESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internet# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=bb994188c580ac4a8917ae84b2df7569
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-11-22 11:54:39
# local_time=2012-11-22 12:54:39 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1538 16774142 20 0 10150882 10150882 0 0
# compatibility_mode=1792 16777215 100 0 18616808 18616808 0 0
# compatibility_mode=5892 16776574 100 100 133940 191097053 0 0
# compatibility_mode=8192 67108863 100 0 4236 4236 0 0
# scanned=396799
# found=19
# cleaned=0
# scan_time=20954
C:\Program Files\Uniblue\RegistryBooster\Launcher.exe a variant of Win32/RegistryBooster application (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Veoh Networks\VeohWebPlayer\qlps-qlipso-sntb.exe Win32/Toolbar.Zugo application (unable to clean) 00000000000000000000000000000000 I
C:\Users\t.dung\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\5d16e641-4b9e775c a variant of Java/Exploit.CVE-2012-0507.B trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\t.dung\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23\50d1dd7-69012fa6 Java/Exploit.CVE-2012-1723.AU trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\t.dung\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48\2f4c1b0-7a3cecaf a variant of Java/Exploit.Agent.NBQ trojan (unable to clean) 00000000000000000000000000000000 I
G:\System Volume Information\_restore{3F32418A-96C9-4000-B9D3-726449C6BDE6}\RP130\A0031210.dll Win32/Toolbar.MyWebSearch application (unable to clean) 00000000000000000000000000000000 I
G:\System Volume Information\_restore{3F32418A-96C9-4000-B9D3-726449C6BDE6}\RP143\A0036847.exe a variant of Win32/Skintrim.BB trojan (unable to clean) 00000000000000000000000000000000 I
G:\System Volume Information\_restore{3F32418A-96C9-4000-B9D3-726449C6BDE6}\RP143\A0039898.exe probably a variant of Win32/TrojanDownloader.Agent.GFHYNLH trojan (unable to clean) 00000000000000000000000000000000 I
G:\Thuy Dung's Dope?\C\Programme\MSN Messenger\msimg32.dll Win32/Toolbar.MyWebSearch application (unable to clean) 00000000000000000000000000000000 I
G:\Thuy Dung's Dope?\C\Programme\MSN Messenger\riched20.dll Win32/FunWeb application (unable to clean) 00000000000000000000000000000000 I
G:\.Trashes\501\Hung1\Lokale Einstellungen\Temporary Internet Files\Content.IE5\XZ7DE41W\sliderCA5P1PMR.aspx HTML/ScrInject.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
G:\.Trashes\501\Hung1\Lokale Einstellungen\Temporary Internet Files\Content.IE5\XZ7DE41W\slider[11].aspx HTML/ScrInject.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
G:\.Trashes\501\Hung1\Lokale Einstellungen\Temporary Internet Files\Content.IE5\XZ7DE41W\sudoku_games[1].htm HTML/ScrInject.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
G:\.Trashes\501\Hung1\Lokale Einstellungen\Temporary Internet Files\Content.IE5\D5KFW36T\slider[4].aspx HTML/ScrInject.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
G:\.Trashes\501\Hung1\Lokale Einstellungen\Temporary Internet Files\Content.IE5\D5JKIJUT\setup_lib_srl[1].exe probably a variant of Win32/TrojanDownloader.Agent.GFHYNLH trojan (unable to clean) 00000000000000000000000000000000 I
G:\.Trashes\501\Hung1\Lokale Einstellungen\Temporary Internet Files\Content.IE5\3EI44FRC\sliderCA0U6363.aspx HTML/ScrInject.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
G:\.Trashes\501\Hung1\Lokale Einstellungen\Temporary Internet Files\Content.IE5\3EI44FRC\sliderCA9REO54.aspx HTML/ScrInject.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
G:\.Trashes\501\Hung1\Lokale Einstellungen\Temporary Internet Files\Content.IE5\3EI44FRC\slider[11].aspx HTML/ScrInject.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
${Memory} a variant of Win32/Olmasco.AD trojan 00000000000000000000000000000000 I
|
|
23.11.2012, 09:25
| #10 |
| /// the machine /// TB-Ausbilder | Umleitung auf falsche Seiten bei Google-Suchergebnissen Was ist Dein Laufwerk G:? In welchen Browsern besteht das Problem?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
23.11.2012, 13:54
| #11 |
| | Umleitung auf falsche Seiten bei Google-Suchergebnissen das Laufwerk G ist meine externe Festplatte von Toshiba Auf Morzilla Firefox kann ich gar nicht zugreifen, weil das Profil "Firefox" nicht vorhanden ist. Ich hab grad Safari ausprobiert und das hat das gleiche Problem mit der Umleitung wie Internet Explorer. |
|
23.11.2012, 16:03
| #12 |
| /// the machine /// TB-Ausbilder | Umleitung auf falsche Seiten bei Google-Suchergebnissen Lösch mal bitte Combofix vom Desktop und lad es neu, lass es laufen. Poste das Log und ein frisches OTL log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
23.11.2012, 19:26
| #13 |
| | Umleitung auf falsche Seiten bei Google-Suchergebnissen Hier sind die Logs Combofix: Code:
ATTFilter ComboFix 12-11-23.02 - t.dung 23.11.2012 17:32:52.3.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.3066.1464 [GMT 1:00]
ausgeführt von:: c:\users\t.dung\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AV: Panda Cloud Antivirus *Disabled/Updated* {3456760B-FDAA-FFFD-06C2-7BB528D2066C}
FW: Cloud Antivirus Firewall *Disabled* {0C6DF72E-B7C5-FEA5-2D9D-D280D6014117}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Panda Cloud Antivirus *Disabled/Updated* {8F3797EF-DB90-F073-3C72-40C753554CD1}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\drivers\etc\hosts.ics
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-10-23 bis 2012-11-23 ))))))))))))))))))))))))))))))
.
.
2012-11-23 17:23 . 2012-11-23 17:25 -------- d-----w- c:\users\t.dung\AppData\Local\temp
2012-11-23 17:23 . 2012-11-23 17:23 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-23 16:10 . 2012-11-23 16:09 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-11-23 13:16 . 2012-11-20 06:16 96224 ----a-w- c:\program files\Mozilla Firefox\webapprt-stub.exe
2012-11-23 13:16 . 2012-11-20 06:16 157272 ----a-w- c:\program files\Mozilla Firefox\webapp-uninstaller.exe
2012-11-22 05:54 . 2012-11-22 05:54 -------- d-----w- c:\program files\ESET
2012-11-21 12:53 . 2012-11-21 12:53 -------- d-----w- c:\program files\LogMeIn Hamachi
2012-11-20 17:53 . 2012-11-08 18:00 6812136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9B5A2265-E962-4D00-B688-1E6BBFDA93AD}\mpengine.dll
2012-11-16 17:03 . 2012-09-25 16:19 75776 ----a-w- c:\windows\system32\synceng.dll
2012-11-16 17:02 . 2012-10-12 14:29 2047488 ----a-w- c:\windows\system32\win32k.sys
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-23 16:09 . 2012-09-07 13:24 821736 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-11-23 16:09 . 2010-05-12 16:54 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-11-20 18:37 . 2012-09-05 19:40 6400 ----a-w- c:\programdata\NanoRepository.bin
2012-10-09 18:25 . 2012-04-12 09:00 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-09 18:25 . 2011-06-20 18:49 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-09 18:25 . 2012-09-21 15:25 10220472 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2012-09-29 09:32 . 2009-06-13 13:45 499712 ----a-w- c:\windows\system32\msvcp71.dll
2012-09-13 13:28 . 2012-10-10 08:38 2048 ----a-w- c:\windows\system32\tzres.dll
2012-08-29 11:27 . 2012-10-10 08:38 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-08-29 11:27 . 2012-10-10 08:38 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2007-01-25 01:52 . 2007-01-25 01:52 65536 ----a-w- c:\program files\Common Files\NMSAccessU.exe
2012-11-20 06:17 . 2012-09-07 17:44 262112 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}]
2012-03-15 21:02 86696 ----a-w- c:\program files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}"= "c:\program files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll" [2012-03-15 86696]
.
[HKEY_CLASSES_ROOT\clsid\{b821bf60-5c2d-41eb-92dc-3e4ccd3a22e4}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmpcSys"="c:\program files\Packard Bell\SetupMyPC\SmpSys.exe" [2009-03-18 1160736]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-08-24 68856]
"VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2011-10-26 2816328]
"Akamai NetSession Interface"="c:\users\t.dung\AppData\Local\Akamai\netsession_win.exe" [2012-10-09 4441920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent.exe" [2008-11-06 474168]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-02-10 13605408]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-02-10 92704]
"VideoWebCamera"="c:\program files\VideoWebCamera\VideoWebCamera.exe" [2009-04-02 1552497]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-02-06 1430824]
"LManager"="c:\program files\Launch Manager\LManager.exe" [2009-02-19 866824]
"BackupManagerTray"="c:\program files\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe" [2009-03-09 250624]
"RemoteControl8"="c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2008-10-17 91432]
"PDVD8LanguageShortcut"="c:\program files\CyberLink\PowerDVD8\Language\Language.exe" [2007-12-14 50472]
"Acer ePower Management"="c:\program files\Packard Bell\Packard Bell PowerSave Solution\ePowerTrayLauncher.exe" [2009-04-15 440864]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-12-15 258512]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"Panda Security URL Filtering"="c:\programdata\Panda Security URL Filtering\Panda_URL_Filtering.exe" [2012-03-19 217256]
"PSUAMain"="c:\program files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe" [2012-07-13 37152]
"TkBellExe"="c:\program files\real\realplayer\Update\realsched.exe" [2012-09-29 296096]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-11-19 2254768]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"panda2_0dn"="reg.exe delete HKCU\Software\AppDataLow\Software\panda2_0dn" [X]
"panda2_0dn_XP"="reg.exe delete HKCU\Software\panda2_0dn" [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Pando Media Booster"=c:\program files\Pando Networks\Media Booster\PMB.exe
"BitTorrent DNA"="c:\users\t.dung\Program Files\DNA\btdna.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
Akamai REG_MULTI_SZ Akamai
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Inhalt des "geplante Tasks" Ordners
.
2012-11-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-12 18:25]
.
2012-11-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-07 20:04]
.
2012-11-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-07 20:04]
.
2012-11-21 c:\windows\Tasks\Norton Security Scan for t.dung.job
- c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-10-09 07:48]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
mStart Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&s=2&o=vp32&d=0609&m=easynote_tj66
uInternet Settings,ProxyOverride = <local>
IE: Free YouTube Download - c:\users\t.dung\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\t.dung\AppData\Roaming\Mozilla\Firefox\Profiles\ls5c6otl.default\
FF - prefs.js: browser.search.selectedEngine - Panda Safe Search
FF - prefs.js: browser.startup.homepage - google.de
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?rlz=1V2IPYX&ie=utf-8&q=
FF - ExtSQL: 2012-09-29 11:32; {0153E448-190B-4987-BDE1-F256CADA672F}; c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - ExtSQL: !HIDDEN! 2009-08-27 09:20; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - user.js: yahoo.homepage.dontask - true
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-11-23 18:25
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Akamai]
"ServiceDll"="c:\program files\common files\akamai/netsession_win_ce5ba24.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2012-11-23 18:41:55
ComboFix-quarantined-files.txt 2012-11-23 17:41
ComboFix2.txt 2012-11-21 14:27
.
Vor Suchlauf: 25 Verzeichnis(se), 131.426.381.824 Bytes frei
Nach Suchlauf: 27 Verzeichnis(se), 130.190.651.392 Bytes frei
.
- - End Of File - - B689FFF5E18DC6BC4B5A9C8FED0CC82E
Code:
ATTFilter OTL logfile created on: 23.11.2012 18:48:11 - Run 4 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\t.dung\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,99 Gb Total Physical Memory | 1,28 Gb Available Physical Memory | 42,70% Memory free 6,20 Gb Paging File | 4,58 Gb Available in Paging File | 73,95% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 288,32 Gb Total Space | 121,27 Gb Free Space | 42,06% Space Free | Partition Type: NTFS Computer Name: TDUNG-PC | User Name: t.dung | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.11.22 21:40:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\t.dung\Desktop\OTL.exe PRC - [2012.11.19 21:48:14 | 001,435,568 | ---- | M] (LogMeIn Inc.) -- C:\Programme\LogMeIn Hamachi\hamachi-2.exe PRC - [2012.09.29 10:32:12 | 000,296,096 | ---- | M] (RealNetworks, Inc.) -- C:\Programme\Real\RealPlayer\Update\realsched.exe PRC - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.07.13 06:15:56 | 000,037,152 | ---- | M] (Panda Security, S.L.) -- C:\Programme\Panda Security\Panda Cloud Antivirus\PSUAMain.exe PRC - [2012.07.13 06:15:56 | 000,036,640 | ---- | M] (Panda Security, S.L.) -- C:\Programme\Panda Security\Panda Cloud Antivirus\PSUAService.exe PRC - [2012.07.13 05:57:41 | 000,140,064 | ---- | M] (Panda Security, S.L.) -- C:\Programme\Panda Security\Panda Cloud Antivirus\PSANHost.exe PRC - [2012.07.02 16:25:14 | 002,232,504 | ---- | M] (Giraffic) -- C:\Programme\Giraffic\Veoh_GirafficWatchdog.exe PRC - [2012.07.02 16:24:54 | 003,790,504 | ---- | M] (Giraffic) -- C:\Programme\Giraffic\Veoh_Giraffic.exe PRC - [2011.07.29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe PRC - [2011.03.28 19:31:16 | 000,193,920 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE PRC - [2011.03.28 19:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE PRC - [2010.10.06 12:39:27 | 002,002,728 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version5\TeamViewer_Service.exe PRC - [2009.04.15 15:18:00 | 000,707,104 | ---- | M] (Acer Incorporated) -- C:\Programme\Packard Bell\Packard Bell PowerSave Solution\ePowerTray.exe PRC - [2009.04.15 15:17:58 | 000,703,008 | ---- | M] (Acer Incorporated) -- C:\Programme\Packard Bell\Packard Bell PowerSave Solution\ePowerSvc.exe PRC - [2009.04.15 15:17:56 | 000,453,152 | ---- | M] (Acer Incorporated) -- C:\Programme\Packard Bell\Packard Bell PowerSave Solution\ePowerEvent.exe PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.04.11 07:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe PRC - [2009.03.18 09:46:30 | 001,160,736 | ---- | M] (Acer Incorporated) -- C:\Programme\Packard Bell\SetupMyPC\SmpSys.exe PRC - [2009.03.09 23:53:08 | 000,250,624 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Programme\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe PRC - [2009.03.09 23:53:02 | 000,044,800 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Programme\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe PRC - [2009.02.19 04:42:50 | 000,866,824 | ---- | M] (Dritek System Inc.) -- C:\Programme\Launch Manager\LManager.exe PRC - [2008.11.06 04:53:58 | 000,474,168 | ---- | M] (Conexant Systems, Inc.) -- C:\Programme\CONEXANT\cAudioFilterAgent\cAudioFilterAgent.exe PRC - [2008.10.17 09:44:58 | 000,091,432 | ---- | M] (CyberLink Corp.) -- C:\Programme\CyberLink\PowerDVD8\PDVD8Serv.exe PRC - [2007.09.11 00:45:04 | 000,124,832 | ---- | M] () -- C:\Programme\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe ========== Modules (No Company Name) ========== MOD - [2011.07.29 00:09:42 | 000,096,112 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll MOD - [2011.07.29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe MOD - [2009.02.01 21:28:14 | 000,460,199 | ---- | M] () -- C:\Programme\NewTech Infosystems\Packard Bell MyBackup\sqlite3.dll MOD - [2003.06.07 22:30:08 | 000,057,344 | ---- | M] () -- C:\Programme\Launch Manager\PowerUtl.dll ========== Services (SafeList) ========== SRV - [2012.11.20 07:16:13 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.11.19 21:48:14 | 001,435,568 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Programme\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc) SRV - [2012.11.16 18:47:41 | 004,539,712 | ---- | M] () [Auto | Running] -- c:\program files\common files\akamai/netsession_win_ce5ba24.dll -- (Akamai) SRV - [2012.10.09 19:25:53 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.07.13 06:15:56 | 000,036,640 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Programme\Panda Security\Panda Cloud Antivirus\PSUAService.exe -- (PSUAService) SRV - [2012.07.13 05:57:41 | 000,140,064 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Programme\Panda Security\Panda Cloud Antivirus\PSANHost.exe -- (NanoServiceMain) SRV - [2012.07.02 16:25:14 | 002,232,504 | ---- | M] (Giraffic) [Auto | Running] -- C:\Programme\Giraffic\Veoh_GirafficWatchdog.exe -- (Giraffic) SRV - [2012.03.08 17:32:24 | 001,492,840 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Live\Family Safety\fsssvc.exe -- (fsssvc) SRV - [2011.12.15 14:59:48 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011.12.15 14:59:38 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.07.20 05:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2011.03.28 19:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2010.10.18 19:33:23 | 000,435,008 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Programme\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag) SRV - [2010.10.06 12:39:27 | 002,002,728 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Programme\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5) SRV - [2010.09.30 15:58:02 | 000,030,016 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp) SRV - [2010.09.22 15:33:04 | 000,051,040 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV - [2010.01.04 20:55:00 | 003,404,560 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc) SRV - [2009.04.15 15:17:58 | 000,703,008 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Packard Bell\Packard Bell PowerSave Solution\ePowerSvc.exe -- (ePowerSvc) SRV - [2009.03.25 18:52:50 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2009.03.09 23:53:02 | 000,044,800 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Programme\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe -- (NTI IScheduleSvc) SRV - [2008.01.21 03:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007.09.11 00:45:04 | 000,124,832 | ---- | M] () [Auto | Running] -- C:\Programme\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor6.0) SRV - [2007.01.25 02:52:26 | 000,065,536 | ---- | M] () [Auto | Stopped] -- C:\Programme\Common Files\NMSAccessU.exe -- (NMSAccessU) SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva380.sys -- (XDva380) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva375.sys -- (XDva375) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva370.sys -- (XDva370) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva358.sys -- (XDva358) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva354.sys -- (XDva354) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva352.sys -- (XDva352) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva351.sys -- (XDva351) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva349.sys -- (XDva349) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva347.sys -- (XDva347) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva346.sys -- (XDva346) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva343.sys -- (XDva343) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva341.sys -- (XDva341) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva337.sys -- (XDva337) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva332.sys -- (XDva332) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nlndis.sys -- (NLNdisPT) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nlndis.sys -- (NLNdisMP) DRV - File not found [Kernel | On_Demand | Unknown] -- C:\ComboFix\mbr.sys -- (mbr) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleXNt.sys -- (EagleXNt) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleNT.sys -- (EagleNT) DRV - File not found [Kernel | On_Demand | Running] -- C:\Users\TDADB~1.DUN\AppData\Local\Temp\catchme.sys -- (catchme) DRV - [2012.07.13 06:01:51 | 000,120,872 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\PSINProt.sys -- (PSINProt) DRV - [2012.07.13 06:01:50 | 000,174,632 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\PSINKNC.sys -- (PSINKNC) DRV - [2012.07.13 06:01:50 | 000,114,216 | ---- | M] (Panda Security, S.L.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\PSINProc.sys -- (PSINProc) DRV - [2012.07.13 06:01:16 | 000,103,464 | ---- | M] (Panda Security, S.L.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\PSINFile.sys -- (PSINFile) DRV - [2012.07.13 06:01:15 | 000,148,520 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\PSINAflt.sys -- (PSINAflt) DRV - [2012.07.12 10:18:32 | 000,206,632 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\NNSStrm.sys -- (NNSSTRM) DRV - [2012.06.27 14:51:07 | 000,092,840 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\NNStlsc.sys -- (NNSTLSC) DRV - [2012.06.27 14:51:06 | 000,286,376 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\NNSProt.sys -- (NNSPROT) DRV - [2012.06.27 14:51:06 | 000,153,000 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\NNSPrv.sys -- (NNSPRV) DRV - [2012.06.27 14:51:06 | 000,106,536 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\NNSSmtp.sys -- (NNSSMTP) DRV - [2012.06.27 14:51:05 | 000,104,104 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\NNSPop3.sys -- (NNSPOP3) DRV - [2012.06.27 14:51:05 | 000,060,968 | ---- | M] (Panda Security, S.L.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\NNSPihsw.sys -- (NNSPIHSW) DRV - [2012.06.27 14:51:04 | 000,122,664 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\NNSIds.sys -- (NNSIDS) DRV - [2012.06.27 14:51:04 | 000,093,992 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\NNSpicc.sys -- (NNSPICC) DRV - [2012.06.27 14:51:04 | 000,028,712 | ---- | M] (Panda Security, S.L.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\NNSNAHSL.sys -- (NNSNAHSL) DRV - [2012.06.27 14:51:03 | 000,120,744 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\NNSHttp.sys -- (NNSHTTP) DRV - [2012.06.27 14:51:03 | 000,082,472 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\NNSAlpc.sys -- (NNSALPC) DRV - [2012.02.15 21:51:18 | 000,137,416 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2011.12.15 15:00:00 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2011.12.15 15:00:00 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2011.03.10 17:04:57 | 000,046,280 | ---- | M] (Panda Security) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PSKMAD.sys -- (PSKMAD) DRV - [2010.12.07 13:23:00 | 000,025,088 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgandmodem.sys -- (ANDModem) DRV - [2010.12.07 13:23:00 | 000,020,736 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lganddiag.sys -- (AndDiag) DRV - [2010.12.07 13:23:00 | 000,020,096 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgandgps.sys -- (AndGps) DRV - [2010.12.07 13:22:58 | 000,014,336 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgandbus.sys -- (Andbus) DRV - [2010.08.02 15:19:22 | 000,025,728 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgandadb.sys -- (androidusb) DRV - [2010.06.23 03:47:58 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\taphss.sys -- (taphss) DRV - [2010.06.17 14:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.03.18 16:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi) DRV - [2009.03.17 19:28:50 | 000,452,096 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService) DRV - [2009.02.10 14:01:00 | 007,545,120 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2009.01.22 23:43:54 | 000,052,768 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA) DRV - [2008.12.29 18:51:14 | 003,715,072 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) DRV - [2008.09.04 05:12:56 | 000,223,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\k57nd60x.sys -- (k57nd60x) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&s=2&o=vp32&d=0609&m=easynote_tj66 IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACPW IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2604146 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = {860F2751-420C-4F95-8B0B-07D986B0125A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?FORM=IEFM1&q={searchTerms}&src={referrer:source?} IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=BT5&o=15443&src=crm&q={searchTerms}&locale=de_DE IE - HKCU\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = hxxp://www.google.com/search?ie=utf-8&oe=utf-8&rlz=1V4IPYX&q={searchTerms} IE - HKCU\..\SearchScopes\{539C11B5-7A97-4A07-8468-073E6EAAFFB9}: "URL" = hxxp://www.google.de/search?q={searchTerms} IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACPW IE - HKCU\..\SearchScopes\{860F2751-420C-4F95-8B0B-07D986B0125A}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ACPW_deDE342DE342 IE - HKCU\..\SearchScopes\{8B63A8D6-BBED-4341-8867-790E5F524C96}: "URL" = hxxp://mystart.hiyo.com/?search={searchTerms}&loc=ie_search IE - HKCU\..\SearchScopes\{9B6103C1-F818-48a8-9683-314055BE6075}: "URL" = hxxp://mystart.hiyo.com/?search={searchTerms}&loc=ie_search IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2604146 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultthis.engineName: "HotSpot International Customized Web Search" FF - prefs.js..browser.search.selectedEngine: "Panda Safe Search" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "google.de" FF - prefs.js..extensions.enabledAddons: %7B45d8ff86-d909-11db-9705-005056c00008%7D:1.1.0 FF - prefs.js..extensions.enabledAddons: %7BB821BF60-5C2D-41EB-92DC-3E4CCD3A22E4%7D:3.0 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0 FF - prefs.js..extensions.enabledItems: {d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}:1.0.0.1 FF - prefs.js..extensions.enabledItems: firefoxhelper@mozilla.org:1.0 FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.5 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.7 FF - prefs.js..extensions.enabledItems: illimitux@illimitux.net:4.0 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: virtualKeyboard@kaspersky.ru:11.0.2.579 FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:11.0.2.579 FF - prefs.js..extensions.enabledItems: KavAntiBanner@Kaspersky.ru:11.0.2.579 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..keyword.URL: "hxxp://www.google.com/search?rlz=1V2IPYX&ie=utf-8&q=" FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "chrome://browser-region/locale/region.properties" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon) FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Users\t.dung\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\virtualKeyboard@kaspersky.ru FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\KavAntiBanner@kaspersky.ru FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\linkfilter@kaspersky.ru FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.09.29 10:32:58 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.04.08 14:41:04 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0153E448-190B-4987-BDE1-F256CADA672F}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.09.29 10:32:58 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.11.23 14:16:49 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.09.29 10:33:22 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}: C:\Users\t.dung\Program Files\DNA [2012.09.07 08:47:25 | 000,000,000 | ---D | M] [2009.08.28 18:46:56 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\t.dung\AppData\Roaming\mozilla\Extensions [2012.05.07 20:01:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\t.dung\AppData\Roaming\mozilla\Firefox\Profiles\ls5c6otl.default\extensions [2012.09.07 08:47:25 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\t.dung\AppData\Roaming\mozilla\Firefox\Profiles\ls5c6otl.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2012.09.07 08:47:25 | 000,000,000 | ---D | M] (Panda Security Toolbar) -- C:\Users\t.dung\AppData\Roaming\mozilla\Firefox\Profiles\ls5c6otl.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} [2012.09.07 08:47:25 | 000,000,000 | ---D | M] (Illimitux) -- C:\Users\t.dung\AppData\Roaming\mozilla\Firefox\Profiles\ls5c6otl.default\extensions\illimitux@illimitux.net [2012.05.07 15:27:09 | 000,060,243 | -H-- | M] () (No name found) -- C:\Users\t.dung\AppData\Roaming\mozilla\firefox\profiles\ls5c6otl.default\extensions\{45d8ff86-d909-11db-9705-005056c00008}.xpi [2010.06.01 13:04:51 | 000,002,252 | -H-- | M] () -- C:\Users\t.dung\AppData\Roaming\mozilla\firefox\profiles\ls5c6otl.default\searchplugins\askcom.xml [2009.11.24 19:31:04 | 000,002,163 | -H-- | M] () -- C:\Users\t.dung\AppData\Roaming\mozilla\firefox\profiles\ls5c6otl.default\searchplugins\bing.xml [2010.04.21 19:07:06 | 000,000,945 | -H-- | M] () -- C:\Users\t.dung\AppData\Roaming\mozilla\firefox\profiles\ls5c6otl.default\searchplugins\conduit.xml [2012.09.01 22:59:47 | 000,000,950 | -H-- | M] () -- C:\Users\t.dung\AppData\Roaming\mozilla\firefox\profiles\ls5c6otl.default\searchplugins\icqplugin-1.xml [2010.12.10 15:16:25 | 000,000,950 | -H-- | M] () -- C:\Users\t.dung\AppData\Roaming\mozilla\firefox\profiles\ls5c6otl.default\searchplugins\icqplugin-10.xml [2010.12.15 15:58:27 | 000,000,950 | -H-- | M] () -- C:\Users\t.dung\AppData\Roaming\mozilla\firefox\profiles\ls5c6otl.default\searchplugins\icqplugin-11.xml [2011.03.03 06:42:50 | 000,000,950 | -H-- | M] () -- C:\Users\t.dung\AppData\Roaming\mozilla\firefox\profiles\ls5c6otl.default\searchplugins\icqplugin-12.xml [2011.03.06 09:23:50 | 000,000,950 | -H-- | M] () -- C:\Users\t.dung\AppData\Roaming\mozilla\firefox\profiles\ls5c6otl.default\searchplugins\icqplugin-13.xml [2011.03.23 20:11:10 | 000,000,950 | -H-- | M] () -- C:\Users\t.dung\AppData\Roaming\mozilla\firefox\profiles\ls5c6otl.default\searchplugins\icqplugin-14.xml [2011.04.30 12:56:47 | 000,000,950 | -H-- | M] () -- C:\Users\t.dung\AppData\Roaming\mozilla\firefox\profiles\ls5c6otl.default\searchplugins\icqplugin-15.xml [2011.06.25 19:43:23 | 000,000,950 | -H-- | M] () -- C:\Users\t.dung\AppData\Roaming\mozilla\firefox\profiles\ls5c6otl.default\searchplugins\icqplugin-16.xml [2011.08.23 16:12:36 | 000,000,950 | -H-- | M] () -- C:\Users\t.dung\AppData\Roaming\mozilla\firefox\profiles\ls5c6otl.default\searchplugins\icqplugin-17.xml [2011.09.06 18:43:46 | 000,000,950 | -H-- | M] () -- C:\Users\t.dung\AppData\Roaming\mozilla\firefox\profiles\ls5c6otl.default\searchplugins\icqplugin-18.xml [2011.09.15 05:14:16 | 000,000,950 | -H-- | M] () -- C:\Users\t.dung\AppData\Roaming\mozilla\firefox\profiles\ls5c6otl.default\searchplugins\icqplugin-19.xml [2009.12.18 18:38:33 | 000,000,950 | -H-- | M] () -- C:\Users\t.dung\AppData\Roaming\mozilla\firefox\profiles\ls5c6otl.default\searchplugins\icqplugin-2.xml [2011.10.29 11:47:36 | 000,000,950 | -H-- | M] () -- C:\Users\t.dung\AppData\Roaming\mozilla\firefox\profiles\ls5c6otl.default\searchplugins\icqplugin-20.xml [2011.12.31 01:52:47 | 000,000,950 | -H-- | M] () -- C:\Users\t.dung\AppData\Roaming\mozilla\firefox\profiles\ls5c6otl.default\searchplugins\icqplugin-21.xml [2011.12.31 10:07:05 | 000,000,950 | -H-- | M] () -- C:\Users\t.dung\AppData\Roaming\mozilla\firefox\profiles\ls5c6otl.default\searchplugins\icqplugin-22.xml [2012.03.13 17:01:04 | 000,000,950 | -H-- | M] () -- C:\Users\t.dung\AppData\Roaming\mozilla\firefox\profiles\ls5c6otl.default\searchplugins\icqplugin-23.xml [2012.03.25 16:15:05 | 000,000,950 | -H-- | M] () -- C:\Users\t.dung\AppData\Roaming\mozilla\firefox\profiles\ls5c6otl.default\searchplugins\icqplugin-24.xml [2010.01.12 14:43:25 | 000,000,950 | -H-- | M] () -- C:\Users\t.dung\AppData\Roaming\mozilla\firefox\profiles\ls5c6otl.default\searchplugins\icqplugin-3.xml [2010.02.19 23:20:00 | 000,000,950 | -H-- | M] () -- C:\Users\t.dung\AppData\Roaming\mozilla\firefox\profiles\ls5c6otl.default\searchplugins\icqplugin-4.xml [2010.04.01 10:20:45 | 000,000,950 | -H-- | M] () -- C:\Users\t.dung\AppData\Roaming\mozilla\firefox\profiles\ls5c6otl.default\searchplugins\icqplugin-5.xml [2010.04.01 12:55:50 | 000,000,950 | -H-- | M] () -- C:\Users\t.dung\AppData\Roaming\mozilla\firefox\profiles\ls5c6otl.default\searchplugins\icqplugin-6.xml [2010.04.01 21:44:26 | 000,000,950 | -H-- | M] () -- C:\Users\t.dung\AppData\Roaming\mozilla\firefox\profiles\ls5c6otl.default\searchplugins\icqplugin-7.xml [2010.08.07 21:56:53 | 000,000,950 | -H-- | M] () -- C:\Users\t.dung\AppData\Roaming\mozilla\firefox\profiles\ls5c6otl.default\searchplugins\icqplugin-8.xml [2010.10.07 19:52:46 | 000,000,950 | -H-- | M] () -- C:\Users\t.dung\AppData\Roaming\mozilla\firefox\profiles\ls5c6otl.default\searchplugins\icqplugin-9.xml [2009.09.17 13:30:04 | 000,000,944 | -H-- | M] () -- C:\Users\t.dung\AppData\Roaming\mozilla\firefox\profiles\ls5c6otl.default\searchplugins\icqplugin.xml [2010.07.11 15:25:35 | 000,002,135 | -H-- | M] () -- C:\Users\t.dung\AppData\Roaming\mozilla\firefox\profiles\ls5c6otl.default\searchplugins\MyStart Search.xml [2009.10.11 18:53:49 | 000,003,915 | -H-- | M] () -- C:\Users\t.dung\AppData\Roaming\mozilla\firefox\profiles\ls5c6otl.default\searchplugins\sweetim.xml [2012.11.23 14:16:49 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2009.10.26 21:22:13 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2012.09.07 14:24:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2009.10.22 16:15:35 | 000,000,000 | ---D | M] (FirefoxHelper) -- C:\Programme\Mozilla Firefox\extensions\firefoxhelper@mozilla.org [2010.12.28 20:10:39 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\Programme\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak [2010.12.28 20:10:25 | 000,000,000 | ---D | M] (Modul zur Link-Untersuchung) -- C:\Programme\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak [2012.11.20 07:17:00 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.09.29 10:32:26 | 000,129,176 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll [2012.11.20 08:13:26 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.11.20 08:13:26 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.11.20 08:13:26 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.11.20 08:13:26 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.01.27 16:11:08 | 000,002,325 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pandasecuritytb.xml [2012.11.20 08:13:26 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.11.20 08:13:26 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2012.11.23 18:24:18 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation) O2 - BHO: (Panda Security Toolbar) - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Programme\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll () O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (Panda Security Toolbar) - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Programme\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll () O4 - HKLM..\Run: [Acer ePower Management] C:\Programme\Packard Bell\Packard Bell PowerSave Solution\ePowerTrayLauncher.exe (Acer Incorporated) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe (NewTech Infosystems, Inc.) O4 - HKLM..\Run: [cAudioFilterAgent] C:\Programme\CONEXANT\cAudioFilterAgent\cAudioFilterAgent.exe (Conexant Systems, Inc.) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [Panda Security URL Filtering] C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filtering.exe (Panda Security) O4 - HKLM..\Run: [PDVD8LanguageShortcut] c:\Program Files\CyberLink\PowerDVD8\Language\Language.exe () O4 - HKLM..\Run: [PSUAMain] C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe (Panda Security, S.L.) O4 - HKLM..\Run: [RemoteControl8] c:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.) O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [VideoWebCamera] C:\Program Files\VideoWebCamera\VideoWebCamera.exe (Suyin) O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\t.dung\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.) O4 - HKCU..\Run: [SmpcSys] C:\Programme\Packard Bell\SetupMyPC\SmpSys.exe (Acer Incorporated) O4 - HKCU..\Run: [VeohPlugin] C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (Veoh Networks) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 5 O8 - Extra context menu item: Free YouTube Download - C:\Users\t.dung\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm () O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation) O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O15 - HKCU\..Trusted Domains: fritz.box ([]* in Lokales Intranet) O15 - HKCU\..Trusted Ranges: Range1 ([*] in Lokales Intranet) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03) O16 - DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Java Plug-in 1.7.0_09) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 10.9.2) O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{848DEB77-6767-4AB8-821C-490AC8438F8F}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{99316BF3-6B18-43A7-A84D-4F0446665C57}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.11.23 18:42:44 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2012.11.23 18:42:26 | 000,000,000 | ---D | C] -- C:\Windows\temp [2012.11.23 18:42:24 | 000,000,000 | ---D | C] -- C:\Users\t.dung\AppData\Local\temp [2012.11.23 17:25:21 | 000,000,000 | ---D | C] -- C:\ComboFix [2012.11.23 17:11:39 | 005,005,971 | R--- | C] (Swearware) -- C:\Users\t.dung\Desktop\ComboFix.exe [2012.11.23 16:43:44 | 000,000,000 | ---D | C] -- C:\Config.Msi [2012.11.23 16:09:53 | 000,000,000 | ---D | C] -- C:\Users\t.dung\Desktop\javara-2.0 [2012.11.23 13:42:00 | 000,000,000 | R--D | C] -- C:\Users\t.dung\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 8 [2012.11.22 21:40:38 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\t.dung\Desktop\OTL.exe [2012.11.22 06:54:49 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2012.11.21 20:46:21 | 002,322,184 | ---- | C] (ESET) -- C:\Users\t.dung\Desktop\esetsmartinstaller_enu.exe [2012.11.21 14:05:51 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2012.11.21 14:05:51 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2012.11.21 14:05:51 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2012.11.21 14:02:08 | 000,000,000 | ---D | C] -- C:\Qoobox [2012.11.21 14:00:44 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2012.11.21 13:53:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi [2012.11.21 13:53:48 | 000,000,000 | ---D | C] -- C:\Program Files\LogMeIn Hamachi [2012.11.20 19:18:29 | 000,000,000 | ---D | C] -- C:\Users\t.dung\Desktop\Neuer Ordner (4) [2012.11.20 19:18:13 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\t.dung\Desktop\aswMBR.exe [2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.11.23 18:28:01 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.11.23 18:25:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.11.23 18:24:18 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2012.11.23 17:40:08 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.11.23 17:40:08 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.11.23 17:28:32 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.11.23 17:12:15 | 005,005,971 | R--- | M] (Swearware) -- C:\Users\t.dung\Desktop\ComboFix.exe [2012.11.23 16:09:19 | 000,135,237 | ---- | M] () -- C:\Users\t.dung\Desktop\javara-2.0.zip [2012.11.23 14:17:02 | 000,000,848 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2012.11.23 13:45:00 | 000,671,674 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.11.23 13:45:00 | 000,632,364 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.11.23 13:45:00 | 000,144,810 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.11.23 13:45:00 | 000,118,990 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.11.23 13:41:38 | 000,079,942 | ---- | M] () -- C:\ProgramData\nvModes.001 [2012.11.23 13:40:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.11.22 21:40:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\t.dung\Desktop\OTL.exe [2012.11.22 06:48:16 | 414,289,096 | ---- | M] () -- C:\Windows\MEMORY.DMP [2012.11.21 20:46:21 | 002,322,184 | ---- | M] (ESET) -- C:\Users\t.dung\Desktop\esetsmartinstaller_enu.exe [2012.11.21 20:33:20 | 000,000,560 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for t.dung.job [2012.11.21 13:53:49 | 000,000,809 | ---- | M] () -- C:\Users\Public\Desktop\LogMeIn Hamachi.lnk [2012.11.20 19:37:07 | 000,006,400 | ---- | M] () -- C:\ProgramData\NanoRepository.bin [2012.11.20 19:18:50 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\t.dung\Desktop\aswMBR.exe [2012.11.20 18:26:28 | 000,394,120 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.11.16 20:05:41 | 000,302,592 | ---- | M] () -- C:\Users\t.dung\Desktop\wj3feti9.exe [2012.11.16 19:06:23 | 000,000,000 | ---- | M] () -- C:\Users\t.dung\defogger_reenable [2012.11.16 19:05:26 | 000,050,477 | ---- | M] () -- C:\Users\t.dung\Desktop\Defogger.exe [2012.10.26 18:17:06 | 000,006,400 | ---- | M] () -- C:\ProgramData\NanoRepository.bin.bak [2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.11.23 16:09:12 | 000,135,237 | ---- | C] () -- C:\Users\t.dung\Desktop\javara-2.0.zip [2012.11.23 14:17:02 | 000,000,848 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2012.11.22 06:48:16 | 414,289,096 | ---- | C] () -- C:\Windows\MEMORY.DMP [2012.11.21 14:05:51 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012.11.21 14:05:51 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012.11.21 14:05:51 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012.11.21 14:05:51 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012.11.21 14:05:51 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012.11.16 20:05:41 | 000,302,592 | ---- | C] () -- C:\Users\t.dung\Desktop\wj3feti9.exe [2012.11.16 19:06:23 | 000,000,000 | ---- | C] () -- C:\Users\t.dung\defogger_reenable [2012.11.16 19:05:26 | 000,050,477 | ---- | C] () -- C:\Users\t.dung\Desktop\Defogger.exe [2012.10.08 19:18:12 | 000,011,872 | ---- | C] () -- C:\Users\t.dung\bewerbungt 1.odt [2012.10.08 17:09:30 | 000,010,261 | ---- | C] () -- C:\Users\t.dung\Lebenslauf.odt [2012.09.21 21:16:15 | 000,005,441 | ---- | C] () -- C:\Users\t.dung\safe_image[3].jpg [2012.09.08 14:31:21 | 000,394,120 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2012.09.05 20:40:24 | 000,006,400 | ---- | C] () -- C:\ProgramData\NanoRepository.bin.bak [2012.09.05 20:40:24 | 000,006,400 | ---- | C] () -- C:\ProgramData\NanoRepository.bin [2012.09.05 19:59:27 | 000,000,176 | ---- | C] () -- C:\ProgramData\-7ADZ5g9QZthTedr [2012.09.05 19:59:26 | 000,000,160 | ---- | C] () -- C:\ProgramData\-7ADZ5g9QZthTed [2012.09.05 19:59:24 | 000,000,368 | ---- | C] () -- C:\ProgramData\7ADZ5g9QZthTed [2012.08.31 01:31:58 | 000,719,644 | ---- | C] () -- C:\Users\t.dung\bio.rtf [2012.08.03 19:21:03 | 000,000,000 | ---- | C] () -- C:\ProgramData\0x0304A000.sfl [2012.07.30 13:44:30 | 000,229,470 | ---- | C] () -- C:\Users\t.dung\beelzebub-3380623.jpg [2012.05.17 22:45:44 | 000,003,089 | ---- | C] () -- C:\Users\t.dung\songs.rtf [2012.05.13 10:42:31 | 000,000,127 | ---- | C] () -- C:\Windows\System32\MRT.INI [2012.05.03 16:46:42 | 000,000,167 | ---- | C] () -- C:\Users\t.dung\fr8tz.rtf [2012.01.28 17:39:14 | 000,000,000 | ---- | C] () -- C:\Users\t.dung\AppData\Local\{2741957C-0A26-4715-A593-AEB61F61C992} [2011.12.31 16:37:46 | 000,000,185 | ---- | C] () -- C:\Users\t.dung\grkushf.rtf [2011.11.15 14:28:38 | 000,224,844 | ---- | C] () -- C:\Users\t.dung\Chemie.odt [2011.09.27 04:37:13 | 000,002,728 | ---- | C] () -- C:\Users\t.dung\.recently-used.xbel [2011.09.26 22:31:21 | 000,018,082 | ---- | C] () -- C:\Users\t.dung\kloster_corin2_01.jpg [2011.09.02 22:54:22 | 000,000,277 | ---- | C] () -- C:\Users\t.dung\Gedanken.rtf [2011.08.29 21:32:52 | 000,000,356 | ---- | C] () -- C:\Users\t.dung\dieser SATZ !!!.rtf [2011.08.26 16:07:30 | 000,000,354 | ---- | C] () -- C:\Users\t.dung\ort in berlin.rtf [2011.08.17 21:27:01 | 000,012,614 | ---- | C] () -- C:\Users\t.dung\scheiß elli, hure.rtf [2011.08.11 22:13:17 | 000,012,499 | ---- | C] () -- C:\Users\t.dung\an.rtf [2011.08.07 11:01:06 | 001,245,491 | ---- | C] () -- C:\Users\t.dung\ydfh bdf.JPG [2011.08.04 12:01:04 | 000,000,624 | ---- | C] () -- C:\Users\t.dung\Ich.rtf [2011.07.26 00:12:28 | 000,036,112 | ---- | C] () -- C:\Users\t.dung\ende mit.rtf [2011.06.10 15:32:01 | 000,001,987 | ---- | C] () -- C:\Users\t.dung\antrag auf rücktritt.rtf [2011.06.09 18:45:04 | 000,002,699 | ---- | C] () -- C:\Users\t.dung\fritzbox einstellungen.rtf [2011.05.05 19:18:01 | 000,066,808 | ---- | C] () -- C:\Users\t.dung\spirited_away_006.jpg [2011.05.05 19:15:49 | 000,230,993 | ---- | C] () -- C:\Users\t.dung\Chihiros Reise ins Zauberland.jpg [2011.04.30 15:20:43 | 000,086,004 | ---- | C] () -- C:\Users\t.dung\parasyte-1169925.jpg [2011.03.11 21:50:40 | 026,128,352 | ---- | C] () -- C:\Users\t.dung\DSCN1910.AVI [2010.11.06 18:57:19 | 000,367,254 | ---- | C] () -- C:\Users\t.dung\AppData\Local\TempBeispiel 5.bmp [2010.11.06 18:55:33 | 000,095,572 | ---- | C] () -- C:\Users\t.dung\AppData\Local\Tempsexy-manga-1-4.jpg [2010.05.28 11:32:48 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat [2010.05.17 07:04:00 | 000,001,332 | ---- | C] () -- C:\Users\t.dung\Aktuelle Wiedergabe1.wpl [2010.02.01 18:04:35 | 000,000,330 | ---- | C] () -- C:\Users\t.dung\gmxnr.rtf [2010.01.27 18:53:01 | 000,118,805 | ---- | C] () -- C:\Users\t.dung\castle-jinmeri sheet.pdf [2010.01.20 07:40:48 | 000,002,741 | ---- | C] () -- C:\Users\t.dung\Aktuelle Wiedergabe.wpl [2010.01.14 07:42:23 | 000,000,438 | ---- | C] () -- C:\Users\t.dung\quellen nihei.rtf [2010.01.13 07:49:28 | 000,002,030 | ---- | C] () -- C:\Users\t.dung\weerke.rtf [2010.01.13 07:49:17 | 000,000,780 | ---- | C] () -- C:\Users\t.dung\nuhei.rtf [2010.01.12 21:01:26 | 000,002,011 | ---- | C] () -- C:\Users\t.dung\tsutomu nihei werke.rtf [2010.01.10 22:53:28 | 000,002,269 | ---- | C] () -- C:\Users\t.dung\tsutomu nihei.rtf [2010.01.06 07:02:16 | 000,002,665 | ---- | C] () -- C:\Users\t.dung\frauen kafka.rtf [2010.01.03 17:40:02 | 000,000,982 | ---- | C] () -- C:\Users\t.dung\elli infos.rtf [2009.12.23 18:09:34 | 000,000,344 | ---- | C] () -- C:\Users\t.dung\flyff dialog XD.rtf [2009.12.14 23:59:18 | 000,008,556 | ---- | C] () -- C:\Users\t.dung\heinrich.rtf [2009.12.13 22:45:10 | 000,000,553 | ---- | C] () -- C:\Users\t.dung\termine.rtf [2009.11.15 20:02:14 | 000,007,123 | -HS- | C] () -- C:\Users\t.dung\Folder.jpg [2009.11.15 20:02:14 | 000,007,123 | -HS- | C] () -- C:\Users\t.dung\AlbumArt_{0FA16295-43E1-48B8-B2D1-EA960B18B30C}_Large.jpg [2009.11.15 20:02:14 | 000,001,982 | -HS- | C] () -- C:\Users\t.dung\AlbumArtSmall.jpg [2009.11.15 20:02:14 | 000,001,982 | -HS- | C] () -- C:\Users\t.dung\AlbumArt_{0FA16295-43E1-48B8-B2D1-EA960B18B30C}_Small.jpg [2009.10.28 23:48:34 | 000,247,431 | ---- | C] () -- C:\Users\t.dung\Unbenannt merry.wma [2009.10.26 20:56:36 | 006,262,762 | ---- | C] () -- C:\Users\t.dung\05-polysics-kaja_kaja_goo.mp3 [2009.10.04 08:45:08 | 000,000,552 | ---- | C] () -- C:\Users\t.dung\AppData\Local\d3d8caps.dat [2009.09.10 14:27:29 | 000,001,356 | ---- | C] () -- C:\Users\t.dung\AppData\Local\d3d9caps.dat [2009.09.07 13:58:15 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2009.08.30 15:34:22 | 1029,197,824 | ---- | C] () -- C:\Users\t.dung\VTS_03_1.VOB [2009.08.30 15:34:21 | 000,001,980 | ---- | C] () -- C:\Users\t.dung\Visubands.rtf [2009.08.30 15:34:19 | 000,000,496 | ---- | C] () -- C:\Users\t.dung\musicliste.rtf [2009.08.24 21:22:46 | 000,130,560 | ---- | C] () -- C:\Users\t.dung\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.06.13 14:29:50 | 000,079,942 | ---- | C] () -- C:\ProgramData\nvModes.001 [2009.06.13 14:29:44 | 000,079,942 | ---- | C] () -- C:\ProgramData\nvModes.dat [2007.01.25 02:52:26 | 000,065,536 | ---- | C] () -- C:\Program Files\Common Files\NMSAccessU.exe ========== ZeroAccess Check ========== [2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2011.06.23 16:22:59 | 000,000,000 | ---D | M] -- C:\Users\t.dung\AppData\Roaming\.minecraft [2010.03.29 17:49:37 | 000,000,000 | -H-D | M] -- C:\Users\t.dung\AppData\Roaming\Any Video Converter [2012.11.16 17:50:09 | 000,000,000 | -H-D | M] -- C:\Users\t.dung\AppData\Roaming\BitTorrent [2012.09.07 08:47:24 | 000,000,000 | ---D | M] -- C:\Users\t.dung\AppData\Roaming\DNA [2011.02.07 20:24:16 | 000,000,000 | ---D | M] -- C:\Users\t.dung\AppData\Roaming\Downloaded Installations [2010.10.18 15:55:06 | 000,000,000 | -H-D | M] -- C:\Users\t.dung\AppData\Roaming\DVDVideoSoftIEHelpers [2010.07.20 21:23:06 | 000,000,000 | -H-D | M] -- C:\Users\t.dung\AppData\Roaming\FOG Downloader [2012.09.07 08:47:24 | 000,000,000 | ---D | M] -- C:\Users\t.dung\AppData\Roaming\GetRightToGo [2012.09.07 08:47:24 | 000,000,000 | ---D | M] -- C:\Users\t.dung\AppData\Roaming\gtk-2.0 [2010.12.30 21:22:19 | 000,000,000 | -H-D | M] -- C:\Users\t.dung\AppData\Roaming\ICQ [2009.09.17 14:03:28 | 000,000,000 | ---D | M] -- C:\Users\t.dung\AppData\Roaming\MAGIX [2010.10.30 11:25:34 | 000,000,000 | -H-D | M] -- C:\Users\t.dung\AppData\Roaming\MyVideoDownloader [2009.09.18 05:33:30 | 000,000,000 | ---D | M] -- C:\Users\t.dung\AppData\Roaming\OpenOffice.org [2010.08.08 17:17:01 | 000,000,000 | ---D | M] -- C:\Users\t.dung\AppData\Roaming\Opera [2009.08.24 18:54:26 | 000,000,000 | -H-D | M] -- C:\Users\t.dung\AppData\Roaming\Packard Bell [2012.04.20 21:17:52 | 000,000,000 | ---D | M] -- C:\Users\t.dung\AppData\Roaming\Panda Security [2010.07.15 20:09:54 | 000,000,000 | -H-D | M] -- C:\Users\t.dung\AppData\Roaming\PhotoLine [2012.05.09 11:56:07 | 000,000,000 | ---D | M] -- C:\Users\t.dung\AppData\Roaming\TeamViewer [2012.09.07 08:47:25 | 000,000,000 | ---D | M] -- C:\Users\t.dung\AppData\Roaming\TS3Client [2010.09.24 19:16:07 | 000,000,000 | ---D | M] -- C:\Users\t.dung\AppData\Roaming\TuneUp Software [2010.08.05 10:39:37 | 000,000,000 | -H-D | M] -- C:\Users\t.dung\AppData\Roaming\Uniblue [2009.08.25 18:32:13 | 000,000,000 | -H-D | M] -- C:\Users\t.dung\AppData\Roaming\YoudaGames [2012.03.06 18:32:53 | 000,000,000 | -H-D | M] -- C:\Users\t.dung\AppData\Roaming\Zobiw ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 64 bytes -> C:\Users\t.dung\VTS_03_1.VOB:TOC.WMV @Alternate Data Stream - 64 bytes -> C:\Users\t.dung\DSCN1910.AVI:TOC.WMV @Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:0651F96C @Alternate Data Stream - 111 bytes -> C:\ProgramData\Temp:F63A059B < End of report > |
|
24.11.2012, 10:27
| #14 |
| /// the machine /// TB-Ausbilder | Umleitung auf falsche Seiten bei Google-Suchergebnissen Umleitungen noch da?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
24.11.2012, 11:31
| #15 |
| | Umleitung auf falsche Seiten bei Google-Suchergebnissen Ja, sie bestehen immer noch : / |
|
| Themen zu Umleitung auf falsche Seiten bei Google-Suchergebnissen |
| acrobat update, akamai, antivirus, appdatalow, avira, bho, black, bonjour, cloud, error, firefox, flash player, google, hkus\s-1-5-18, home, hotspot, iexplore.exe, install.exe, intranet, launch, logfile, metin2, microsoft office 2003, mozilla, office 2007, packard bell, plug-in, prblem, problem, realtek, registry, security, senden, software, svchost.exe, systemwiederherstellung gemacht, teamspeak, trojaner, usb 2.0, vista, windows |
WARNUNG für die MITLESER: 
Linear-Darstellung
