| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: UKASH in Verbindung mit Windows Script HostWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
30.01.2013, 19:16
| #1 |
| |  UKASH in Verbindung mit Windows Script Host Hi, Habe mich aktuell mit UKASH Trojaner infiziert, wird offenbar im Zusammenhang mit WSH aktiv (Meldung: Scripting Host ... .js Dateiendung unbekannt) Betroffen eingeschränktes Benutzerkonto. OS: Vista Business SP2 Erste Massnahme: WSH in registry deaktiviert HKLM.Software.Microsoft.Windows Script Host.Settings enabled=0 Blockierung danach aufgehoben, kann normal arbeiten. Bin mir über weiteres Vorgehen unschlüssig, der Trojaner ist ja noch da. Rechner über Linux gebootet, die dortigen Virenprogramme finden ihn aber nicht. Könnte den Rechner neu aufsetzen, möchte aber trotzdem vorher rauskriegen was da läuft. Jemand eine Idee? Danke pkampino |
|
30.01.2013, 19:57
| #2 |
| /// Malware-holic   | UKASH in Verbindung mit Windows Script Host hi,
__________________im normalen modus kannst du arbeiten, richtig? Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
__________________ |
|
30.01.2013, 21:09
| #3 |
| | UKASH in Verbindung mit Windows Script Host Danke, Hier das Ergebnis des otl-scans
__________________OTL Logfile: Code:
ATTFilter OTL logfile created on: 30.01.2013 19:49:10 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Desktop\TrojanerBoard Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,25 Gb Total Physical Memory | 1,73 Gb Available Physical Memory | 53,24% Memory free 6,73 Gb Paging File | 5,61 Gb Available in Paging File | 83,29% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 136,72 Gb Total Space | 33,23 Gb Free Space | 24,31% Space Free | Partition Type: NTFS Drive D: | 298,09 Gb Total Space | 236,35 Gb Free Space | 79,29% Space Free | Partition Type: NTFS Drive E: | 161,37 Gb Total Space | 125,43 Gb Free Space | 77,73% Space Free | Partition Type: NTFS Computer Name: SATURN | User Name: *** | NOT logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.01.28 20:29:07 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\TrojanerBoard\OTL.exe PRC - [2012.12.12 10:28:14 | 000,163,000 | ---- | M] (Geek Software GmbH) -- C:\Programme\PDF24\pdf24.exe PRC - [2012.10.30 23:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastUI.exe PRC - [2012.10.02 20:28:55 | 001,820,520 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvtray.exe PRC - [2012.07.03 08:04:58 | 000,507,312 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Common Files\Java\Java Update\jucheck.exe PRC - [2012.02.26 15:01:44 | 000,295,728 | ---- | M] (SweetIM Technologies Ltd.) -- C:\Programme\SweetIM\Communicator\SweetPacksUpdateManager.exe PRC - [2011.01.17 18:50:34 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.exe PRC - [2011.01.17 18:50:34 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.bin PRC - [2010.11.04 22:09:22 | 000,980,368 | ---- | M] (The Eraser Project) -- C:\Programme\Eraser\Eraser.exe PRC - [2010.04.13 10:40:20 | 000,110,592 | ---- | M] (Books on Demand) -- C:\Programme\BoD easyPrint\BoDeasyPrint.exe PRC - [2010.04.13 10:40:20 | 000,028,672 | ---- | M] (Books on Demand) -- C:\Programme\BoD easyPrint\BoDeasyPrint_Monitor.exe PRC - [2009.04.11 07:28:03 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2008.01.19 08:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe PRC - [2008.01.19 08:33:39 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe PRC - [2006.05.04 06:58:56 | 000,998,912 | ---- | M] () -- C:\Programme\Visagesoft\eXPert PDF\vspdfprsrv.exe ========== Modules (No Company Name) ========== MOD - [2013.01.10 10:05:40 | 001,711,616 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\0f3b0e826eaa519bd7a3cad3de4fe3f4\Microsoft.VisualBasic.ni.dll MOD - [2013.01.10 10:01:42 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\b757806657fa5db2b1ed1a89b026b463\System.Xml.ni.dll MOD - [2013.01.10 10:01:24 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\0c3da9004b277959e24a9fd606d3dd05\System.Windows.Forms.ni.dll MOD - [2013.01.10 10:01:13 | 001,593,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\78157a494dc9a7e52be8840decfcd9cc\System.Drawing.ni.dll MOD - [2013.01.10 10:00:50 | 002,295,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\2cbdbc8bb7fcf0d7eb7a8d616e141d79\System.Core.ni.dll MOD - [2013.01.10 10:00:04 | 007,977,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\cc149d08e75f8c53cd28ac926b38c370\System.ni.dll MOD - [2013.01.10 09:59:55 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\2227d1559f87943255069398608d5c56\mscorlib.ni.dll MOD - [2012.01.08 14:41:12 | 000,093,696 | ---- | M] () -- C:\Programme\FileZilla FTP Client\fzshellext.dll MOD - [2011.12.14 22:51:09 | 000,985,088 | ---- | M] () -- C:\Programme\OpenOffice.org 3\program\libxml2.dll MOD - [2011.09.27 06:23:00 | 000,087,912 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011.09.27 06:22:40 | 001,242,472 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2010.04.13 10:40:20 | 000,880,128 | ---- | M] () -- C:\Programme\BoD easyPrint\libeay32.dll MOD - [2010.04.13 10:40:20 | 000,171,520 | ---- | M] () -- C:\Programme\BoD easyPrint\ssleay32.dll MOD - [2010.04.13 10:40:20 | 000,055,808 | ---- | M] () -- C:\Programme\BoD easyPrint\zlib1.dll MOD - [2008.02.02 22:08:12 | 001,722,368 | ---- | M] () -- C:\Programme\TUGZip\Plugins\TzArchive10.tgp MOD - [2007.03.12 22:34:20 | 000,162,304 | ---- | M] () -- C:\Windows\System32\ztvunrar36.dll MOD - [2007.01.24 17:06:36 | 000,117,248 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\hpzpi4v3.DLL MOD - [2006.05.14 12:03:54 | 000,655,360 | ---- | M] () -- C:\Programme\TUGZip\TzShell.dll MOD - [2006.05.04 06:58:56 | 000,998,912 | ---- | M] () -- C:\Programme\Visagesoft\eXPert PDF\vspdfprsrv.exe MOD - [2006.05.04 06:58:38 | 001,239,040 | ---- | M] () -- C:\Programme\Visagesoft\eXPert PDF\vspdfdialogs100.bpl MOD - [2006.05.04 06:58:38 | 000,237,056 | ---- | M] () -- C:\Programme\Visagesoft\eXPert PDF\expertpdf4core.bpl MOD - [2006.05.04 06:58:36 | 003,014,656 | ---- | M] () -- C:\Programme\Visagesoft\eXPert PDF\vspdfcore100.bpl MOD - [2006.05.04 06:58:36 | 001,026,048 | ---- | M] () -- C:\Programme\Visagesoft\eXPert PDF\vsvector100.bpl MOD - [2006.05.04 06:58:36 | 000,230,912 | ---- | M] () -- C:\Programme\Visagesoft\eXPert PDF\vspdfeditor100.bpl MOD - [2006.04.15 06:34:26 | 000,568,320 | ---- | M] () -- C:\Programme\Visagesoft\eXPert PDF\TMSlite100.bpl MOD - [2006.03.02 20:39:28 | 001,844,224 | ---- | M] () -- C:\Programme\Visagesoft\eXPert PDF\te100.bpl MOD - [2006.03.02 20:33:18 | 000,444,928 | ---- | M] () -- C:\Programme\Visagesoft\eXPert PDF\VirtualTree100.bpl MOD - [2006.03.02 20:28:36 | 000,139,776 | ---- | M] () -- C:\Programme\Visagesoft\eXPert PDF\uoolep100.bpl MOD - [2006.03.02 20:01:50 | 000,071,168 | ---- | M] () -- C:\Programme\Visagesoft\eXPert PDF\VSDesktop100.bpl MOD - [2006.03.02 19:57:48 | 000,383,488 | ---- | M] () -- C:\Programme\Visagesoft\eXPert PDF\visage100.bpl MOD - [2006.03.02 19:55:22 | 000,089,088 | ---- | M] () -- C:\Programme\Visagesoft\eXPert PDF\vsmisc100.bpl MOD - [2005.12.26 13:20:52 | 002,098,176 | ---- | M] () -- C:\Programme\Visagesoft\eXPert PDF\PKIECtrl100.bpl MOD - [2005.02.17 22:15:22 | 000,077,824 | ---- | M] () -- C:\Programme\TUGZip\Plugins\TzImage10.tgp MOD - [2003.08.22 07:23:16 | 000,225,792 | ---- | M] () -- C:\Programme\Visagesoft\eXPert PDF\sqlite.dll ========== Services (SafeList) ========== SRV - [2013.01.09 17:20:15 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Unknown] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.10.30 23:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Unknown] -- C:\Programme\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus) SRV - [2012.10.10 21:15:04 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Unknown] -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2012.10.02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto | Unknown] -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2012.09.05 09:17:56 | 001,044,816 | ---- | M] (Flexera Software, Inc.) [On_Demand | Unknown] -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2011.07.20 05:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2011.02.04 13:10:16 | 000,196,912 | ---- | M] (Nitro PDF Software) [Auto | Unknown] -- C:\Programme\Nitro PDF\Reader\NitroPDFReaderDriverService.exe -- (NitroReaderDriverReadSpool) SRV - [2010.02.21 00:05:18 | 000,373,760 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (WAS) SRV - [2010.01.12 15:57:44 | 000,185,640 | ---- | M] (TeamViewer GmbH) [Disabled | Unknown] -- C:\Programme\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5) SRV - [2010.01.09 21:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2010.01.09 21:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) SRV - [2009.09.29 16:18:42 | 000,809,736 | ---- | M] (ABBYY) [Disabled | Unknown] -- C:\Programme\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Professional.10.0) SRV - [2009.04.11 07:28:17 | 000,052,224 | ---- | M] (Microsoft Corporation) [Auto | Unknown] -- C:\Windows\System32\inetsrv\apphostsvc.dll -- (AppHostSvc) SRV - [2008.11.19 19:22:20 | 000,015,872 | ---- | M] () [On_Demand | Unknown] -- C:\Programme\OpenVPN\bin\openvpnserv.exe -- (OpenVPNService) SRV - [2008.01.19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Unknown] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2008.01.19 08:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2007.11.06 21:22:26 | 000,092,792 | ---- | M] (CACE Technologies) [On_Demand | Unknown] -- C:\Programme\WinPcap\rpcapd.exe -- (rpcapd) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Unknown] -- system32\DRIVERS\SMARTVTabletPCx86.sys -- (SMARTVTabletPCx86) DRV - File not found [Kernel | On_Demand | Unknown] -- system32\DRIVERS\SMARTVHidMini2000x86.sys -- (SMARTVHidMini2000x86) DRV - File not found [Kernel | On_Demand | Unknown] -- system32\DRIVERS\SMARTMouseFilterx86.sys -- (SMARTMouseFilterx86) DRV - File not found [Kernel | On_Demand | Unknown] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Unknown] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Unknown] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | Disabled | Unknown] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive) DRV - [2012.10.30 23:51:58 | 000,738,504 | ---- | M] (AVAST Software) [File_System | System | Unknown] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx) DRV - [2012.10.30 23:51:58 | 000,361,032 | ---- | M] (AVAST Software) [Kernel | System | Unknown] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP) DRV - [2012.10.30 23:51:58 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Unknown] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi) DRV - [2012.10.30 23:51:58 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Unknown] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr) DRV - [2012.10.30 23:51:57 | 000,058,680 | ---- | M] (AVAST Software) [File_System | Auto | Unknown] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt) DRV - [2012.10.30 23:51:56 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Unknown] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk) DRV - [2012.10.10 21:14:28 | 010,837,352 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Unknown] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2008.11.19 19:22:36 | 000,025,216 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Unknown] -- C:\Windows\System32\drivers\tap0901.sys -- (tap0901) DRV - [2008.06.16 09:31:08 | 000,007,808 | ---- | M] (Secunia) [File_System | On_Demand | Unknown] -- C:\Windows\System32\drivers\psi_mf.sys -- (PSI) DRV - [2008.05.15 10:15:50 | 000,086,097 | ---- | M] (GMER) [Kernel | On_Demand | Unknown] -- C:\Windows\System32\drivers\gmer.sys -- (gmer) DRV - [2007.11.06 21:22:06 | 000,034,064 | ---- | M] (CACE Technologies) [Kernel | Auto | Unknown] -- C:\Windows\System32\drivers\npf.sys -- (NPF) DRV - [2007.10.11 10:40:00 | 000,022,016 | ---- | M] () [Kernel | On_Demand | Unknown] -- C:\Windows\System32\drivers\MosIrUsb.sys -- (MosIrUsb) DRV - [2007.02.05 16:10:34 | 001,122,304 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Unknown] -- C:\Windows\System32\drivers\P17.sys -- (P17) DRV - [2006.11.02 08:30:56 | 000,044,544 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Unknown] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) DRV - [2006.10.30 11:29:36 | 000,201,216 | ---- | M] (Matrox Graphics Inc.) [Kernel | On_Demand | Unknown] -- C:\Windows\System32\drivers\G200em.sys -- (G200e) DRV - [2006.10.01 13:37:02 | 000,026,624 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Unknown] -- C:\Windows\System32\drivers\tap0801.sys -- (tap0801) DRV - [2006.09.28 04:47:48 | 000,283,776 | ---- | M] (AfaTech ) [Kernel | On_Demand | Unknown] -- C:\Windows\System32\drivers\AF15BDA.sys -- (AF15BDA) DRV - [2006.06.21 11:36:18 | 000,013,184 | ---- | M] () [Kernel | On_Demand | Unknown] -- C:\Programme\Softwin\BitDefender Antirootkit\profos.sys -- (Profos) DRV - [2005.02.23 13:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Unknown] -- C:\Windows\System32\drivers\afc.sys -- (Afc) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com/?barid={DB32BC7C-BA43-11E1-B909-B4C6C954C889} IE - HKLM\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsof1.dll (Conduit Ltd.) IE - HKLM\..\URLSearchHook: {dfabc5b5-039b-4865-979a-de31cdf3e351} - C:\Programme\T0rrentBitch\tbT0rr.dll (Conduit Ltd.) IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2431245 IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&barid={DB32BC7C-BA43-11E1-B909-B4C6C954C889} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Google" FF - prefs.js..browser.search.defaulturl: "hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de" FF - prefs.js..extensions.enabledAddons: SQLiteManager@mrinalkant.blogspot.com:0.7.7 FF - prefs.js..extensions.enabledAddons: {3b56bcc7-54e5-44a2-9b44-66c3ef58c13e}:0.9.5.1 FF - prefs.js..extensions.enabledAddons: {8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}:0.17 FF - prefs.js..extensions.enabledAddons: {9efe12fc-8e7b-41dc-917e-b9341daa31e0}:1.3.4.3 FF - prefs.js..extensions.enabledAddons: inspector@mozilla.org:2.0.13 FF - prefs.js..extensions.enabledAddons: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.2.2 FF - prefs.js..extensions.enabledAddons: wrc@avast.com:7.0.1474 FF - prefs.js..extensions.enabledItems: inspector@mozilla.org:2.0.9 FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.6.2 FF - prefs.js..extensions.enabledItems: {9efe12fc-8e7b-41dc-917e-b9341daa31e0}:1.3.4.2 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0015-0000-0013-ABCDEFFEDCBA}:5.0.13 FF - prefs.js..extensions.enabledItems: {8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}:0.16 FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.91 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.652: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.652: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011.11.12 19:31:46 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013.01.06 19:35:23 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.01.27 12:34:06 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.01.27 12:34:06 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.01.27 12:34:06 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.01.27 12:34:06 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.01.27 12:34:06 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 16.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.01.27 12:34:06 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 16.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010.01.15 16:18:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2010.01.15 16:18:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2012.11.01 17:45:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\zzb20yow.default\extensions [2010.04.27 11:28:57 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\zzb20yow.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011.06.16 17:44:34 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\zzb20yow.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2011.12.31 12:43:43 | 000,000,000 | ---D | M] (Html Validator) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\zzb20yow.default\extensions\{3b56bcc7-54e5-44a2-9b44-66c3ef58c13e} [2011.05.14 15:02:10 | 000,000,000 | ---D | M] (Live HTTP Headers) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\zzb20yow.default\extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a} [2012.09.04 15:04:04 | 000,000,000 | ---D | M] (DOM Inspector) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\zzb20yow.default\extensions\inspector@mozilla.org [2011.03.28 10:47:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\zzb20yow.default\extensions\nostmp [2012.11.01 17:45:35 | 002,042,908 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\zzb20yow.default\extensions\firebug@software.joehewitt.com.xpi [2012.05.23 19:14:51 | 000,255,318 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\zzb20yow.default\extensions\SQLiteManager@mrinalkant.blogspot.com.xpi [2012.06.19 20:08:34 | 000,024,955 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\zzb20yow.default\extensions\{9efe12fc-8e7b-41dc-917e-b9341daa31e0}.xpi [2012.09.22 18:32:50 | 001,268,546 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\zzb20yow.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi [2012.04.02 10:53:49 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2007.08.20 14:34:40 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2013.01.22 19:14:16 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\updated\extensions [2013.01.22 19:14:16 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Programme\Mozilla Firefox\updated\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2013.01.22 19:14:27 | 000,000,000 | ---D | M] (Default) -- C:\Programme\Mozilla Firefox\updated\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2013.01.06 19:35:23 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF [2012.08.31 09:13:18 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011.05.25 14:48:09 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2008.02.04 18:49:18 | 000,663,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\npOGAPlugin.dll [2012.06.08 17:05:30 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.08.31 09:13:16 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.06.08 17:05:30 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.06.08 17:05:30 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.08 17:05:30 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.08 17:05:30 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: hxxp://www.google.com CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: hxxp://www.google.com CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.97\pdf.dll CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.97\gears.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.97\gcswf32.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.230.5 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U23 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL CHR - plugin: Office Genuine Advantage (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npOGAPlugin.dll CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.2.183.39\npGoogleOneClick8.dll CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: No name found = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1474_0\ CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.4_0\ O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsof1.dll (Conduit Ltd.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (T0rrentBitch Toolbar) - {dfabc5b5-039b-4865-979a-de31cdf3e351} - C:\Programme\T0rrentBitch\tbT0rr.dll (Conduit Ltd.) O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsof1.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (T0rrentBitch Toolbar) - {dfabc5b5-039b-4865-979a-de31cdf3e351} - C:\Programme\T0rrentBitch\tbT0rr.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (softonic-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - C:\Programme\softonic-de3\tbsof1.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (T0rrentBitch Toolbar) - {DFABC5B5-039B-4865-979A-DE31CDF3E351} - C:\Programme\T0rrentBitch\tbT0rr.dll (Conduit Ltd.) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [BoD easyPrint Printing Device] C:\Program Files\BoD easyPrint\BoDeasyPrint_Monitor.exe (Books on Demand) O4 - HKLM..\Run: [Eraser] C:\Programme\Eraser\Eraser.exe (The Eraser Project) O4 - HKLM..\Run: [NeroFilterCheck] C:\Windows\System32\NeroCheck.exe (Ahead Software Gmbh) O4 - HKLM..\Run: [PDFPrint] C:\Programme\PDF24\pdf24.exe (Geek Software GmbH) O4 - HKLM..\Run: [Sweetpacks Communicator] C:\Programme\SweetIM\Communicator\SweetPacksUpdateManager.exe (SweetIM Technologies Ltd.) O4 - HKLM..\Run: [vspdfprsrv.exe] C:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe () O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [Adobe Acrobat Synchronizer] "C:\Program Files\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe" File not found O4 - HKCU..\Run: [NBJ] C:\Program Files\Ahead\Nero BackItUp\NBJ.exe (Ahead Software AG) O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe () O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SDK Tray Menu.lnk = File not found O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WinMySQLadmin.lnk = File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} hxxp://downloads.ewido.net/ewidoOnlineScan.cab (ewidoOnlineScan Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 10.7.2) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{06D50BA1-14EE-4456-898A-F5ABCC489FBA}: DhcpNameServer = 192.109.42.41 192.109.42.42 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{06D50BA1-14EE-4456-898A-F5ABCC489FBA}: NameServer = 192.109.42.41,192.109.42.42 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9D98FFC0-BBC6-404A-AECC-37769FC647FB}: DhcpNameServer = 10.16.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A8D5FAC3-48B0-46C0-9615-3E77E4C3DCFC}: NameServer = 192.109.42.41,192.109.42.42 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - D:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{8caaf098-8d07-11dc-9350-001a4b4d5551}\Shell\AutoRun\command - "" = WD_Windows_Tools\setup.exe O33 - MountPoints2\{b5b31b21-02be-11e1-b7ed-87c188e0398f}\Shell - "" = AutoRun O33 - MountPoints2\{b5b31b21-02be-11e1-b7ed-87c188e0398f}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a O33 - MountPoints2\G\Shell - "" = AutoRun O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013.01.30 19:41:16 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\TrojanerBoard [2013.01.27 12:43:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2013.01.27 12:42:44 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2013.01.27 12:42:41 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2013.01.27 12:42:41 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1 [2013.01.27 12:33:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime [2013.01.27 12:33:34 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime [2013.01.26 22:16:55 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Canneverbe Limited [2013.01.06 19:35:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus [2013.01.06 19:35:40 | 000,738,504 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys [2013.01.06 19:35:13 | 000,041,224 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr [2013.01.06 19:34:46 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software [2013.01.06 19:34:25 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software [2013.01.06 19:29:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in [2013.01.06 19:29:03 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft [2013.01.02 15:47:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF24 [3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.01.30 19:20:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.01.30 18:57:59 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.01.30 18:56:01 | 000,004,176 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2013.01.30 18:56:01 | 000,004,176 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2013.01.30 16:56:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.01.30 14:25:00 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job [2013.01.30 10:58:00 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.01.30 10:12:11 | 3488,952,320 | -HS- | M] () -- C:\hiberfil.sys [2013.01.27 16:16:52 | 095,023,320 | ---- | M] () -- C:\ProgramData\8246062.pad [2013.01.27 12:43:42 | 000,001,670 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2013.01.27 12:33:58 | 000,001,732 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2013.01.25 19:35:01 | 000,666,848 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.01.25 19:35:01 | 000,627,038 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.01.25 19:35:01 | 000,136,334 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.01.25 19:35:01 | 000,112,354 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.01.25 19:15:02 | 000,002,734 | ---- | M] () -- C:\ProgramData\8246062.js [2013.01.22 20:17:01 | 287,554,869 | ---- | M] () -- C:\Windows\MEMORY.DMP [2013.01.22 18:03:50 | 000,002,032 | ---- | M] () -- C:\Users\***\AppData\Local\d3d9caps.dat [2013.01.10 09:58:47 | 001,756,520 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2013.01.06 19:35:49 | 000,001,835 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk [2013.01.06 19:35:39 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt [2013.01.06 19:30:57 | 000,001,893 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2013.01.02 18:21:08 | 1635,976,192 | ---- | M] () -- C:\Users\***\Desktop\Outlook.bak [2013.01.02 15:47:41 | 000,001,659 | ---- | M] () -- C:\Users\Public\Desktop\PDF24 Editor.lnk [2013.01.02 15:47:41 | 000,001,644 | ---- | M] () -- C:\Users\Public\Desktop\PDF24 Fax.lnk [3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.01.26 22:05:38 | 3488,952,320 | -HS- | C] () -- C:\hiberfil.sys [2013.01.25 19:15:02 | 000,002,734 | ---- | C] () -- C:\ProgramData\8246062.js [2013.01.25 19:15:00 | 095,023,320 | ---- | C] () -- C:\ProgramData\8246062.pad [2013.01.06 19:35:49 | 000,001,835 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk [2013.01.02 15:47:41 | 000,001,659 | ---- | C] () -- C:\Users\Public\Desktop\PDF24 Editor.lnk [2013.01.02 15:47:41 | 000,001,644 | ---- | C] () -- C:\Users\Public\Desktop\PDF24 Fax.lnk [2012.09.10 20:55:29 | 000,001,048 | ---- | C] () -- C:\Users\***\report1.jrxml [2011.07.08 14:54:18 | 000,015,259 | ---- | C] () -- C:\Windows\System32\compress.exe [2011.05.23 17:58:11 | 000,000,057 | ---- | C] () -- C:\Users\***\zu_bul_classes.bat [2011.04.30 18:23:54 | 000,018,805 | ---- | C] () -- C:\Users\***\sybille.jpg [2011.04.29 13:10:29 | 000,087,140 | ---- | C] () -- C:\Users\***\Mappe1.pdf [2011.04.29 11:53:51 | 000,058,680 | ---- | C] () -- C:\Users\***\Figure01_BW.jpg [2011.02.14 12:22:59 | 000,014,336 | ---- | C] () -- C:\Windows\System32\vsmon1.dll [2011.02.02 17:20:36 | 000,087,552 | ---- | C] () -- C:\Windows\System32\cpwmon2k.dll [2011.01.02 17:21:47 | 000,000,843 | ---- | C] () -- C:\Users\***\books.xml [2010.06.16 11:45:01 | 000,000,218 | ---- | C] () -- C:\Users\***\.recently-used.xbel [2010.04.24 09:15:02 | 000,000,022 | ---- | C] () -- C:\Users\***\zu_mysql_bin.bat [2010.04.24 09:12:38 | 000,000,064 | ---- | C] () -- C:\Users\***\zu_mysql_db_vhskurs.bat [2010.03.12 19:56:20 | 000,000,600 | ---- | C] () -- C:\Users\***\AppData\Roaming\winscp.rnd [2010.02.20 19:47:03 | 000,000,036 | ---- | C] () -- C:\Users\***\.org.eclipse.epp.usagedata.recording.userId [2009.09.22 15:57:19 | 000,000,003 | ---- | C] () -- C:\Users\***\tray.pid [2009.09.21 18:22:56 | 000,000,116 | ---- | C] () -- C:\Users\***\.asadminpass [2009.09.21 18:22:47 | 000,000,794 | ---- | C] () -- C:\Users\***\.asadmintruststore [2009.01.15 18:45:54 | 000,077,824 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.03.05 16:03:02 | 000,000,600 | ---- | C] () -- C:\Users\***\AppData\Local\PUTTY.RND [2007.11.22 22:27:51 | 000,004,096 | -H-- | C] () -- C:\Users\***\AppData\Local\keyfile3.drm [2007.08.11 14:40:23 | 023,402,288 | ---- | C] ( ) -- C:\Users\***\AdbeRdr810_en_US.exe [2007.07.19 18:32:20 | 000,001,100 | ---- | C] () -- C:\Users\***\AppData\Local\d3d8caps.dat [2007.07.13 16:29:44 | 000,002,032 | ---- | C] () -- C:\Users\***\AppData\Local\d3d9caps.dat ========== ZeroAccess Check ========== [2006.11.02 13:54:18 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2013.01.26 22:16:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Canneverbe Limited [2008.01.29 11:59:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DeepBurner [2009.11.27 09:07:32 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DzSoft [2011.12.16 13:33:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\eXPert PDF Editor [2008.04.04 18:37:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FileOpen [2012.12.28 21:34:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FileZilla [2010.06.16 11:24:54 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\gtk-2.0 [2008.02.29 09:52:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\IBP18599 [2011.04.29 11:44:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Jpeg Resampler [2011.11.02 18:32:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\KaDonk [2012.12.06 20:28:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MySQL [2013.01.25 12:34:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nitro PDF [2012.06.22 18:00:15 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Notepad++ [2011.12.14 22:55:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org [2008.04.03 14:48:10 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OSRAM [2011.03.12 08:17:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SMART Technologies [2011.03.12 08:17:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SMART Technologies Inc [2009.10.20 18:40:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Stellarium [2010.02.25 20:06:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Subversion [2010.12.28 16:11:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TeamViewer [2010.01.15 16:18:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Thunderbird [2012.01.15 02:34:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Webocton - Scriptly ========== Purity Check ========== < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 30.01.2013 19:49:10 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Desktop\TrojanerBoard
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,25 Gb Total Physical Memory | 1,73 Gb Available Physical Memory | 53,24% Memory free
6,73 Gb Paging File | 5,61 Gb Available in Paging File | 83,29% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 136,72 Gb Total Space | 33,23 Gb Free Space | 24,31% Space Free | Partition Type: NTFS
Drive D: | 298,09 Gb Total Space | 236,35 Gb Free Space | 79,29% Space Free | Partition Type: NTFS
Drive E: | 161,37 Gb Total Space | 125,43 Gb Free Space | 77,73% Space Free | Partition Type: NTFS
Computer Name: SATURN | User Name: *** | NOT logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.vbe [@ = VBEFile] -- C:\Windows\System32\CScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\System32\CScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\System32\CScript.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = UltraEdit.html] -- "C:\Program Files\IDM Computer Solutions\UltraEdit\Uedit32.exe" "%1"
.js [@ = UltraEdit.js] -- "C:\Program Files\IDM Computer Solutions\UltraEdit\Uedit32.exe" "%1"
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
vbefile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{35191EE8-2CA9-4593-BA31-28632246C208}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{5EC8D42B-6EAA-4DE0-9C7E-CCBEC376C05C}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{5EF8205C-00BF-44B1-B7C5-703FD3D79A21}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{5F7A4D94-CA06-4685-8EB0-A377E15DFE47}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{65A26AAD-30BB-4BE7-9004-46511141EAA2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AA4BE73F-9C5F-40A0-9A2D-62A121BA8AE8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B8A8B5DA-4300-4766-887E-15EF57C936BC}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{CD3F2825-405D-4CF2-8E7A-3D8B69099AA3}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{F151A762-33B6-4DDF-ACD4-221F136ED842}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{086A75D8-A946-4EBC-950F-60CF5DA2F2A2}" = protocol=17 | dir=in | app=c:\program files\sweetim\communicator\sweetpacksupdatemanager.exe |
"{0F47D1E3-539F-430B-9D9A-19D5825E5DD2}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{16D7D3BF-D9CF-4448-A111-B1ECC07AC256}" = protocol=6 | dir=in | app=c:\program files\sweetim\communicator\sweetpacksupdatemanager.exe |
"{1925CFF7-B3A5-4655-B6CF-731AC203FFD1}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version5\teamviewer.exe |
"{213290BB-AA97-4EFC-A506-F6507EB909A6}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{37E543A1-C2BB-493A-8B2A-493E878154AC}" = protocol=17 | dir=in | app=c:\program files\smart technologies\smart product drivers\ucservice.exe |
"{3B5292B8-66D8-4469-8EED-C8D3A8D3CA7F}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{3DE045F9-C87E-4697-8741-BEEC88408C7B}" = protocol=17 | dir=in | app=c:\program files\smart technologies\smart product drivers\smartsnmpagent.exe |
"{5255C7BA-B908-47BE-977A-68867FCFA659}" = protocol=17 | dir=in | app=c:\program files\torrentbitch\torrentbitch.exe |
"{5FCFC91F-0BE8-4FC6-8A45-94F3333736A7}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{640E3787-3C03-4ACD-AA99-61E945FA1961}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{6B86E2F7-666E-470E-95DD-519A3653665E}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{6DB74172-CDB2-44ED-8593-B51439D3222F}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{7D83A412-7EA9-4B7B-9195-DFDFC9C8597B}" = protocol=6 | dir=in | app=c:\program files\smart technologies\education software\vantageservice.exe |
"{A5534E85-9261-48E1-8717-04C77EC9D4F1}" = protocol=6 | dir=in | app=c:\program files\torrentbitch\torrentbitch.exe |
"{A7E8142D-DB9F-460D-83A9-E9802C131ED2}" = protocol=6 | dir=in | app=c:\program files\smart technologies\smart product drivers\ucgui.exe |
"{B4ACF2D4-9901-429F-85B5-F01FA8F99EAC}" = protocol=17 | dir=in | app=c:\windows\system32\msiexec.exe |
"{C3436C84-57FC-4D80-B287-43F3CB27369D}" = protocol=17 | dir=in | app=c:\program files\smart technologies\smart product drivers\ucgui.exe |
"{CE888278-764C-43F2-BD16-4D0CFD5B88FD}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{D10F69ED-83A1-47A3-B89A-AEC81715A656}" = protocol=6 | dir=in | app=c:\windows\system32\msiexec.exe |
"{D268F066-5E6F-48D2-A048-1A58E4D6A887}" = protocol=6 | dir=in | app=c:\program files\smart technologies\smart product drivers\smartsnmpagent.exe |
"{D99002B4-505C-44A7-A0F1-B811B6751BF5}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version5\teamviewer.exe |
"{EAD3B270-B339-4BAF-AE1F-CB4EBE7240EB}" = protocol=17 | dir=in | app=c:\program files\smart technologies\education software\vantageservice.exe |
"{EB92C2EE-7B7C-465B-8EE9-E1CF10228734}" = protocol=6 | dir=in | app=c:\program files\smart technologies\smart product drivers\ucservice.exe |
"TCP Query User{0D8C29D5-4086-4BA2-9C18-78E8AC272000}D:\xampp\apache\bin\httpd.exe" = protocol=6 | dir=in | app=d:\xampp\apache\bin\httpd.exe |
"TCP Query User{12072F46-4799-4E38-8592-6B25B400A050}C:\users\***\appdata\local\temp\java_ee_sdk-5_07-jdk-6u16-windows-ml.exe2\package\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\users\***\appdata\local\temp\java_ee_sdk-5_07-jdk-6u16-windows-ml.exe2\package\jre\bin\javaw.exe |
"TCP Query User{221A1EA6-68B8-4A20-9324-9AB6CD978044}C:\xampp\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe |
"TCP Query User{2B867D9E-C854-4974-B5EA-F82A76B87417}D:\eclipse_all_in_one\eclipse-php-galileo-sr1-win32\eclipse\eclipse.exe" = protocol=6 | dir=in | app=d:\eclipse_all_in_one\eclipse-php-galileo-sr1-win32\eclipse\eclipse.exe |
"TCP Query User{2DB33002-AE49-457B-930B-E9D7F6BFDC49}D:\eclipse_all_in_one\zend-eclipse-php-galileo-sr1-win32-x86\eclipse\eclipse.exe" = protocol=6 | dir=in | app=d:\eclipse_all_in_one\zend-eclipse-php-galileo-sr1-win32-x86\eclipse\eclipse.exe |
"TCP Query User{36DE16DB-6889-4F52-91B0-E91D0F0D3659}D:\xampp\apache\bin\httpd.exe" = protocol=6 | dir=in | app=d:\xampp\apache\bin\httpd.exe |
"TCP Query User{3EC6D41D-4D43-4566-81A1-A431E648F911}C:\program files\filezilla ftp client\filezilla.exe" = protocol=6 | dir=in | app=c:\program files\filezilla ftp client\filezilla.exe |
"TCP Query User{444D5E6B-0093-4CB2-9688-4B0E88F2BDB9}C:\inter_in\php_editoren\eclipse\eclipse-php-galileo-sr1-win32\eclipse\eclipse.exe" = protocol=6 | dir=in | app=c:\inter_in\php_editoren\eclipse\eclipse-php-galileo-sr1-win32\eclipse\eclipse.exe |
"TCP Query User{46055730-E33D-409E-BB44-9F824CB87D13}D:\inter_in\html_php_editore\php_editoren\eclipse\pdt-2.1.0-win32-x86\eclipse\eclipse.exe" = protocol=6 | dir=in | app=d:\inter_in\html_php_editore\php_editoren\eclipse\pdt-2.1.0-win32-x86\eclipse\eclipse.exe |
"TCP Query User{4F30FDDA-2544-4D4D-B10E-105B79C8739B}D:\eclipse_php_galileo\eclipse\eclipse.exe" = protocol=6 | dir=in | app=d:\eclipse_php_galileo\eclipse\eclipse.exe |
"TCP Query User{6777681A-8E4A-42A9-B4B6-1580BC995A32}D:\xampp\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=d:\xampp\mysql\bin\mysqld.exe |
"TCP Query User{71D7CB2F-AE9E-4209-A3DE-0EB5FDE6D45B}C:\inter_in\php_editoren\eclipse\pdt-2.1.0-win32-x86\eclipse\eclipse.exe" = protocol=6 | dir=in | app=c:\inter_in\php_editoren\eclipse\pdt-2.1.0-win32-x86\eclipse\eclipse.exe |
"TCP Query User{896C860E-D22A-4970-AB16-A824E6559C43}D:\xampp\mercurymail\mercury.exe" = protocol=6 | dir=in | app=d:\xampp\mercurymail\mercury.exe |
"TCP Query User{9CE1701D-4FE0-46E0-B47F-435034691AC8}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{9EB4796B-58B2-4261-B97D-3844E529795D}C:\java\jdk1.6.0_24\bin\java.exe" = protocol=6 | dir=in | app=c:\java\jdk1.6.0_24\bin\java.exe |
"TCP Query User{AEB770C8-6FCF-4255-B846-5257DD8F79E8}C:\inter_in\php_editoren\eclipse\eclipse-php-galileo-sr1-win32\eclipse\eclipsec.exe" = protocol=6 | dir=in | app=c:\inter_in\php_editoren\eclipse\eclipse-php-galileo-sr1-win32\eclipse\eclipsec.exe |
"TCP Query User{BB7D5F10-0A41-4666-80EA-302808D77FEE}C:\program files\teamviewer\version5\teamviewer.exe" = protocol=6 | dir=in | app=c:\program files\teamviewer\version5\teamviewer.exe |
"TCP Query User{BBBDDE77-982D-4C78-BD53-A7EEE1A9207E}C:\xampp\apache\bin\httpd.exe" = protocol=6 | dir=in | app=c:\xampp\apache\bin\httpd.exe |
"TCP Query User{CC7DD9A9-6614-4C6B-A38C-4231AC8D536C}D:\xampp\apache\bin\apache.exe" = protocol=6 | dir=in | app=d:\xampp\apache\bin\apache.exe |
"TCP Query User{DE0AF920-44EA-424F-AD87-D410E1A435DF}C:\program files\dzsoft\php editor\dzphped.exe" = protocol=6 | dir=in | app=c:\program files\dzsoft\php editor\dzphped.exe |
"UDP Query User{2C74AF42-5DCD-495D-8103-607948E69C56}D:\xampp\mercurymail\mercury.exe" = protocol=17 | dir=in | app=d:\xampp\mercurymail\mercury.exe |
"UDP Query User{2ECE8037-E2C9-431B-8EB2-78CE66E2017E}C:\users\***\appdata\local\temp\java_ee_sdk-5_07-jdk-6u16-windows-ml.exe2\package\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\users\***\appdata\local\temp\java_ee_sdk-5_07-jdk-6u16-windows-ml.exe2\package\jre\bin\javaw.exe |
"UDP Query User{305CE335-E010-4D69-9CA4-E16DE843A0E9}D:\xampp\apache\bin\httpd.exe" = protocol=17 | dir=in | app=d:\xampp\apache\bin\httpd.exe |
"UDP Query User{32F92040-29B5-4AE3-A583-CD76B3380559}D:\eclipse_php_galileo\eclipse\eclipse.exe" = protocol=17 | dir=in | app=d:\eclipse_php_galileo\eclipse\eclipse.exe |
"UDP Query User{40940D64-D224-4E2A-AF23-E2F62375C05E}C:\inter_in\php_editoren\eclipse\eclipse-php-galileo-sr1-win32\eclipse\eclipse.exe" = protocol=17 | dir=in | app=c:\inter_in\php_editoren\eclipse\eclipse-php-galileo-sr1-win32\eclipse\eclipse.exe |
"UDP Query User{494FA570-0837-4ED2-8946-D50943A939EA}D:\xampp\apache\bin\apache.exe" = protocol=17 | dir=in | app=d:\xampp\apache\bin\apache.exe |
"UDP Query User{4B2F54C4-485C-4ED7-8FA0-2A14F038DF2C}C:\inter_in\php_editoren\eclipse\eclipse-php-galileo-sr1-win32\eclipse\eclipsec.exe" = protocol=17 | dir=in | app=c:\inter_in\php_editoren\eclipse\eclipse-php-galileo-sr1-win32\eclipse\eclipsec.exe |
"UDP Query User{55CC745E-1A5A-4665-94A2-79B60DA54238}D:\inter_in\html_php_editore\php_editoren\eclipse\pdt-2.1.0-win32-x86\eclipse\eclipse.exe" = protocol=17 | dir=in | app=d:\inter_in\html_php_editore\php_editoren\eclipse\pdt-2.1.0-win32-x86\eclipse\eclipse.exe |
"UDP Query User{5B8B2969-6772-4439-A555-FD8281ED861B}C:\java\jdk1.6.0_24\bin\java.exe" = protocol=17 | dir=in | app=c:\java\jdk1.6.0_24\bin\java.exe |
"UDP Query User{64C1D447-A291-4C85-9EBE-0D9CE1EFADBA}C:\program files\filezilla ftp client\filezilla.exe" = protocol=17 | dir=in | app=c:\program files\filezilla ftp client\filezilla.exe |
"UDP Query User{6F6A1BBA-4465-4421-9C24-B10133C7D25B}C:\xampp\apache\bin\httpd.exe" = protocol=17 | dir=in | app=c:\xampp\apache\bin\httpd.exe |
"UDP Query User{79C85FBF-CBBB-4DF7-AFEC-CEE299DB0BC4}C:\program files\dzsoft\php editor\dzphped.exe" = protocol=17 | dir=in | app=c:\program files\dzsoft\php editor\dzphped.exe |
"UDP Query User{9D26D4E9-BE7A-473D-A863-F1BF48ABEC9F}D:\xampp\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=d:\xampp\mysql\bin\mysqld.exe |
"UDP Query User{B46FA156-0DB5-4144-92FC-E2522E646E60}C:\inter_in\php_editoren\eclipse\pdt-2.1.0-win32-x86\eclipse\eclipse.exe" = protocol=17 | dir=in | app=c:\inter_in\php_editoren\eclipse\pdt-2.1.0-win32-x86\eclipse\eclipse.exe |
"UDP Query User{BC32C23C-85E9-4296-8BF4-8B8AF0CFFE92}D:\eclipse_all_in_one\zend-eclipse-php-galileo-sr1-win32-x86\eclipse\eclipse.exe" = protocol=17 | dir=in | app=d:\eclipse_all_in_one\zend-eclipse-php-galileo-sr1-win32-x86\eclipse\eclipse.exe |
"UDP Query User{DB6AE46A-DC38-4F07-B2AB-65C66F40A13C}C:\xampp\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe |
"UDP Query User{E3BD74CF-0FEE-42CF-AFED-39358D6F57E3}C:\program files\teamviewer\version5\teamviewer.exe" = protocol=17 | dir=in | app=c:\program files\teamviewer\version5\teamviewer.exe |
"UDP Query User{E42CE8B1-7165-4FC9-A8F5-531FF9D3F09E}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{EE02E6DA-0115-4D43-984E-D1E3FE13EE3C}D:\eclipse_all_in_one\eclipse-php-galileo-sr1-win32\eclipse\eclipse.exe" = protocol=17 | dir=in | app=d:\eclipse_all_in_one\eclipse-php-galileo-sr1-win32\eclipse\eclipse.exe |
"UDP Query User{F96A0570-6A80-41B2-B644-F92D563A5439}D:\xampp\apache\bin\httpd.exe" = protocol=17 | dir=in | app=d:\xampp\apache\bin\httpd.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{0034E9B7-20C1-4700-815D-DEC1F1181142}_is1" = TorrentBitch 0.3.6.0 Beta
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{08139608-C4CD-40C1-B08C-BC9E77293CAE}" = ConceptDraw Project 4
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20B1B020-DEAE-48D1-9960-D4C3185D758B}" = Phase 5 HTML-Editor
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 24
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{32A3A4F4-B792-11D6-A78A-00B0D0160240}" = Java(TM) SE Development Kit 6 Update 24
"{392A74D0-4DFE-49F7-87C3-8A61708F8856}" = Eraser 6.0.8.2273
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{415CD877-0970-4CB6-B178-1E72F7DC60E7}" = MyScript HWR (German)
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{459699C3-9430-4381-964B-4248D87B49F9}" = Apple Mobile Device Support
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{48963B63-7A10-49D6-8B08-61E6132453D0}" = ViewSonic Monitor Drivers
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AA5B8A5-BEEF-4AD8-B11D-4443A042EA4F}" = Adobe Dreamweaver CS3
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files
"{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash
"{6E1205BF-25BC-44A5-B10E-34402BFF5D45}" = PHP 5.2.6
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{73B5D990-04EA-4751-B10F-5534770B91F2}" = Adobe Color EU Recommended Settings
"{73EC658D-A1C6-40CA-8E86-E05821BAACE7}" = Java DB 10.6.2.1
"{774C0434-9948-4DEE-A14E-69CDD316E36C}" = Internet Explorer Toolbar 4.6 by SweetPacks
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7AE8768A-5C84-4EC6-9504-A2D37A8C6E99}" = Nitro PDF Reader
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7FC7AD70-1DF3-4B84-9AA2-4FB680F45572}_is1" = Hex-Editor MX
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 5.2.0
"{8A6AD979-8170-49ED-8529-14174317B281}" = SA60xx Device Manager
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_PROPLUSR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_PROPLUSR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_PROPLUSR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_PROPLUSR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_PROPLUSR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_PROPLUSR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PRJPRO_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}_PROPLUSR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PRJPRO_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUSR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PRJPRO_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUSR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_PRJPRO_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}_PROPLUSR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-003B-0000-0000-0000000FF1CE}" = Microsoft Office Project Professional 2007
"{90120000-003B-0000-0000-0000000FF1CE}_PRJPRO_{8446EB22-A746-46DC-B1BD-E0DFA1F3CDDA}" = Microsoft Office Project 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_PROPLUSR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_PRJPRO_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}_PROPLUSR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
"{90120000-00B4-0407-0000-0000000FF1CE}" = Microsoft Office Project MUI (German) 2007
"{90120000-00B4-0407-0000-0000000FF1CE}_PRJPRO_{C8D442F2-CF33-486E-8079-A704A2E80A39}" = Microsoft Office Project 2007 Service Pack 3 (SP3)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PRJPROR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PRJPROR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PRJPROR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PRJPROR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PRJPROR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PRJPROR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00B4-0407-0000-0000000FF1CE}" = Microsoft Office Project MUI (German) 2010
"{90140000-00B4-0407-0000-0000000FF1CE}_Office14.PRJPROR_{86D01646-1942-4253-B11F-68F5ED259B17}" = Microsoft Project 2010 Service Pack 1 (SP1)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{91120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{91120000-0011-0000-0000-0000000FF1CE}_PROPLUSR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91140000-003B-0000-0000-0000000FF1CE}" = Microsoft Office Project Professional 2010
"{91140000-003B-0000-0000-0000000FF1CE}_Office14.PRJPROR_{8A8F117F-8EDB-440D-B679-F08909D729F7}" = Microsoft Project 2010 Service Pack 1 (SP1)
"{9A4D182C-35C7-4791-8484-4304EBC9101A}" = Windows 7 Upgrade Advisor
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A0FE0292-D3BE-3447-80F2-72E032A54875}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A3DF5B33-FB8B-43FE-A943-A24CF6030F61}" = NETGEAR Print Server Software
"{A6E92CAB-9E63-46DC-8ABF-0CAFF7B7CD02}" = eXPert PDF 4
"{A77664F3-63DC-440B-A3A9-8984F18BB9E3}" = LiveProject
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAA30010-8E01-11D8-BBDA-0002B308455F}" = BoD easyPrint DE
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.2 - Deutsch
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B0261E53-B6F1-474A-864B-E7C3CBF468E0}" = iTunes
"{B1B669F9-B9FE-486D-924F-D6678FDB0FD5}" = Adobe Setup
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3
"{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}" = Adobe BridgeTalk Plugin CS3
"{B75932F6-EC0A-4E3A-AA7A-11AAC267B8A3}" = Adobe Creative Suite 3 Design Premium
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3
"{BEEFF670-EEE6-44CC-A190-289895518E96}" = BUL-Client
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C576C82C-EE87-11D6-B031-0000CB597465}" = A.F.7 Merge your files 1.3
"{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D3C605D8-3A5E-4BAD-965D-2C61441BF2AC}" = Adobe Photoshop CS3
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E21D6DB6-6DAB-3A63-8C09-CB6606D7403B}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Language Pack - DEU
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F1000000-0001-0000-0000-074957833700}" = ABBYY FineReader 10 Professional Edition
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F7B0E599-C114-4493-BC4D-D8FC7CBBABBB}" = 32 Bit HP CIO Components Installer
"{FB697452-8CA4-46B4-98B1-165C922A2EF3}" = Update Manager for SweetPacks 1.0
"{FC47C7A5-BE63-11D5-B7C9-005004566E4D}" = ViewSonic Windows XP Signed Files
"{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}" = Adobe Color NA Extra Settings
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe_dba14d7ef3aa07282d2b5a7a98d902a" = Adobe Creative Suite 3 Design Premium hinzufügen oder entfernen
"avast" = avast! Free Antivirus
"CutePDF Writer Installation" = CutePDF Writer 2.8
"DALI EASY WBT" = DALI EASY WBT 1.0
"Der Schreibtrainer" = Der Schreibtrainer 3.7
"Dia" = Dia (nur entfernen)
"DzSoftPhpEditor_is1" = DzSoft PHP Editor 4.2.4
"ECOS" = ECOS
"ExamGear 2000" = ExamGear 2000
"ExpertDebugger_is1" = Expert Debugger 3.2
"filehippo.com" = FileHippo.com Update Checker
"FileZilla Client" = FileZilla Client 3.5.3
"Free PDF to Word Doc Converter_is1" = Free PDF to Word Doc Converter v1.1
"FreeOCR.net" = FreeOCR.net
"Google Chrome" = Google Chrome
"Google Updater" = Google Updater
"Graph_is1" = Graph 4.3
"HijackThis" = HijackThis 2.0.2
"ImageConverter" = ImageConverter 2.0
"Inkscape" = Inkscape 0.46
"iReport-4.7.0.exe" = iReport 4.7.0
"Matrox Graphics Uninstaller" = Matrox Graphics Software (remove only)
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Visual Studio 2010 Tools for Office Runtime (x86)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
"Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Language Pack - DEU" = Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x86) Language Pack - DEU
"Mozilla Firefox 11.0 (x86 de)" = Mozilla Firefox 11.0 (x86 de)
"Mozilla Thunderbird (3.0.1)" = Mozilla Thunderbird (3.0.1)
"nbi-nb-base-6.8.0.0.0" = NetBeans IDE 6.8
"nbi-nb-base-7.0.0.0.0" = NetBeans IDE 7.0
"NeroMultiInstaller!UninstallKey" = Nero Suite
"Notepad++" = Notepad++
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.PRJPROR" = Microsoft Project Professional 2010
"OpenVPN" = OpenVPN 2.1_rc15
"phase5" = phase5
"PRJPRO" = Microsoft Office Project Professional 2007
"PROPLUSR" = Microsoft Office Professional Plus 2007
"RealPlayer 12.0" = RealPlayer
"Secunia PSI (RC3)" = Secunia PSI (RC3)
"SmartTRAK" = SmartTRAK
"softonic-de3 Toolbar" = softonic-de3 Toolbar
"Stellarium_is1" = Stellarium 0.10.2
"T0rrentBitch Toolbar" = T0rrentBitch Toolbar
"TeamViewer 5" = TeamViewer 5
"TUGZip_is1" = TUGZip 3.5
"VLC media player" = VLC media player 2.0.1
"Webocton - Scriptly_is1" = Webocton - Scriptly 0.8.95.6
"WinPcapInst" = WinPcap 4.0.2
"Wireshark" = Wireshark 1.0.0
"xampp" = XAMPP 1.7.4
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Mozilla Firefox 15.0 (x86 de)" = Mozilla Firefox 15.0 (x86 de)
"Mozilla Thunderbird 16.0.1 (x86 de)" = Mozilla Thunderbird 16.0.1 (x86 de)
"Security Task Manager" = Security Task Manager 1.7i
========== Last 20 Event Log Errors ==========
Error: Unable to start EventLog service!
< End of report >
|
|
31.01.2013, 13:05
| #4 |
| /// Malware-holic | UKASH in Verbindung mit Windows Script Host hi dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user. wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts. • Starte bitte die OTL.exe • Kopiere nun das Folgende in die Textbox. Code:
ATTFilter :OTL
[2013.01.25 19:15:02 | 000,002,734 | ---- | C] () -- C:\ProgramData\8246062.js
[2013.01.25 19:15:00 | 095,023,320 | ---- | C] () -- C:\ProgramData\8246062.pad
:Files
:Commands
[EMPTYFLASH]
[emptytemp]
• Schliesse bitte nun alle Programme. • Klicke nun bitte auf den Fix Button. • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen. • Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren. starte in den normalen modus. falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
31.01.2013, 20:56
| #6 |
| /// Malware-holic | UKASH in Verbindung mit Windows Script Host wenn du wieder im normalen Modus mit inet arbeiten kannst, dann passt das. download tdss killer: http://www.trojaner-board.de/82358-t...entfernen.html Klicke auf Change parameters • Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system • Klick auf OK und anschließend auf Start scan - bei funden erst mal immer skip wählen, log posten c: öffnen, tdsskiller-datum-version.txt öffnen, Inhalt posten
__________________ --> UKASH in Verbindung mit Windows Script Host |
|
| Themen zu UKASH in Verbindung mit Windows Script Host |
| aktiv, aktuell, aufsetzen, business, dateiendung, eingeschränktes, infiziert, linux, meldung, neu, neu aufsetzen, programme, rechner, registry, script, scripting, troja, trojaner, ukash, unbekannt, verbindung, virenprogramme, vista, vorgehen, weiteres, windows, windows script host, zusammenhang |
Linear-Darstellung
