|
ukash: dateien verschlüsselt, sicherung startet nicht, win7 Hallo Trojaner-Board, ich bitte um Hilfe. Habe leider am 22.06. den ukash erwischt und zunächst mit Kasperski-Rettungs-CD auch recht schnell wegbekommen. Ergebnis: (fast) alle Dateien sind nun verschlüsselt (ohne "locked", sondern z.B. sQloteXvOxjrxlovda ist ein Foto). Als sich ukash "breit" machte, bekam ich eine update-/sicherungsmeldung von DELL. Da mir das komisch vorkam, schaltete ich die externe Festplatte aus. Auf dieser sind viele Daten erhalten, leider auch viele weg. Dort liegt eine win7-Sicherung vom 18.06., die sich aber nicht starten lässt. :headbang: Wer kann helfen? Ich bin nur Anwender, versuche aber nach euren Vorgaben die ersten Schritte hier zu posten. Danke!! eKeno 1. Defogger ohne Meldung 2. OTL: habe einen 90 Tage SCAN ausgeführt. Hier die Ergebnisse: 3. Bericht von Malewarebytes OTL logfile created on: 09.09.2012 19:38:53 - Run 1 OTL by OldTimer - Version 3.2.61.3 Folder = C:\Users\Nono\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,75 Gb Total Physical Memory | 0,47 Gb Available Physical Memory | 26,68% Memory free 3,50 Gb Paging File | 1,72 Gb Available in Paging File | 49,29% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 288,90 Gb Total Space | 137,89 Gb Free Space | 47,73% Space Free | Partition Type: NTFS Drive J: | 596,02 Gb Total Space | 26,36 Gb Free Space | 4,42% Space Free | Partition Type: FAT32 Computer Name: DELL_7 | User Name: Nono | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 90 Days ========== Processes (SafeList) ========== PRC - [2012.09.09 19:17:03 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\Nono\Desktop\OTL.exe PRC - [2012.08.13 18:58:02 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.07.25 16:29:02 | 001,890,744 | ---- | M] (Bandoo Media, inc) -- C:\Program Files (x86)\Searchqu Toolbar\Datamngr\datamngrUI.exe PRC - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.07.03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012.07.02 11:16:06 | 000,695,448 | ---- | M] () -- C:\Users\Nono\AppData\Roaming\BrowserCompanion\tbhcn.exe PRC - [2012.05.11 16:00:18 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2012.05.11 16:00:18 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2011.10.13 18:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE PRC - [2009.08.19 11:32:24 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin PRC - [2009.08.19 11:32:20 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe PRC - [2009.07.07 10:23:00 | 001,779,952 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe PRC - [2009.06.24 20:19:50 | 000,140,520 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe PRC - [2009.06.18 21:46:24 | 000,494,064 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe PRC - [2008.12.18 14:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Programme\Dell\DellDock\DockLogin.exe ========== Modules (No Company Name) ========== MOD - [2012.07.02 11:16:06 | 000,695,448 | ---- | M] () -- C:\Users\Nono\AppData\Roaming\BrowserCompanion\tbhcn.exe MOD - [2012.06.16 11:57:37 | 001,840,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\f6e40535606ea1d79d2a3a1d7e85a743\System.Web.Services.ni.dll MOD - [2012.06.16 11:57:17 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll MOD - [2012.06.14 01:00:51 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll MOD - [2012.05.14 22:54:01 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\9b2f17fb61b7197f2a04108f5d1a1cc6\System.Management.ni.dll MOD - [2012.05.14 20:20:59 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll MOD - [2012.05.14 20:20:55 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll MOD - [2012.05.14 20:20:54 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll MOD - [2012.05.14 20:20:44 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll MOD - [2011.06.24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011.06.24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2010.11.13 02:08:41 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2010.11.05 03:58:50 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll MOD - [2009.08.19 11:28:46 | 000,139,264 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\Basis\program\NSLDAP32V50.dll MOD - [2009.08.18 16:54:22 | 000,970,752 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll MOD - [2009.07.07 10:24:00 | 000,369,904 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\de\DataSafeOnline.resources.dll MOD - [2009.07.07 10:24:00 | 000,268,528 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbShared.dll MOD - [2009.07.07 10:24:00 | 000,140,528 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbShared.XmlSerializers.dll MOD - [2009.07.07 10:24:00 | 000,095,472 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbUI.dll MOD - [2009.07.07 10:24:00 | 000,046,320 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\de\SdbUI.resources.dll MOD - [2009.07.07 10:23:00 | 001,779,952 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe MOD - [2009.07.07 10:23:00 | 000,058,608 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\BalloonWindow.dll MOD - [2009.07.07 10:23:00 | 000,017,648 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\cpputils.dll MOD - [2009.06.18 21:46:24 | 000,494,064 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe MOD - [2009.04.16 14:03:22 | 000,166,400 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\Basis\program\libxslt.dll ========== Services (SafeList) ========== SRV:64bit: - [2009.06.15 05:12:12 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.05.11 16:00:18 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.05.11 16:00:18 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011.10.21 16:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc) SRV - [2011.10.13 18:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate) SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2008.12.18 14:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Programme\Dell\DellDock\DockLogin.exe -- (DockLoginService) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012.05.11 16:00:19 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012.05.11 16:00:19 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.03.02 16:03:00 | 000,034,816 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64modem.sys -- (USBModem) DRV:64bit: - [2012.03.02 16:03:00 | 000,028,160 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64diag.sys -- (UsbDiag) DRV:64bit: - [2012.03.02 16:03:00 | 000,017,920 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64bus.sys -- (usbbus) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.02.15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2011.09.16 17:08:07 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.12.21 16:52:44 | 000,046,112 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tbhsd.sys -- (tbhsd) DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.07.30 15:09:57 | 000,082,816 | ---- | M] (VSO Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pcouffin.sys -- (pcouffin) DRV:64bit: - [2009.12.19 10:11:40 | 000,314,400 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2009.08.06 00:24:16 | 000,061,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 02:00:13 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Dot4Scan.sys -- (Dot4Scan) DRV:64bit: - [2009.07.09 12:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64) DRV:64bit: - [2009.06.15 05:48:02 | 006,031,872 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.06.05 12:20:26 | 000,114,192 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV:64bit: - [2009.05.27 05:13:24 | 001,206,784 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService) DRV:64bit: - [2009.05.18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV - [2011.05.12 20:10:40 | 000,025,072 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Running] -- c:\Programme\Dell Support Center\pcdsrvc_x64.pkms -- (PCDSRVC{1E208CE0-FB7451FF-06020101}_0) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2414} IE:64bit: - HKLM\..\SearchScopes\{9A612931-5DD9-4F10-8346-B4741C52402F}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2414}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=0&systemid=414&sr=0&q={searchTerms} IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2414} IE - HKLM\..\SearchScopes\{3A882DD2-3736-433F-A446-427D6E2ABB30}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2414}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=0&systemid=414&sr=0&q={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USCON/8 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\..\SearchScopes,DefaultScope = {4327FABE-3C22-4689-8DBF-D226CF777FE9} IE - HKCU\..\SearchScopes\{4327FABE-3C22-4689-8DBF-D226CF777FE9}: "URL" = hxxp://www.searchplusnetwork.com/?sp=vit4&q={searchTerms} IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2414}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=0&systemid=414&sr=0&q={searchTerms} IE - HKCU\..\SearchScopes\{CE95B226-0B92-4E61-8157-A79ABA2735CB}: "URL" = hxxp://www.google.de/search?q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) ========== Chrome ========== CHR - homepage: hxxp://www.google.de/ CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = hxxp://www.google.de/search?q={searchTerms} CHR - default_search_provider: suggest_url = CHR - homepage: hxxp://www.google.de/ CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\gcswf32.dll CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Nono\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Programme\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation) O2:64bit: - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\PROGRA~2\SEARCH~1\Datamngr\x64\BROWSE~1.DLL (Bandoo Media, inc) O2 - BHO: (Browser Companion Helper) - {00cbb66b-1d3b-46d3-9577-323a336acb50} - C:\Program Files (x86)\BrowserCompanion\jsloader.dll ( ) O2 - BHO: (Browser Companion Helper Verifier) - {963B125B-8B21-49A2-A3A8-E37092276531} - C:\Program Files (x86)\BrowserCompanion\updatebhoWin32.dll ( ) O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll () O2 - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\PROGRA~2\SEARCH~1\Datamngr\BROWSE~1.DLL (Bandoo Media, inc) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll () O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [B2C_AGENT] C:\ProgramData\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe (LG Electronics) O4 - HKLM..\Run: [DATAMNGR] C:\PROGRA~2\SEARCH~1\Datamngr\DATAMN~1.EXE (Bandoo Media, inc) O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe () O4 - HKLM..\Run: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter File not found O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe () O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\vdeck.exe (VIA) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.) O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKCU..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background File not found O4 - HKCU..\Run: [Upgrade] C:\Users\Nono\AppData\Roaming\WinRAR\{60E3F4CA-C769-4D42-8892-B59D9CA64FF8}\Upgrade.exe File not found O4 - Startup: C:\Users\Nono\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found O4 - Startup: C:\Users\Nono\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () O4 - Startup: C:\Users\Nono\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tbhcn.lnk = C:\Users\Nono\AppData\Roaming\BrowserCompanion\tbhcn.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14) O16:64bit: - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {B1953AD6-C50E-11D3-B020-00A0C9251384} hxxp://www.o2c.de/download/O2CPlayer.CAB (O2C-Player (ELECO Software GmbH)) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8679DDE1-6EF8-481F-90E8-9B57022BA398}: DhcpNameServer = 192.168.1.1 O18:64bit: - Protocol\Handler\base64 - No CLSID value found O18:64bit: - Protocol\Handler\chrome - No CLSID value found O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found O18:64bit: - Protocol\Handler\prox - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\base64 {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files (x86)\BrowserCompanion\tdataprotocol.dll (Blabbers Communications Ltd) O18 - Protocol\Handler\chrome {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files (x86)\BrowserCompanion\tdataprotocol.dll (Blabbers Communications Ltd) O18 - Protocol\Handler\prox {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files (x86)\BrowserCompanion\tdataprotocol.dll (Blabbers Communications Ltd) O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\Datamngr\x64\datamngr.dll) - C:\PROGRA~2\SEARCH~1\Datamngr\x64\datamngr.dll (Bandoo Media, inc) O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\Datamngr\x64\IEBHO.dll) - C:\PROGRA~2\SEARCH~1\Datamngr\x64\IEBHO.dll (Bandoo Media, inc) O20 - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\Datamngr\datamngr.dll) - C:\PROGRA~2\SEARCH~1\Datamngr\datamngr.dll (Bandoo Media, inc) O20 - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\Datamngr\IEBHO.dll) - C:\PROGRA~2\SEARCH~1\Datamngr\IEBHO.dll (Bandoo Media, inc) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 90 Days ========== [2012.09.09 19:16:59 | 000,600,064 | ---- | C] (OldTimer Tools) -- C:\Users\Nono\Desktop\OTL.exe [2012.09.08 18:28:53 | 000,000,000 | ---D | C] -- C:\ifx [2012.09.08 18:26:48 | 000,000,000 | ---D | C] -- C:\LGT310 [2012.09.08 18:26:09 | 000,655,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcr90.dll [2012.09.08 18:26:09 | 000,568,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcp90.dll [2012.09.08 18:26:09 | 000,224,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcm90.dll [2012.09.08 18:26:04 | 001,233,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml4.dll [2012.09.08 18:26:04 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml4r.dll [2012.09.08 18:26:04 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml4a.dll [2012.09.08 18:26:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LGMobile Support Tool [2012.09.08 18:26:01 | 000,000,000 | ---D | C] -- C:\ProgramData\LGMOBILEAX [2012.09.08 18:21:56 | 000,034,816 | ---- | C] (LG Electronics Inc.) -- C:\Windows\SysNative\drivers\lgx64modem.sys [2012.09.08 18:21:56 | 000,028,160 | ---- | C] (LG Electronics Inc.) -- C:\Windows\SysNative\drivers\lgx64diag.sys [2012.09.08 18:21:56 | 000,017,920 | ---- | C] (LG Electronics Inc.) -- C:\Windows\SysNative\drivers\lgx64bus.sys [2012.09.08 18:21:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LG Electronics [2012.08.18 12:56:09 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll [2012.08.18 12:56:02 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll [2012.08.18 12:56:01 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll [2012.08.18 12:56:01 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\splwow64.exe [2012.08.18 12:55:58 | 000,911,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2012.08.18 12:55:58 | 000,609,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2012.08.18 12:55:57 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012.08.18 12:55:50 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netapi32.dll [2012.08.18 12:55:50 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browcli.dll [2012.08.18 12:55:49 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\browcli.dll [2012.08.18 12:55:09 | 000,735,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2012.08.18 12:55:09 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012.08.18 12:55:09 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012.08.18 12:55:09 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012.08.18 12:55:08 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012.08.18 12:55:08 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012.08.18 12:55:08 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012.08.18 12:54:59 | 000,956,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll [2012.08.18 12:51:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2012.08.07 18:55:48 | 000,000,000 | -HSD | C] -- C:\found.000 [2012.07.31 22:33:49 | 000,000,000 | ---D | C] -- C:\Users\Nono\AppData\Local\Messenger_Plus_Live [2012.07.31 22:33:48 | 000,000,000 | ---D | C] -- C:\Users\Nono\AppData\Roaming\BrowserCompanion [2012.07.31 22:33:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BrowserCompanion [2012.07.31 22:33:18 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess [2012.07.31 22:33:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Searchqu Toolbar [2012.07.31 22:33:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Video Converter [2012.07.31 22:33:03 | 000,000,000 | ---D | C] -- C:\Users\Nono\AppData\Roaming\FreeVideoConverter [2012.07.31 22:33:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free Video Converter [2012.07.31 22:32:26 | 000,445,136 | ---- | C] (Bandoo Media Inc) -- C:\Users\Nono\Desktop\Setup_FreeVideoConverter3.1.0.0.exe [2012.07.31 22:30:43 | 000,352,992 | ---- | C] (Softonic) -- C:\Users\Nono\Desktop\SoftonicDownloader_fuer_koyote-free-video-converter.exe [2012.07.13 15:26:44 | 000,000,000 | -H-D | C] -- C:\Windows\AxInstSV [2012.07.11 13:43:27 | 000,000,000 | ---D | C] -- C:\Users\Nono\AppData\Roaming\Malwarebytes [2012.07.11 13:43:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.07.11 13:43:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.07.11 13:43:14 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.07.11 13:43:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.07.11 13:41:00 | 010,063,000 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Nono\Desktop\mbam-setup-1.61.0.1400.exe [2012.07.11 13:11:25 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll [2012.07.11 13:11:25 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll [2012.07.11 13:10:48 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll [2012.07.11 13:10:33 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll [2012.07.11 13:10:32 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll [2012.06.26 00:04:04 | 000,000,000 | ---D | C] -- C:\Users\Nono\Desktop\Hochzeit SAFE [2012.06.25 23:14:18 | 000,448,816 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Nono\Desktop\rannohdecryptor.exe [2012.06.24 12:58:12 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll [2012.06.24 12:58:12 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe [2012.06.24 12:58:12 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll [2012.06.24 12:58:01 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll [2012.06.24 12:58:01 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll [2012.06.24 12:58:01 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll [2012.06.24 12:57:37 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll [2012.06.24 12:57:37 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe [2012.06.13 19:04:27 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll [2012.06.13 19:04:27 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll [2012.06.13 19:04:27 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe [2012.06.13 19:03:48 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2012.06.13 19:03:44 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2012.06.13 19:03:44 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2012.06.13 19:03:29 | 003,216,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll [2012.06.13 19:03:11 | 001,462,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll [2012.06.13 19:03:09 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll [2010.07.30 15:09:57 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Nono\AppData\Roaming\pcouffin.sys [1 C:\Users\Nono\AppData\Roaming\*.tmp files -> C:\Users\Nono\AppData\Roaming\*.tmp -> ] ========== Files - Modified Within 90 Days ========== [2012.09.09 19:17:03 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\Nono\Desktop\OTL.exe [2012.09.09 19:16:08 | 000,000,000 | ---- | M] () -- C:\Users\Nono\defogger_reenable [2012.09.09 19:02:00 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.09.09 18:46:09 | 000,054,966 | ---- | M] () -- C:\Users\Nono\Desktop\RG Plambeck 19102011.pdf [2012.09.09 16:00:13 | 000,000,506 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job [2012.09.09 14:56:36 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.09.09 14:56:36 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.09.09 14:49:14 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.09.09 14:49:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.09.09 14:49:00 | 1408,589,824 | -HS- | M] () -- C:\hiberfil.sys [2012.09.08 18:26:29 | 000,002,411 | ---- | M] () -- C:\Windows\SysWow64\lgAxconfig.ini [2012.09.08 18:26:09 | 000,000,833 | ---- | M] () -- C:\Users\Nono\Desktop\LGMobile Support Tool.lnk [2012.08.31 20:08:44 | 000,002,346 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2012.08.29 23:43:46 | 000,066,878 | ---- | M] () -- C:\Users\Nono\Desktop\PM Entenrennen 16.09. Quickborn.odt [2012.08.27 23:10:26 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job [2012.08.26 19:39:08 | 000,852,642 | ---- | M] () -- C:\Users\Nono\Desktop\Foto260812.JPG [2012.08.19 03:22:05 | 000,358,264 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.08.18 12:51:28 | 000,002,072 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2012.07.31 22:52:21 | 004,503,728 | ---- | M] () -- C:\ProgramData\ras_0oed.pad [2012.07.31 22:52:10 | 000,001,885 | ---- | M] () -- C:\Users\Nono\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk [2012.07.31 22:33:49 | 000,002,109 | ---- | M] () -- C:\Users\Nono\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tbhcn.lnk [2012.07.31 22:33:10 | 000,001,172 | ---- | M] () -- C:\Users\Public\Desktop\Get The Best Facebook Chat Messenger.lnk [2012.07.31 22:33:10 | 000,001,147 | ---- | M] () -- C:\Users\Nono\Desktop\Free Video Converter.lnk [2012.07.31 22:32:27 | 000,445,136 | ---- | M] (Bandoo Media Inc) -- C:\Users\Nono\Desktop\Setup_FreeVideoConverter3.1.0.0.exe [2012.07.31 22:30:50 | 000,352,992 | ---- | M] (Softonic) -- C:\Users\Nono\Desktop\SoftonicDownloader_fuer_koyote-free-video-converter.exe [2012.07.21 13:56:22 | 000,041,991 | ---- | M] () -- C:\Users\Nono\Desktop\menshealthfoto.jpg [2012.07.16 23:09:36 | 000,742,129 | ---- | M] () -- C:\Users\Nono\Desktop\nachmieter.pdf [2012.07.13 16:34:31 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012.07.12 18:35:00 | 000,050,477 | ---- | M] () -- C:\Users\Nono\Desktop\Defogger.exe [2012.07.12 11:56:47 | 000,020,596 | ---- | M] () -- C:\Users\Nono\Desktop\Reisevollmacht Claire 07_12 London.odt [2012.07.11 13:41:06 | 010,063,000 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Nono\Desktop\mbam-setup-1.61.0.1400.exe [2012.07.05 00:16:43 | 000,073,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\netapi32.dll [2012.07.05 00:13:27 | 000,059,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\browcli.dll [2012.07.04 23:14:34 | 000,041,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\browcli.dll [2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.06.27 09:06:35 | 000,134,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012.06.27 09:03:32 | 000,097,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012.06.27 09:03:29 | 000,735,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2012.06.27 09:02:41 | 000,247,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012.06.27 07:53:05 | 000,132,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012.06.27 07:51:30 | 000,067,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012.06.27 07:50:44 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012.06.25 23:56:09 | 000,019,458 | ---- | M] () -- C:\Users\Nono\Desktop\DecryptHelper-0.5.3.jar [2012.06.25 23:14:22 | 000,448,816 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Nono\Desktop\rannohdecryptor.exe [2012.06.16 07:16:04 | 000,609,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2012.06.16 07:15:56 | 000,911,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2012.06.16 06:26:37 | 000,717,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012.06.14 01:06:11 | 001,519,798 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.06.14 01:06:11 | 000,654,150 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.06.14 01:06:11 | 000,616,032 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.06.14 01:06:11 | 000,130,022 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.06.14 01:06:11 | 000,106,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [1 C:\Users\Nono\AppData\Roaming\*.tmp files -> C:\Users\Nono\AppData\Roaming\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.09.09 19:16:08 | 000,000,000 | ---- | C] () -- C:\Users\Nono\defogger_reenable [2012.09.09 18:46:09 | 000,054,966 | ---- | C] () -- C:\Users\Nono\Desktop\RG Plambeck 19102011.pdf [2012.09.08 18:26:09 | 000,000,833 | ---- | C] () -- C:\Users\Nono\Desktop\LGMobile Support Tool.lnk [2012.09.08 18:26:04 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\CommonDL.dll [2012.09.08 18:26:04 | 000,002,411 | ---- | C] () -- C:\Windows\SysWow64\lgAxconfig.ini [2012.08.29 23:22:54 | 000,066,878 | ---- | C] () -- C:\Users\Nono\Desktop\PM Entenrennen 16.09. Quickborn.odt [2012.08.26 19:39:07 | 000,852,642 | ---- | C] () -- C:\Users\Nono\Desktop\Foto260812.JPG [2012.08.22 21:12:06 | 000,073,624 | ---- | C] () -- C:\Users\Nono\Desktop\DSC_6114.jpg [2012.07.31 22:52:10 | 004,503,728 | ---- | C] () -- C:\ProgramData\ras_0oed.pad [2012.07.31 22:52:10 | 000,001,885 | ---- | C] () -- C:\Users\Nono\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk [2012.07.31 22:33:49 | 000,002,109 | ---- | C] () -- C:\Users\Nono\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tbhcn.lnk [2012.07.31 22:33:10 | 000,001,172 | ---- | C] () -- C:\Users\Public\Desktop\Get The Best Facebook Chat Messenger.lnk [2012.07.31 22:33:10 | 000,001,147 | ---- | C] () -- C:\Users\Nono\Desktop\Free Video Converter.lnk [2012.07.21 13:56:43 | 000,041,991 | ---- | C] () -- C:\Users\Nono\Desktop\menshealthfoto.jpg [2012.07.16 23:09:36 | 000,742,129 | ---- | C] () -- C:\Users\Nono\Desktop\nachmieter.pdf [2012.07.12 18:34:58 | 000,050,477 | ---- | C] () -- C:\Users\Nono\Desktop\Defogger.exe [2012.07.12 11:43:18 | 000,020,596 | ---- | C] () -- C:\Users\Nono\Desktop\Reisevollmacht Claire 07_12 London.odt [2012.07.11 13:43:15 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012.07.11 13:24:19 | 002,763,579 | ---- | C] () -- C:\Users\Nono\Desktop\Hochzeit_Keno_und_Natascha_29102010_112.jpg [2012.07.11 13:24:00 | 002,763,579 | ---- | C] () -- C:\Users\Nono\Desktop\sQloteXvOxjrxlovda [2012.06.25 23:56:09 | 000,019,458 | ---- | C] () -- C:\Users\Nono\Desktop\DecryptHelper-0.5.3.jar [2012.06.03 23:20:30 | 000,000,038 | ---- | C] () -- C:\Users\Nono\AppData\Roaming\AVSDVDPlayer.m3u [2012.06.03 23:15:36 | 000,139,264 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll [2012.06.03 23:15:35 | 000,524,288 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2012.01.10 20:23:53 | 000,002,048 | -HS- | C] () -- C:\Users\Nono\AppData\Local\{3f0fe874-cc29-ad07-a08f-54e5db1d9514}\@ [2011.12.29 23:01:58 | 000,000,760 | ---- | C] () -- C:\Users\Nono\AppData\Roaming\urhtps.dat [2011.12.17 13:30:36 | 000,000,036 | ---- | C] () -- C:\Users\Nono\AppData\Roaming\blckdom.res [2011.01.01 23:19:05 | 000,000,137 | ---- | C] () -- C:\Users\Nono\AppData\Roaming\trueburner.ini [2010.12.19 15:08:15 | 000,121,160 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat [2010.12.10 23:00:37 | 000,041,202 | ---- | C] () -- C:\Users\Nono\AppData\Roaming\UserTile.png [2010.07.30 15:09:57 | 000,099,384 | ---- | C] () -- C:\Users\Nono\AppData\Roaming\inst.exe [2010.07.30 15:09:57 | 000,007,859 | ---- | C] () -- C:\Users\Nono\AppData\Roaming\pcouffin.cat [2010.07.30 15:09:57 | 000,001,167 | ---- | C] () -- C:\Users\Nono\AppData\Roaming\pcouffin.inf [2010.05.28 18:15:06 | 000,000,012 | ---- | C] () -- C:\Users\Nono\AppData\Roaming\vqdlkr.dat [2010.02.21 22:27:23 | 000,003,584 | ---- | C] () -- C:\Users\Nono\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== Alternate Data Streams ========== @Alternate Data Stream - 574 bytes -> C:\Users\Nono\Documents\NtrNLLllUduQyyXpxG:OECustomProperty @Alternate Data Stream - 574 bytes -> C:\Users\Nono\Documents\EIN Groß, mit Text.eml:OECustomProperty @Alternate Data Stream - 478 bytes -> C:\Users\Nono\Documents\jfvVVesoEgOxGpXyqQudd:OECustomProperty @Alternate Data Stream - 478 bytes -> C:\Users\Nono\Documents\123.eml:OECustomProperty < End of report > und nun die EXTRAS: OTL Extras logfile created on: 09.09.2012 19:38:54 - Run 1 OTL by OldTimer - Version 3.2.61.3 Folder = C:\Users\Nono\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,75 Gb Total Physical Memory | 0,47 Gb Available Physical Memory | 26,68% Memory free 3,50 Gb Paging File | 1,72 Gb Available in Paging File | 49,29% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 288,90 Gb Total Space | 137,89 Gb Free Space | 47,73% Space Free | Partition Type: NTFS Drive J: | 596,02 Gb Total Space | 26,36 Gb Free Space | 4,42% Space Free | Partition Type: FAT32 Computer Name: DELL_7 | User Name: Nono | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 90 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{19A64A62-0C66-4349-A353-67B0671F156E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{1E8269AB-B86C-4467-92F8-5687CD36D110}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{28DCC748-147F-46F8-9DA4-2D1AFA21F728}" = lport=10243 | protocol=6 | dir=in | app=system | "{47DF5E26-B2C0-4326-9AC5-72279B74C00C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{4D443685-724D-499D-92D9-E3114AF256B7}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{4E2D2314-341E-4D12-8D27-58579CF3FCD0}" = lport=138 | protocol=17 | dir=in | app=system | "{564C1D45-2DDA-4939-A2AE-EAEADE2F7884}" = lport=2869 | protocol=6 | dir=in | app=system | "{57586AF5-422C-42C0-8A8C-44008D642578}" = lport=445 | protocol=6 | dir=in | app=system | "{58C213C1-A325-410A-8755-A41940176F2B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{5D4086BA-4BB0-4792-BB44-388D81DCBD6B}" = rport=139 | protocol=6 | dir=out | app=system | "{70386BBD-E1F1-49F5-933E-C108AB696678}" = rport=10243 | protocol=6 | dir=out | app=system | "{799F49C1-7624-4054-80AD-50106814CD35}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{79E52305-F341-4E4B-96A3-2A8A3F167736}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{BED6402D-F177-47C2-A4FC-FE0ACCB85E56}" = lport=139 | protocol=6 | dir=in | app=system | "{BF11DE52-ACC6-4E4D-9CA2-029384128477}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{C3E8950E-5F1E-4454-9FE6-94BFF65C94E9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{C8AB6235-30EB-4FA7-9343-B58AA7167321}" = rport=445 | protocol=6 | dir=out | app=system | "{D990B069-A26F-4B36-8AAA-3B71B48C98E0}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{E1ADF01A-F5D3-41C2-8FF0-AA494BDC0BD4}" = rport=138 | protocol=17 | dir=out | app=system | "{F036C2E6-DB6E-4F8E-97EA-282FE63305A1}" = lport=137 | protocol=17 | dir=in | app=system | "{F0D5B393-2C67-45C4-8E6A-8C3309725593}" = rport=137 | protocol=17 | dir=out | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{21A5FF41-7C56-49E6-8EAF-2D5937571D56}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{2B6F5026-2BF9-481A-BDF6-514AC0AC0A0C}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd dx\powerdvd.exe | "{3635CF55-30E5-4D4B-8D9C-C5770607CD04}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{491D9125-21A0-41AE-87D8-44D5DBCEDD8E}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "{536268C7-877C-4698-BF11-352F3029DFB6}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{59230CB6-1A7E-41FB-A12C-3C5CDEC5BFD1}" = protocol=17 | dir=in | app=c:\users\nono\appdata\roaming\dropbox\bin\dropbox.exe | "{5C52D52D-1D9E-4856-9771-14AA81094612}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd dx\pdvddxsrv.exe | "{5FCCD3E7-8D1B-46C9-B5C5-46CFAE4FA5F9}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{611D2346-FF5B-4CF3-BCCB-E8757CC3361C}" = protocol=6 | dir=in | app=c:\program files (x86)\searchqu toolbar\datamngr\toolbar\dtuser.exe | "{67FAADF4-FF86-4247-B1A5-D019D2BFEDC1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{6A8E1439-D27A-406E-947A-174315C45C10}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{6D78FCB4-3D0C-45E4-A7C9-D93C68B437C6}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{770FE99E-90F5-402D-97F6-78264B94403A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{7D431369-C2E9-48EC-B85E-01E6FB8EED45}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{7FF585B2-57EF-4F2A-9194-744FBA8A57A5}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{8104030B-3652-44AB-9E0F-A206111AD9F0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{84759F7B-618F-4785-B496-02E5D0C091E5}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{86A2DE9C-6993-4873-9660-7D419E1741CE}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{953B67AE-AE72-46CB-B222-74A9235106B8}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{A21FE641-0DD2-480B-AFFE-A61ECA40E702}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{AF1AC2F9-6B35-4FC5-B3C6-C3B322A1AD98}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{B52F175E-4D85-4B2E-A912-C8C333434BF3}" = protocol=17 | dir=in | app=c:\program files (x86)\searchqu toolbar\datamngr\toolbar\dtuser.exe | "{BDCF9B26-0AF5-4F33-ACDD-5267E735D668}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{C5698A48-36D3-4505-AABF-B114237557AC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{D209232C-E95C-41B7-9228-83567ED3EB6D}" = protocol=6 | dir=out | app=system | "{DEDF0D9C-339F-43AF-88B7-98D8C15B7601}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{E0DCC227-4802-4EAB-8939-8E28FD2032D0}" = protocol=6 | dir=in | app=c:\users\nono\appdata\roaming\dropbox\bin\dropbox.exe | "{EBB33A25-2067-408D-B0B4-7B169B4C1035}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{ED03FF72-32A3-478E-BF35-F0D2254BBF7A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{F58EBA28-AC20-4FFC-BD62-49E059694E1D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{F7E69367-E390-45F0-9934-1A48F5139149}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{F9CC70C2-E282-44A4-A2B7-DC3592ED7F28}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | "{FBFF90C0-F11B-4D30-9786-2B7C03CC2C09}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "TCP Query User{1612603E-358B-42D4-B7C5-1F9F6AAACC94}C:\users\nono\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\nono\appdata\roaming\dropbox\bin\dropbox.exe | "TCP Query User{169C0A8A-B06C-4ED0-B21E-2664E945AB15}C:\users\nono\appdata\roaming\utuk\xymuo.exe" = protocol=6 | dir=in | app=c:\users\nono\appdata\roaming\utuk\xymuo.exe | "TCP Query User{1DB14A05-6922-4FFE-9415-78F46ED94C5B}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe | "TCP Query User{4AEFA0D1-ED67-43AE-BB14-3EC43A4C9C13}C:\program files\emule\emule.exe" = protocol=6 | dir=in | app=c:\program files\emule\emule.exe | "TCP Query User{598AC971-CA1B-4CFA-8E7D-0A9573FD2DA2}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | "TCP Query User{8A396804-CC70-4AFA-B73A-55E2520D26F7}C:\users\nono\appdata\roaming\utuk\xymuo.exe" = protocol=6 | dir=in | app=c:\users\nono\appdata\roaming\utuk\xymuo.exe | "TCP Query User{D9671DC2-D2A4-4AAE-87D7-14940FF59391}C:\program files\emule\emule.exe" = protocol=6 | dir=in | app=c:\program files\emule\emule.exe | "UDP Query User{0F2C7E30-392D-4B18-8884-DE36114538A8}C:\program files\emule\emule.exe" = protocol=17 | dir=in | app=c:\program files\emule\emule.exe | "UDP Query User{343B1CC4-088B-414D-989D-AE581D273588}C:\users\nono\appdata\roaming\utuk\xymuo.exe" = protocol=17 | dir=in | app=c:\users\nono\appdata\roaming\utuk\xymuo.exe | "UDP Query User{7175E692-AEA8-4752-B17C-02E9BA942843}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe | "UDP Query User{D4F8DF5C-7F4C-43A4-AC0C-1D74231B8581}C:\users\nono\appdata\roaming\utuk\xymuo.exe" = protocol=17 | dir=in | app=c:\users\nono\appdata\roaming\utuk\xymuo.exe | "UDP Query User{DE865481-A43B-4085-8B9D-88FFDF3DD889}C:\program files\emule\emule.exe" = protocol=17 | dir=in | app=c:\program files\emule\emule.exe | "UDP Query User{E019A3E8-D7B1-4D4D-ABCD-D243777E6145}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | "UDP Query User{EABC9246-943E-45A8-A0BF-A3B3FC624922}C:\users\nono\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\nono\appdata\roaming\dropbox\bin\dropbox.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0090A87C-3E0E-43D4-AA71-A71B06563A4A}" = Dell Support Center "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{26A24AE4-039D-4CA4-87B4-2F86416014FF}" = Java(TM) 6 Update 14 (64-bit) "{6DD01FF3-63CE-436B-96DB-61363EAA4EB8}" = MobileMe Control Panel "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support "{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes "{D1829BE5-F305-4576-9593-C66FC7E0B008}" = iCloud "{E60B7350-EA5F-41E0-9D6F-E508781E36D2}" = Dell Dock "{F0A36649-873E-4832-A5F1-BF5DF8600BDB}" = Windows Live Family Safety "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "{F6E2FA73-B2A7-8223-98EC-685E2E8F6CE0}" = ccc-utility64 "Dell Support Center" = Dell Support Center "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{04F3038E-4120-44CC-B330-E05F737246A5}" = Roxio Update Manager "{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center "{0A169B94-4AF2-AD4B-1265-E1074A347418}" = Catalyst Control Center Core Implementation "{0F15BB9F-7E5E-A355-FA8E-C2164726E577}" = CCC Help Portuguese "{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}" = Dell DataSafe Online "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 26 "{277832E3-0A34-C91C-D344-2FED4C847397}" = CCC Help German "{279355E6-EE94-A7A5-F6B5-2903748443AE}" = Catalyst Control Center Graphics Full New "{290AC453-D1F4-F73B-F01C-0018BC10B62B}" = ccc-core-static "{2A3A4BD6-6CE0-4E2A-80D2-1D0FF6ACBFBA}" = LG United Mobile Driver "{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie "{39A3C9DD-457C-5BF1-4B2D-A76927264B26}" = CCC Help Dutch "{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform "{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent "{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth "{5AC4AE26-732F-40DE-CC6C-A4BFC2142BF8}" = CCC Help English "{665B3CA4-DAB1-D27E-6727-0BEF6593E882}" = CCC Help Greek "{674AD787-B463-ED3E-CCA8-4F49A9C1785D}" = Catalyst Control Center Localization All "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX "{7009600B-85C8-5D83-1101-6446540F1897}" = Catalyst Control Center Graphics Previews Common "{70E0CA5A-C047-4847-8FF0-735D4E77A5FB}" = WISO Haushaltsbuch 2010 "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7305AE01-CD11-18B5-DC5F-B1A2960935C3}" = CCC Help Polish "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime "{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide "{83BBF5E6-004F-1DBA-EC29-1033B675831B}" = CCC Help Thai "{8508FB72-89A3-41FD-DE33-9EEBFB298947}" = CCC Help Italian "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86) "{8B76B8E9-F773-4B75-A08C-120079EB765E}" = RAIDXpert "{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System "{97835E04-BA21-6878-768F-1B84EA2ADAC1}" = CCC Help Norwegian "{99E862CC-6F69-4D39-99AA-DBF71BF3B585}" = OpenOffice.org 3.1 "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A192CA8A-5259-ECD5-1564-AB715B722432}" = CCC Help Japanese "{A33E7B0C-B99C-4EC9-B702-8A328B161AF9}" = Roxio Burn "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.0 - Deutsch "{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}" = Roxio Burn "{B31327DF-2B59-F072-8B44-79CDE915D75E}" = CCC Help Danish "{B4089055-D468-45A4-A6BA-5A138DD715FC}" = Bing Bar "{B41423C9-C260-F8C8-39DD-541400ECF367}" = CCC Help French "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86) "{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail "{C6CBE669-DDCA-DB7F-236D-18B20BEFF1B5}" = CCC Help Chinese Traditional "{CA7D81F8-5661-3D97-F6B0-5E0993511A5D}" = CCC Help Finnish "{D069C7EF-001B-5378-9F71-F005DE42E255}" = Catalyst Control Center Graphics Light "{D2A7D7D8-1E27-8464-6666-44B6FB83B3FC}" = CCC Help Czech "{D86DE1ED-9BF1-6101-6D08-2D762B28D8C8}" = CCC Help Korean "{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer "{E1A8F958-D748-63DD-F2D2-82BE71B0F905}" = CCC Help Hungarian "{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update "{E40A74A2-D821-2442-CCA3-75C54964D525}" = Catalyst Control Center Graphics Full Existing "{E43ACD6B-0E7E-4F4C-0BA8-999FCB5FC5B9}" = CCC Help Chinese Standard "{E481DB0E-52F2-4EE0-9BDA-9EE173FA6EA2}" = Catalyst Control Center - Branding "{E9684BDD-32A6-550C-6456-0A4209EB4F3A}" = CCC Help Russian "{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support "{F05F2DB5-4300-C318-4560-08CD9E35F512}" = CCC Help Spanish "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F1D038D6-6229-AA2E-A8D1-43EED2CBF0BD}" = CCC Help Swedish "{F322850C-6CCB-FC54-D36D-0F4E1CC90CBF}" = Skins "{F527F14E-B80A-5BE7-DC85-8BF2D172067F}" = CCC Help Turkish "{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials "{FF4F3E30-6638-6A16-2A68-139F6C613233}" = Catalyst Control Center Graphics Previews Vista "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "{FFB07785-9FC3-334F-A54F-AC8D5B471EAE}" = Catalyst Control Center InstallProxy "7-Zip" = 7-Zip 4.65 "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Avira AntiVir Desktop" = Avira Free Antivirus "AVS DVD Player_is1" = AVS DVD Player version 2.4 "AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.2 "Bildschutz_is1" = Bildschutz Pro "BrowserCompanion" = BrowserCompanion "FileZilla Client" = FileZilla Client 3.5.3 "FLV Player" = FLV Player 2.0 (build 25) "Fotobuch_is1" = Fotobuch "Free Audio CD Burner_is1" = Free Audio CD Burner version 1.2 "Free Video Converter_is1" = Free Video Converter V 3.1 "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.2 "Google Chrome" = Google Chrome "InstallShield_{8B76B8E9-F773-4B75-A08C-120079EB765E}" = RAIDXpert "MailNavigator v.1.11" = MailNavigator v.1.11 "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300 "Recovery Toolbox for Outlook_is1" = Recovery Toolbox for Outlook 1.0 "Searchqu Toolbar" = Searchqu Toolbar "Uninstall_is1" = Uninstall 1.0.0.1 "VSO DivxToDVD_is1" = DivxToDVD 0.5.2 "waterMark V2" = waterMark V2 "WinLiveSuite_Wave3" = Windows Live Essentials "WISO Haushaltsbuch 2010" = WISO Haushaltsbuch 2010 "XMedia Recode" = XMedia Recode 2.2.5.0 ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{EE20E438-B675-4421-AB07-928F0EC9FB22}_is1" = Albelli Fotobücher "Dropbox" = Dropbox ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 18.02.2012 15:07:56 | Computer Name = DELL_7 | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 18.02.2012 15:37:49 | Computer Name = DELL_7 | Source = SideBySide | ID = 16842787 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files (x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile 8. Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein. Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition: WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose. Error - 18.02.2012 16:05:34 | Computer Name = DELL_7 | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 18.02.2012 17:13:39 | Computer Name = DELL_7 | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 18.02.2012 18:12:39 | Computer Name = DELL_7 | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 19.02.2012 07:12:10 | Computer Name = DELL_7 | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 19.02.2012 07:12:11 | Computer Name = DELL_7 | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 19.02.2012 07:12:11 | Computer Name = DELL_7 | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 19.02.2012 07:18:49 | Computer Name = DELL_7 | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 19.02.2012 08:00:13 | Computer Name = DELL_7 | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 19.02.2012 09:06:29 | Computer Name = DELL_7 | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . [ Media Center Events ] Error - 03.09.2010 17:52:13 | Computer Name = DELL_7 | Source = MCUpdate | ID = 0 Description = 23:52:09 - Fehler beim Herstellen der Internetverbindung. 23:52:09 - Serververbindung konnte nicht hergestellt werden.. Error - 06.09.2010 02:05:40 | Computer Name = DELL_7 | Source = MCUpdate | ID = 0 Description = 08:05:35 - Fehler beim Herstellen der Internetverbindung. 08:05:35 - Serververbindung konnte nicht hergestellt werden.. Error - 19.09.2010 15:12:20 | Computer Name = DELL_7 | Source = MCUpdate | ID = 0 Description = 21:12:20 - Fehler beim Herstellen der Internetverbindung. 21:12:20 - Serververbindung konnte nicht hergestellt werden.. Error - 19.09.2010 15:12:29 | Computer Name = DELL_7 | Source = MCUpdate | ID = 0 Description = 21:12:25 - Fehler beim Herstellen der Internetverbindung. 21:12:25 - Serververbindung konnte nicht hergestellt werden.. Error - 29.09.2010 08:58:20 | Computer Name = DELL_7 | Source = MCUpdate | ID = 0 Description = 14:58:20 - Fehler beim Herstellen der Internetverbindung. 14:58:20 - Serververbindung konnte nicht hergestellt werden.. Error - 29.09.2010 08:58:30 | Computer Name = DELL_7 | Source = MCUpdate | ID = 0 Description = 14:58:25 - Fehler beim Herstellen der Internetverbindung. 14:58:25 - Serververbindung konnte nicht hergestellt werden.. Error - 04.12.2010 04:11:37 | Computer Name = DELL_7 | Source = MCUpdate | ID = 0 Description = 09:11:36 - Fehler beim Herstellen der Internetverbindung. 09:11:36 - Serververbindung konnte nicht hergestellt werden.. Error - 04.12.2010 05:12:14 | Computer Name = DELL_7 | Source = MCUpdate | ID = 0 Description = 10:12:13 - Fehler beim Herstellen der Internetverbindung. 10:12:13 - Serververbindung konnte nicht hergestellt werden.. Error - 04.12.2010 06:13:06 | Computer Name = DELL_7 | Source = MCUpdate | ID = 0 Description = 11:13:06 - Fehler beim Herstellen der Internetverbindung. 11:13:06 - Serververbindung konnte nicht hergestellt werden.. Error - 04.12.2010 07:13:38 | Computer Name = DELL_7 | Source = MCUpdate | ID = 0 Description = 12:13:38 - Fehler beim Herstellen der Internetverbindung. 12:13:38 - Serververbindung konnte nicht hergestellt werden.. [ System Events ] Error - 31.08.2012 13:12:40 | Computer Name = DELL_7 | Source = Service Control Manager | ID = 7000 Description = Der Dienst "AMD External Events Utility" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error - 31.08.2012 13:28:59 | Computer Name = DELL_7 | Source = DCOM | ID = 10010 Description = Error - 04.09.2012 01:10:28 | Computer Name = DELL_7 | Source = Service Control Manager | ID = 7031 Description = Der Dienst "Microsoft .NET Framework NGEN v4.0.30319_X64" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts. Error - 05.09.2012 12:48:15 | Computer Name = DELL_7 | Source = Service Control Manager | ID = 7009 Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst COM+-Ereignissystem erreicht. Error - 05.09.2012 12:48:15 | Computer Name = DELL_7 | Source = Service Control Manager | ID = 7000 Description = Der Dienst "COM+-Ereignissystem" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error - 05.09.2012 12:48:15 | Computer Name = DELL_7 | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Benachrichtigungsdienst für Systemereignisse" ist vom Dienst "COM+-Ereignissystem" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1053 Error - 06.09.2012 13:07:19 | Computer Name = DELL_7 | Source = Service Control Manager | ID = 7009 Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst AMD External Events Utility erreicht. Error - 06.09.2012 13:07:19 | Computer Name = DELL_7 | Source = Service Control Manager | ID = 7000 Description = Der Dienst "AMD External Events Utility" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error - 08.09.2012 10:30:18 | Computer Name = DELL_7 | Source = Service Control Manager | ID = 7009 Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst AMD External Events Utility erreicht. Error - 08.09.2012 10:30:18 | Computer Name = DELL_7 | Source = Service Control Manager | ID = 7000 Description = Der Dienst "AMD External Events Utility" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 < End of report > Malwarebytes Anti-Malware (Test) 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.07.11.05 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 8.0.7601.17514 Nono :: DELL_7 [Administrator] Schutz: Aktiviert 11.07.2012 13:44:07 mbam-log-2012-07-11 (13-44-07).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 217606 Laufzeit: 5 Minute(n), 29 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 2 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Userinit (Trojan.Agent) -> Daten: C:\Users\Nono\AppData\Roaming\appconf32.exe -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|DAT3BC8.tmp.exe (Trojan.FakeAlert) -> Daten: C:\Users\Nono\AppData\Local\Temp\DAT3BC8.tmp.exe -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) |
Bitte erstmal routinemäßig einen Vollscan mit malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen! Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Die Funde mit Malwarebytes bitte alle entfernen, sodass sie in der Quarantäne von Malwarebytes aufgehoben werden! NICHTS voreilig aus der Quarantäne entfernen! Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten! ESET Online Scanner
Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code: hier steht das Log |
:daumenhoc hallo cosinus, danke für deine antwort. sorry, ich war beruflich sehr eingespannt. hier ist schon mal das aktuelle logfile von malewarebytes: mache gleich mal eset. gruß eKeno so richtig? Code: Malwarebytes Anti-Malware 1.65.0.1400 |
Du sollst die Logs wie posten? Eben nicht in den Anhang, sondern direkt in den Beitrag abermit CODE-Tags umschlossen |
Hier das ESET log. Und nur zur info als Anhang der ukash texthinweis auf die 200 € .. Code: C:\Program Files (x86)\Searchqu Toolbar\Datamngr\datamngr.dll a variant of Win32/Toolbar.SearchSuite application |
Der Vollscan mit Malwarebytes ist ja schon eine Woche her. Und selbst da hast du vier Tage alte Signaturen verwendet. Außerdem müssen die Funde von Malwarebytes in die Quarantäne. Bitte den Vollscan mit Malwarebytes mit aktuellen Signaturen wiederholen. |
hier das aktuelle log. Code: Malwarebytes Anti-Malware 1.65.0.1400 |
adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren Downloade Dir bitte AdwCleaner auf deinen Desktop. Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!
|
Hier das adw-Ergebnis. Nebenbei: wenn die externe Festplatte vor dem Hochfahren eingeschaltet ist, startet win7 nicht, der Bildschirm bleibt schwarz, keine Funktionen auch kein strg-alt-entf. Gruß eKeno Code: # AdwCleaner v2.002 - Datei am 09/19/2012 um 20:52:26 erstellt |
adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen
|
Code: # AdwCleaner v2.002 - Datei am 09/20/2012 um 23:26:21 erstellt |
Hätte da mal zwei Fragen bevor es weiter geht (wir sind noch nicht fertig!) 1.) Geht der normale Modus von Windows (wieder) uneingeschränkt? 2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden? |
1.) Ja. Das System ist (auch) schneller geworden. 2.) Nein. Keine leeren Ordner, auch nicht Unterordner Leider sind wir noch nicht fertig, denn ich habe noch tausende Dateien, die sich nicht mehr öffnen lassen, weil sie z.B. "edveGqDrndraVoD" heißen :-( |
Zitat:
Wozu haben wir die Hinweise oben? Da steht doch oben alles! :pfeiff: Eine Entschlüsselung ist unwahrscheinlich bis unmöglich! Zitat:
Wenn Vista oder Win7 im Einsatz sind, den ShadowExplorer testen! Aber keine unnötige Zeit mit Entschlüsselungsversuchen verschwenden Und in Zukunft willst du sicher mal an ein besseres Backupkonzept denken. Hier ein Denkanstoß => http://www.trojaner-board.de/115678-...r-backups.html |
Zitat:
Wie geht es nun weiter? Gruß eKeno |
| Alle Zeitangaben in WEZ +1. Es ist jetzt 17:14 Uhr. |
Copyright ©2000-2025, Trojaner-Board
