Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   GVU trojaner in win7 eingefangen (https://www.trojaner-board.de/127912-gvu-trojaner-win7-eingefangen.html)

andybar 07.12.2012 00:51
GVU trojaner in win7 eingefangen
 
hallo zusammen,

hab zuerst den norton power eraser laufen lassen, der hat mir ne verdaechtige exe datei gefunden mit unsinnigem namen... diese wurde geloescht, leider taucht der gvu bildschirm weiter auf. hab nun malwarebytes laufen lassen, der so einige infizierte dateien gefunden hat. leider ist dies ein aelterer pc daher hat er kaum noch virenschutz. nun ja, die logdatei hab ich abgespeichert, die infizierten datei aber nicht geloescht. hab aber auch keine ahnung wie ich die in quarantaene bekomme.

otl hab ich noch nicht laufen lassen, weiss aber dass das wohl der naechste schritt waere. (oder der erste haette sein sollen)

hatte den bundespolizei trojaner schon mal vor knapp 3 monaten und hab da einfach nur nach dieser exe datei gesucht,diese geloescht und weg war das problem... wohl auch nur oberflaechlich.

wie genau poste ich die logdateien hier korrekt?

was genau muss ich jetzt weiter machen? im abgesicherten modus laeuft alles wunderbar...

lieben gruss

andybar

t'john 07.12.2012 07:31
:hallo:

Bitte das Malwarebytes Logfile posten!
(Reiter Logdateien)



danach:


Systemscan mit OTL (bebilderte Anleitung)

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden)- Doppelklick auf die OTL.exe

  • Vista und Win7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Wähle Scanne Alle Benuzer
  • Oben findest Du ein Kästchen mit Ausgabe. Wähle bitte Minimale Ausgabe
  • Unter Extra Registrierung, wähle bitte Benutze SafeList
  • Klicke nun auf Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.

andybar 07.12.2012 11:50
Code:
Malwarebytes Anti-Malware (Test) 1.65.1.1000
www.malwarebytes.org

Datenbank Version: v2012.12.06.12

Windows Vista x86 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 7.0.6000.17037
admin :: ADMIN-PC [Administrator]

Schutz: Deaktiviert

2012-12-06 23:21:17
malware logdatei.txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|F:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 385600
Laufzeit: 1 Stunde(n), 13 Minute(n), 44 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (Adware.VideoEgg) -> Keine Aktion durchgeführt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 8
C:\Program Files\Search Guard Plus\SearchGuardPlus.exe (PUP.Fbsearch) -> Keine Aktion durchgeführt.
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U88JZWBM\myfile[1].dll (Trojan.FakeMS) -> Keine Aktion durchgeführt.
C:\Users\admin\AppData\Local\Temp\ea21kzzj.dat (Trojan.Agent) -> Keine Aktion durchgeführt.
C:\Users\admin\AppData\Local\Temp\wpbt0.dll (Trojan.FakeMS) -> Keine Aktion durchgeführt.
C:\Users\admin\AppData\Local\Temp\Low\{1BB22D38-A411-4B13-A746-C2A4F4EC7344}\SearchGuardPlus.exe (PUP.Fbsearch) -> Keine Aktion durchgeführt.
C:\Users\admin\AppData\Local\Temp\Low\{1BB22D38-A411-4B13-A746-C2A4F4EC7344}\update.exe (PUP.Fbsearch) -> Keine Aktion durchgeführt.
C:\Users\admin\Downloads\installer_limewire_music_2_5_0_0_Deutsch_Deutsch.exe (PUP.SmsPay.PGen) -> Keine Aktion durchgeführt.
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk (Trojan.Ransom.SUGen) -> Keine Aktion durchgeführt.
Code:
OTL logfile created on: 2012-12-07 11:46:07 - Run 1
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\admin\Downloads
Windows Vista Home Basic Edition  (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.17037)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd
 
1014,81 Mb Total Physical Memory | 445,45 Mb Available Physical Memory | 43,90% Memory free
2,22 Gb Paging File | 1,78 Gb Available in Paging File | 80,25% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 66,01 Gb Total Space | 3,08 Gb Free Space | 4,66% Space Free | Partition Type: NTFS
Drive E: | 1,55 Gb Total Space | 1,31 Gb Free Space | 84,61% Space Free | Partition Type: NTFS
Drive F: | 6,96 Gb Total Space | 0,77 Gb Free Space | 11,01% Space Free | Partition Type: NTFS
 
Computer Name: ADMIN-PC | User Name: ++++++ | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\admin\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\System32\Macromed\Flash\NPSWF32.dll ()
MOD - C:\Program Files\Adobe\Reader 8.0\Reader\ViewerPS.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (Netzmanager Service) -- C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe (Deutsche Telekom AG)
SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\3.0.207\McCHSvc.exe (McAfee, Inc.)
SRV - (FsUsbExService) -- C:\Windows\System32\FsUsbExService.Exe (Teruten)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (BcmSqlStartupSvc) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (Com4Qlb) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe (Hewlett-Packard Development Company, L.P.)
SRV - (IviRegMgr) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (dgderdrv) -- System32\drivers\dgderdrv.sys File not found
DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (FsUsbExDisk) -- C:\Windows\System32\FsUsbExDisk.Sys ()
DRV - (TelekomNM3) -- C:\Program Files\Netzmanager\NMInfraIS2\Driver\TelekomNM3.sys (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH)
DRV - (ss_bmdm) -- C:\Windows\System32\drivers\ss_bmdm.sys (MCCI Corporation)
DRV - (ss_bserd) -- C:\Windows\System32\drivers\ss_bserd.sys (MCCI Corporation)
DRV - (ss_bbus) -- C:\Windows\System32\drivers\ss_bbus.sys (MCCI)
DRV - (ss_bmdfl) -- C:\Windows\System32\drivers\ss_bmdfl.sys (MCCI Corporation)
DRV - (CnxtHdAudService) -- C:\Windows\System32\drivers\CHDRT32.sys (Conexant Systems Inc.)
DRV - (NWUSBPort) -- C:\Windows\System32\drivers\nwusbser.sys (Novatel Wireless Inc.)
DRV - (NWUSBModem) -- C:\Windows\System32\drivers\nwusbmdm.sys (Novatel Wireless Inc.)
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (SCDEmu) -- C:\Windows\System32\drivers\scdemu.sys (PowerISO Computing, Inc.)
DRV - (NETw4v32) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation)
DRV - (HdAudAddService) -- C:\Windows\System32\drivers\CHDART.sys (Conexant Systems Inc.)
DRV - (eabfiltr) -- C:\Windows\System32\drivers\eabfiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (TPM) -- C:\Windows\System32\drivers\tpm.sys (Microsoft Corporation)
DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (NETw3v32) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel® Corporation)
DRV - (WimFltr) -- C:\Windows\System32\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (HBtnKey) -- C:\Windows\System32\drivers\CPQBttn.sys (Hewlett-Packard Development Company, L.P.)
DRV - (USBModem) -- C:\Windows\System32\drivers\lgusbmodem.sys (LG Electronics Inc.)
DRV - (usbbus) -- C:\Windows\System32\drivers\lgusbbus.sys (LG Electronics Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-2261950191-2028412838-3850619813-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.hp.com
IE - HKU\S-1-5-21-2261950191-2028412838-3850619813-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.pl/
IE - HKU\S-1-5-21-2261950191-2028412838-3850619813-1006\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2261950191-2028412838-3850619813-1006\..\URLSearchHook: {91C18ED5-5E1C-4AE5-A148-A861DE8C8E16} - C:\Program Files\SGPSA\mtwb3sh.dll (TODO: <Company name>)
IE - HKU\S-1-5-21-2261950191-2028412838-3850619813-1006\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-2261950191-2028412838-3850619813-1006\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\S-1-5-21-2261950191-2028412838-3850619813-1006\..\SearchScopes\{19F2B849-4ADE-4d4b-85F9-C31C643DBDE9}: "URL" = hxxp://www.fastbrowsersearch.com/results/results.aspx?q={searchTerms}&c=web&s=DSP&v=19&tid={81F9440B-69F8-488a-B325-FC49A53489B5}
IE - HKU\S-1-5-21-2261950191-2028412838-3850619813-1006\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.pl/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_en
IE - HKU\S-1-5-21-2261950191-2028412838-3850619813-1006\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69}: "URL" = hxxp://search.bearshare.com/webResults.html?src=ieb&q={searchTerms}
IE - HKU\S-1-5-21-2261950191-2028412838-3850619813-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2240: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1348: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\admin\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\admin\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\admin\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012-12-05 21:51:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012-12-05 21:50:54 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012-12-05 21:51:27 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012-12-05 21:50:54 | 000,000,000 | ---D | M]
 
[2009-11-03 20:35:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\admin\AppData\Roaming\mozilla\Extensions
[2012-10-23 08:07:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\admin\AppData\Roaming\mozilla\Firefox\Profiles\wcudwnos.default\extensions
[2010-10-17 12:35:45 | 000,000,000 | ---D | M] (vShare Plugin) -- C:\Users\admin\AppData\Roaming\mozilla\Firefox\Profiles\wcudwnos.default\extensions\vshare@toolbar
[2012-10-18 08:52:28 | 000,020,591 | ---- | M] () (No name found) -- C:\Users\admin\AppData\Roaming\mozilla\firefox\profiles\wcudwnos.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi
[2012-12-05 21:50:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012-12-05 21:51:27 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012-10-11 03:58:06 | 000,002,767 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml
[2012-10-11 03:58:06 | 000,001,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml
[2012-10-11 03:58:06 | 000,000,917 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml
[2012-10-11 03:58:06 | 000,000,858 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml
[2012-10-11 03:58:06 | 000,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml
[2012-10-11 03:58:06 | 000,001,683 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.google.com
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: hxxp://www.google.com
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.95\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.95\gears.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.95\gcswf32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.160.1 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll
CHR - plugin: Java(TM) Platform SE 6 U16 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files\Veetle\Player\npvlc.dll
CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files\Veetle\plugins\npVeetle.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.51204.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
 
O1 HOSTS File: ([2006-09-18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (UrlHelper Class) - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll File not found
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Search Assistant) - {F0626A63-410B-45E2-99A1-3F2475B2D695} - C:\Program Files\SGPSA\BHO.dll (MTWB)
O2 - BHO: (Fast Browser Search Toolbar Helper) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll File not found
O3 - HKLM\..\Toolbar: (Fast Browser Search Toolbar) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll File not found
O3 - HKLM\..\Toolbar: (BearShare MediaBar) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareMediaBar.dll File not found
O3 - HKU\S-1-5-21-2261950191-2028412838-3850619813-1006\..\Toolbar\WebBrowser: (BearShare MediaBar) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareMediaBar.dll File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [FBSSA] C:\Program Files\SGPSA\ie3sh.exe ()
O4 - HKLM..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-2261950191-2028412838-3850619813-1006..\Run: [BearShareInstall] C:\Users\admin\AppData\Local\Temp\BearShareInstaller\nskBB3E.tmp.exe (Musiclab, LLC)
O4 - HKU\S-1-5-21-2261950191-2028412838-3850619813-1006..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe File not found
O4 - HKU\S-1-5-21-2261950191-2028412838-3850619813-1006..\Run: [Tjtutn] C:\Users\admin\AppData\Roaming\Tjtutn.exe File not found
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe ()
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html File not found
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 10.7.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{675BB8A1-1B9D-4A78-B9EF-19556770C641}: DhcpNameServer = 192.168.2.1 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DE40E8C9-09D2-48B5-99E9-AC5BBC1ABFB8}: DhcpNameServer = 192.168.2.1 192.168.2.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\admin\AppData\Roaming\Microsoft\Windows Photo Gallery\Tapeta z Galerii fotografii systemu Windows.jpg
O24 - Desktop BackupWallPaper: C:\Users\admin\AppData\Roaming\Microsoft\Windows Photo Gallery\Tapeta z Galerii fotografii systemu Windows.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004-04-30 15:01:00 | 000,000,053 | -HS- | M] () - F:\Autorun.inf -- [ NTFS ]
O33 - MountPoints2\{39a1c865-a292-11dc-a0f7-001b38396008}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\copy.exe
O33 - MountPoints2\{886177ef-8ca7-11dc-aa25-001b38396008}\Shell\AutoRun\command - "" = G:\m9ma.exe
O33 - MountPoints2\{886177ef-8ca7-11dc-aa25-001b38396008}\Shell\explore\Command - "" = G:\m9ma.exe
O33 - MountPoints2\{886177ef-8ca7-11dc-aa25-001b38396008}\Shell\open\Command - "" = G:\m9ma.exe
O33 - MountPoints2\{9ad908ca-94f0-11dc-b703-001b38396008}\Shell\AutoRun\command - "" = G:\setupSNK.exe
O33 - MountPoints2\{fa7df30b-226a-11de-95b2-b27f74913682}\Shell\AutoRun\command - "" = G:\em8tqm.cmd
O33 - MountPoints2\{fa7df30b-226a-11de-95b2-b27f74913682}\Shell\open\Command - "" = G:\em8tqm.cmd
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012-12-06 23:20:16 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\Malwarebytes
[2012-12-06 23:20:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012-12-06 23:20:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012-12-06 23:20:01 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012-12-06 23:20:01 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012-12-06 22:57:45 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Local\NPE
[2012-12-06 22:57:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2012-12-05 21:50:44 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012-12-04 16:32:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rossmann Fotowelt Software
[2012-12-04 16:23:44 | 000,000,000 | ---D | C] -- C:\Program Files\Rossmann Fotowelt Software
[2012-12-04 15:23:43 | 000,000,000 | ---D | C] -- C:\Users\admin\Desktop\h
[2012-12-04 15:23:28 | 000,000,000 | ---D | C] -- C:\Users\admin\Desktop\b
[2012-12-04 15:07:39 | 000,000,000 | ---D | C] -- C:\Users\admin\Desktop\Bajki
[2008-01-11 19:43:30 | 000,092,064 | ---- | C] (MCCI) -- C:\Users\admin\mqdmmdm.sys
[2008-01-11 19:43:30 | 000,079,328 | ---- | C] (MCCI) -- C:\Users\admin\mqdmserd.sys
[2008-01-11 19:43:30 | 000,066,656 | ---- | C] (MCCI) -- C:\Users\admin\mqdmbus.sys
[2008-01-11 19:43:30 | 000,009,232 | ---- | C] (MCCI) -- C:\Users\admin\mqdmmdfl.sys
[2008-01-11 19:43:30 | 000,006,208 | ---- | C] (MCCI) -- C:\Users\admin\mqdmcmnt.sys
[2008-01-11 19:43:30 | 000,005,936 | ---- | C] (MCCI) -- C:\Users\admin\mqdmwhnt.sys
[2008-01-11 19:43:30 | 000,004,048 | ---- | C] (MCCI) -- C:\Users\admin\mqdmcr.sys
[2008-01-11 19:43:29 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Users\admin\usbsermptxp.sys
[2008-01-11 19:43:29 | 000,022,768 | ---- | C] (Microsoft Corporation) -- C:\Users\admin\usbsermpt.sys
[2 C:\Users\admin\Desktop\*.tmp files -> C:\Users\admin\Desktop\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012-12-07 11:22:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012-12-06 23:20:03 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012-12-06 23:12:17 | 095,023,320 | ---- | M] () -- C:\ProgramData\0tbpw.pad
[2012-12-06 23:10:17 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{5E1C6BB2-0567-4E68-BA0B-EF211A3C6B9C}.job
[2012-12-06 23:09:59 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012-12-06 23:09:58 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012-12-06 23:09:55 | 000,001,032 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012-12-06 22:19:49 | 000,000,906 | ---- | M] () -- C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk
[2012-12-06 22:09:01 | 000,001,036 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012-12-06 22:08:00 | 000,001,058 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2261950191-2028412838-3850619813-1006UA.job
[2012-12-06 19:08:01 | 000,001,006 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2261950191-2028412838-3850619813-1006Core.job
[2012-12-05 19:24:33 | 000,082,944 | ---- | M] () -- C:\Users\admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012-12-04 16:33:52 | 000,001,020 | ---- | M] () -- C:\Users\Public\Desktop\Rossmann Fotowelt Software.lnk
[2012-12-04 13:46:51 | 000,665,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012-12-04 13:46:51 | 000,591,502 | ---- | M] () -- C:\Windows\System32\perfh015.dat
[2012-12-04 13:46:51 | 000,125,136 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012-12-04 13:46:51 | 000,109,094 | ---- | M] () -- C:\Windows\System32\perfc015.dat
[2012-12-03 14:57:40 | 000,066,188 | ---- | M] () -- C:\Users\admin\Desktop\Bewerbung .pdf
[2012-12-03 14:57:21 | 000,066,188 | ---- | M] () -- C:\Users\admin\Documents\Bewerbung .pdf
[2012-12-03 14:31:14 | 000,098,290 | ---- | M] () -- C:\Users\admin\Desktop\Bewerbung .pdf
[2012-12-03 14:30:53 | 000,098,290 | ---- | M] () -- C:\Users\admin\Documents\Bewerbung .pdf
[2012-11-19 12:48:48 | 000,065,272 | ---- | M] () -- C:\Users\admin\Desktop\Software Bewerbung .pdf
[2012-11-19 12:48:24 | 000,065,272 | ---- | M] () -- C:\Users\admin\Documents\Software Bewerbung .pdf
[2012-11-14 15:07:00 | 000,133,824 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys
[2012-11-14 15:07:00 | 000,083,432 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys
[2012-11-14 15:07:00 | 000,036,552 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys
[2012-11-12 13:00:09 | 000,064,723 | ---- | M] () -- C:\Users\admin\Documents\Bewerbung .pdf
[2 C:\Users\admin\Desktop\*.tmp files -> C:\Users\admin\Desktop\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012-12-06 23:20:03 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012-12-06 22:19:48 | 000,000,906 | ---- | C] () -- C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk
[2012-12-06 22:19:21 | 095,023,320 | ---- | C] () -- C:\ProgramData\0tbpw.pad
[2012-12-04 16:32:15 | 000,001,020 | ---- | C] () -- C:\Users\Public\Desktop\Rossmann Fotowelt Software.lnk
[2012-12-03 14:57:40 | 000,066,188 | ---- | C] () -- C:\Users\admin\Desktop\a.pdf
[2012-12-03 14:56:39 | 000,066,188 | ---- | C] () -- C:\Users\admin\Documents\a.pdf
[2012-12-03 14:31:14 | 000,098,290 | ---- | C] () -- C:\Users\admin\Desktop\a.pdf
[2012-12-03 14:30:50 | 000,098,290 | ---- | C] () -- C:\Users\admin\Documents\a.pdf
[2012-11-19 12:48:48 | 000,065,272 | ---- | C] () -- C:\Users\admin\Desktop\a.pdf
[2012-11-19 12:47:14 | 000,065,272 | ---- | C] () -- C:\Users\admin\Documents\a.pdf
[2012-11-12 13:00:07 | 000,064,723 | ---- | C] () -- C:\Users\admin\Documents\a.pdf
[2012-10-12 11:16:54 | 000,076,349 | ---- | C] () -- C:\ProgramData\lmkvlmtpcngsshd
[2011-01-29 17:00:22 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2011-01-29 17:00:22 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2011-01-29 17:00:22 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2011-01-29 17:00:22 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2011-01-23 22:32:44 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010-06-18 20:09:05 | 000,024,206 | ---- | C] () -- C:\Users\admin\AppData\Roaming\UserTile.png
[2009-08-09 20:23:04 | 000,000,680 | ---- | C] () -- C:\Users\admin\AppData\Local\d3d9caps.dat
[2008-09-13 13:47:59 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Rock Kit
[2008-09-13 13:47:59 | 000,000,268 | RH-- | C] () -- C:\Users\admin\AppData\Roaming\Resources
[2008-09-13 13:47:59 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdu.DAT
[2008-09-13 13:47:59 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Sci-Fi
[2008-01-11 19:57:09 | 000,020,848 | ---- | C] () -- C:\Users\admin\1200077828-(null) - Kopia (9)
[2008-01-11 19:57:09 | 000,020,708 | ---- | C] () -- C:\Users\admin\1200077829-(null) - Kopia (5)
[2008-01-11 19:57:09 | 000,009,913 | ---- | C] () -- C:\Users\admin\1200077829-(null) - Kopia (4)
[2008-01-11 19:57:09 | 000,009,232 | ---- | C] () -- C:\Users\admin\1200077828-(null) - Kopia (8)
[2008-01-11 19:57:09 | 000,008,888 | ---- | C] () -- C:\Users\admin\1200077829-(null) - Kopia
[2008-01-11 19:57:09 | 000,008,400 | ---- | C] () -- C:\Users\admin\1200077829-(null) - Kopia (3)
[2008-01-11 19:57:09 | 000,006,989 | ---- | C] () -- C:\Users\admin\1200077829-(null)
[2008-01-11 19:57:09 | 000,004,477 | ---- | C] () -- C:\Users\admin\1200077829-(null) - Kopia (2)
[2008-01-11 19:57:08 | 000,018,512 | ---- | C] () -- C:\Users\admin\1200077828-(null) - Kopia
[2008-01-11 19:57:08 | 000,016,572 | ---- | C] () -- C:\Users\admin\1200077828-(null) - Kopia (5)
[2008-01-11 19:57:08 | 000,016,532 | ---- | C] () -- C:\Users\admin\1200077828-(null) - Kopia (3)
[2008-01-11 19:57:08 | 000,015,884 | ---- | C] () -- C:\Users\admin\1200077828-(null) - Kopia (7)
[2008-01-11 19:57:08 | 000,007,201 | ---- | C] () -- C:\Users\admin\1200077828-(null)
[2008-01-11 19:57:08 | 000,006,209 | ---- | C] () -- C:\Users\admin\1200077828-(null) - Kopia (4)
[2008-01-11 19:57:08 | 000,005,880 | ---- | C] () -- C:\Users\admin\1200077828-(null) - Kopia (2)
[2008-01-11 19:57:08 | 000,005,813 | ---- | C] () -- C:\Users\admin\1200077828-(null) - Kopia (6)
[2008-01-11 19:43:29 | 000,009,913 | ---- | C] () -- C:\Users\admin\MCCI_MDM.INF
[2008-01-11 19:43:29 | 000,009,232 | ---- | C] () -- C:\Users\admin\USB_MOT_BRIT.INF
[2008-01-11 19:43:29 | 000,007,201 | ---- | C] () -- C:\Users\admin\USBMOT2000.INF
[2008-01-11 19:43:29 | 000,006,989 | ---- | C] () -- C:\Users\admin\MCCI_BUS.INF
[2008-01-11 19:43:29 | 000,006,209 | ---- | C] () -- C:\Users\admin\USBMOT2000XP.INF
[2008-01-11 19:43:29 | 000,005,880 | ---- | C] () -- C:\Users\admin\USB_CMCS_2000.INF
[2008-01-11 19:43:29 | 000,005,813 | ---- | C] () -- C:\Users\admin\USB_MOT_A1000.INF
[2008-01-11 19:43:29 | 000,004,477 | ---- | C] () -- C:\Users\admin\MCCI_SDM.INF
[2007-11-03 11:21:21 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html
[2007-10-23 15:17:07 | 000,082,944 | ---- | C] () -- C:\Users\admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== ZeroAccess Check ==========
 
[2006-11-02 13:51:16 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2008-11-06 13:57:06 | 011,315,712 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009-03-03 05:16:12 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2006-11-02 10:46:13 | 000,348,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
Code:
OTL Extras logfile created on: 2012-12-07 11:46:07 - Run 1
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\admin\Downloads
Windows Vista Home Basic Edition  (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.17037)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd
 
1014,81 Mb Total Physical Memory | 445,45 Mb Available Physical Memory | 43,90% Memory free
2,22 Gb Paging File | 1,78 Gb Available in Paging File | 80,25% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 66,01 Gb Total Space | 3,08 Gb Free Space | 4,66% Space Free | Partition Type: NTFS
Drive E: | 1,55 Gb Total Space | 1,31 Gb Free Space | 84,61% Space Free | Partition Type: NTFS
Drive F: | 6,96 Gb Total Space | 0,77 Gb Free Space | 11,01% Space Free | Partition Type: NTFS
 
Computer Name: ADMIN-PC | User Name: admin | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_USERS\S-1-5-21-2261950191-2028412838-3850619813-1006\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{22DB97A2-46E9-4B13-AB51-58FF6E6E8BD6}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{405E3BFA-7CCE-4781-A8E4-EEE2269C6C08}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6716E492-4D6A-431F-93A8-D73E6A1330C5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E5AB9E22-02C3-4F3D-A1FF-05046E9F9D18}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{3DBCAB2D-0379-4ADC-B64B-F67C921C1E93}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe |
"{56838288-F5EE-4201-B346-A1489D75F273}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe |
"{6FB96900-8BEF-4E22-869D-7F932ADFC993}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe |
"{6FC9A30F-D3FF-4571-B9D7-37C411284C08}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{80FFD27F-8DCF-469E-B380-D4B71ED4A362}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe |
"{81B4F87A-43B2-4B21-B3C3-76C284D602D0}" = protocol=17 | dir=in | app=c:\program files\limewire music\limewire music.exe |
"{90FF147A-B4D1-4A1A-83A5-72DDA7A9366F}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe |
"{A4AA9A43-3A16-4BC8-AA59-7AD5EC168541}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe |
"{C794B6FF-93FA-4BBD-830E-3C283E7B2E5F}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe |
"{D2073EAA-7572-4ED8-A110-16D421697085}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe |
"{E3CA3343-A89E-4A43-B16E-ADA3D90A242D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{EF23800D-9B11-4C9C-A546-67CF10A5853C}" = protocol=6 | dir=in | app=c:\program files\limewire music\limewire music.exe |
"TCP Query User{1A7EBF9B-5868-411D-A117-C98E064A2351}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{1AE7188A-2B1C-4B70-867C-8E5E69891EBC}C:\program files\nowe gadu-gadu\gg.exe" = protocol=6 | dir=in | app=c:\program files\nowe gadu-gadu\gg.exe |
"TCP Query User{1EEA128A-7E81-4659-8C6D-1342E44159CB}C:\program files\nowe gadu-gadu\gg.exe" = protocol=6 | dir=in | app=c:\program files\nowe gadu-gadu\gg.exe |
"TCP Query User{2E1C2AAB-F24A-4DBA-9EDF-6583E99D611B}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{42344031-2958-48DC-B7F5-CFBF315B01C3}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{477A3DAA-1883-4BBD-A8B6-95263D44D215}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{52385D0F-6F56-4148-A2BE-DDBABFB15E8C}C:\program files\bearshare\bearshare.exe" = protocol=6 | dir=in | app=c:\program files\bearshare\bearshare.exe |
"TCP Query User{9479BF83-DA85-46F3-8DDA-F9BD42036DF3}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{AA5574F4-181B-4498-876B-0C23BBF8EBE3}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{B13B62C4-0D6A-40A9-B1B9-8196A63A9CDF}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{BAEC67C4-10C3-4AB0-8169-FFE06AEFAAC1}C:\program files\bearshare applications\bearshare\bearshare.exe" = protocol=6 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe |
"TCP Query User{DC112CFE-2853-4B33-BF45-D034EFE1A393}C:\program files\bearshare\bearshare.exe" = protocol=6 | dir=in | app=c:\program files\bearshare\bearshare.exe |
"TCP Query User{ED04D687-FDF5-429F-9771-ECBFE82985EC}C:\program files\gadu-gadu\gg.exe" = protocol=6 | dir=in | app=c:\program files\gadu-gadu\gg.exe |
"TCP Query User{EE289F26-2994-46CB-A843-3BF42C8B6668}C:\program files\vuze\azureus.exe" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |
"TCP Query User{FF649860-C705-4F6E-AF4F-03B1ADABDE49}C:\program files\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\program files\google\chrome\application\chrome.exe |
"UDP Query User{057391AB-4DF4-4C57-9C9C-5B1D8AFFDB02}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{0A6B16AD-EAB5-4F64-B42F-25E2B34E218B}C:\program files\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\program files\google\chrome\application\chrome.exe |
"UDP Query User{1BA839C6-C590-4A80-B210-364E9FE5282E}C:\program files\gadu-gadu\gg.exe" = protocol=17 | dir=in | app=c:\program files\gadu-gadu\gg.exe |
"UDP Query User{1D44A233-7CFE-495C-9705-15AB12110118}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe |
"UDP Query User{217D7008-A468-43F1-9C6D-6CEC73EE78B0}C:\program files\nowe gadu-gadu\gg.exe" = protocol=17 | dir=in | app=c:\program files\nowe gadu-gadu\gg.exe |
"UDP Query User{2FA55DEF-6C67-4BEF-BCDE-645F848A5E02}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{38289438-3BAF-478D-8357-6D1D20EC265F}C:\program files\vuze\azureus.exe" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |
"UDP Query User{3AFEB910-6CDC-4254-85CC-EC725FAF7C15}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{8A537378-6CD1-4CCA-8A2A-AE208E022A2C}C:\program files\bearshare\bearshare.exe" = protocol=17 | dir=in | app=c:\program files\bearshare\bearshare.exe |
"UDP Query User{97E7A07B-900B-414D-BDB1-887C6AE7BAF4}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{BB2C7991-290F-4B74-AA7D-28305F65E069}C:\program files\bearshare\bearshare.exe" = protocol=17 | dir=in | app=c:\program files\bearshare\bearshare.exe |
"UDP Query User{BB45BAF2-AE05-4F8B-B8CA-EFA8FC3E4149}C:\program files\nowe gadu-gadu\gg.exe" = protocol=17 | dir=in | app=c:\program files\nowe gadu-gadu\gg.exe |
"UDP Query User{DE4ED08E-BA7C-4EEA-9247-54907730264F}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe |
"UDP Query User{F1F4D6AB-E73F-45D8-A759-6AFC32A383C2}C:\program files\bearshare applications\bearshare\bearshare.exe" = protocol=17 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe |
"UDP Query User{FA48C667-81BC-4E13-A65D-F9CB81EEA6A0}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1E04F83B-2AB9-4301-9EF7-E86307F79C72}" = Google Earth
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 16
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.20 F1
"{3577EF87-A4AE-4D4B-86EC-A5DF197D7F2A}" = Vista Default Settings
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{3AAFBD6A-7F68-4BDC-8280-22DCFACE13EB}" = HP Active Support Library
"{3F9F7336-6DF8-476F-ABF6-C70A17FAF619}" = Instalator Menedżera Kopii Zapasowej i Odzyskiwania HP
"{43B74FAB-FB58-447D-8D3A-5F638AF36FD1}" = Netzmanager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4ac40384-37ba-421c-b14c-2ecbe4403817}" = Business Contact Manager z dodatkiem SP2 dla programu Outlook 2007
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{521F72F4-FFE4-4959-AA88-EED06125211F}" = HP Notebook Accessories Product Tour
"{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5B09BD67-4C99-46A1-8161-B7208CE18121}" = QuickTime
"{5D97A4A7-C274-4B63-86D9-07A33435F505}" = InterVideo DVD Check
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{64CB2553-C109-4132-AA51-1F421B515FD1}" = Microsoft .NET Framework 1.1 Polish Language Pack
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent
"{69333A04-5134-40A5-A055-9166A7AA1EC8}" =
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B0A523F-5A0D-49DE-BC52-0CA58BFB23EA}" = OpenOffice.org 2.2
"{70CEFEBA-F757-4DBE-8A21-027C326137CE}" = Application Installer 4.00.B13
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update
"{90110415-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{9061CEF2-51F5-42C9-8A70-9ED351C6597A}" = HP Help and Support
"{90A40415-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{9509674F-3972-11DE-806D-005056806466}" = Google Earth
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9EFDFBA8-9174-3C61-8645-28376C5CA994}" = Microsoft .NET Framework 3.5 Language Pack SP1 - plk
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Składniki łączności pakietu Microsoft Office Small Business
"{AB5E289E-76BF-4251-9F3F-9B763F681AE0}" = HP Customer Experience Enhancements
"{AC599724-5755-48C1-ABE7-ABB857652930}" = PC Connectivity Solution
"{AC76BA86-7AD7-1033-7B44-A81000000003}" = Adobe Reader 8.1.0
"{B51C3024-333B-4FB6-B1EC-49ECE2DE6056}" = HP User Guides 0077
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{BBE5C83E-4DC5-494F-8A23-3AAE242E94C2}" = HP Easy Setup - Frontend
"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
"{C8A4A24B-AA2A-4BBD-9F48-62C380E17DE6}" = ESU for Microsoft Vista
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9
"{CAFDD04D-B1C9-4068-A196-8882ED6FA69F}" = MSCU for Microsoft Vista
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
"{D32067CD-7409-4792-BFA0-1469BCD8F0C8}" = HP Wireless Assistant
"{D45E8C45-B601-4A80-AFD8-E16338744DE1}" = ArcSoft Panorama Maker 4
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E9757890-7EC5-46C8-99AB-B00F07B6525C}" = Nikon Transfer
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager
"{F94234DB-FD06-42C3-B88D-6FC4DC9F988C}" = HP Easy Setup - Core
"{FAB0C302-CB18-4A7A-BA03-C3DC23101A68}" = HP Active Support Library 32 bit components
"3A5DEFA413DDE699DBA6EBE0A63534ACA524D30F" = Pakiet sterowników systemu Windows - Nokia pccsmcfd  (10/12/2007 6.85.4.0)
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"Business Contact Manager" = Business Contact Manager z dodatkiem SP2 dla programu Outlook 2007
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_5045&SUBSYS_103C30B7" = HDAUDIO Soft Data Fax Modem with SmartCP
"DivX Total Pack" = DivX Total Pack
"DIVXAudio" = DivX ;-) Audio
"doPDF 7 printer_is1" = doPDF 7.3 printer
"Gadu-Gadu" = Gadu-Gadu 7.7
"Google Chrome" = Google Chrome
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"IrfanView" = IrfanView (remove only)
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 1.43
"LimeWire Music" = LimeWire Music
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - plk" = Pakiet językowy programu Microsoft .NET Framework 3.5 z dodatkiem SP1 — PLK
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox 17.0.1 (x86 pl)" = Mozilla Firefox 17.0.1 (x86 pl)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MyFreeCodec" = MyFreeCodec
"Netzmanager" = Netzmanager
"Nowe Gadu-Gadu" = Nowe Gadu-Gadu
"PokerStars" = PokerStars
"PowerISO" = PowerISO
"PROSet" = Intel(R) PRO Network Connections Drivers
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"Rossmann Fotowelt Software" = Rossmann Fotowelt Software 4.12.1
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"Samsung Mobile Modem Device" = Samsung Mobile Modem Device Software
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"SubEdit-Player_is1" = SubEdit-Player
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TBSB07183.TBSB07183Toolbar" = Fast Browser Search (My Tattoons)
"Veetle TV" = Veetle TV 0.9.18
"VLC media player" = VLC media player 1.1.8
"WinRAR archiver" = WinRAR archiver
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-2261950191-2028412838-3850619813-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"MyFreeCodec" = MyFreeCodec
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 2009-05-31 09:32:01 | Computer Name = admin-PC | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd iPlusManager.exe, wersja 0.0.0.0, sygnatura
 czasowa 0x487b69e6, moduł powodujący błąd unknown, wersja 0.0.0.0, sygnatura czasowa
 0x00000000, kod wyjątku 0xc0000005, przesunięcie błędu 0x00000000,  identyfikator
 procesu 0xd54, godzina rozpoczęcia aplikacji 0x01c9e1dc288ebcef.
 
Error - 2009-05-31 09:34:00 | Computer Name = admin-PC | Source = RasClient | ID = 20227
Description =
 
Error - 2009-06-01 03:26:49 | Computer Name = admin-PC | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd iPlusManager.exe, wersja 0.0.0.0, sygnatura
 czasowa 0x487b69e6, moduł powodujący błąd unknown, wersja 0.0.0.0, sygnatura czasowa
 0x00000000, kod wyjątku 0xc0000005, przesunięcie błędu 0x00000000,  identyfikator
 procesu 0xb18, godzina rozpoczęcia aplikacji 0x01c9e225a0209767.
 
Error - 2009-06-01 06:46:39 | Computer Name = admin-PC | Source = RasClient | ID = 20227
Description =
 
Error - 2009-06-01 06:46:59 | Computer Name = admin-PC | Source = RasClient | ID = 20227
Description =
 
[ System Events ]
Error - 2012-12-06 18:04:42 | Computer Name = admin-PC | Source = DCOM | ID = 10005
Description =
 
Error - 2012-12-06 18:13:26 | Computer Name = admin-PC | Source = EventLog | ID = 6008
Description = Poprzednie zamknięcie systemu przy 23:12:28 na 2012-12-06 było nieoczekiwane.
 
Error - 2012-12-06 18:13:37 | Computer Name = admin-PC | Source = DCOM | ID = 10005
Description =
 
Error - 2012-12-06 18:13:46 | Computer Name = admin-PC | Source = DCOM | ID = 10005
Description =
 
Error - 2012-12-06 18:14:16 | Computer Name = admin-PC | Source = DCOM | ID = 10005
Description =
 
Error - 2012-12-06 18:15:43 | Computer Name = admin-PC | Source = DCOM | ID = 10005
Description =
 
Error - 2012-12-07 06:22:16 | Computer Name = admin-PC | Source = EventLog | ID = 6008
Description = Poprzednie zamknięcie systemu przy 02:03:08 na 2012-12-07 było nieoczekiwane.
 
Error - 2012-12-07 06:22:27 | Computer Name = admin-PC | Source = DCOM | ID = 10005
Description =
 
Error - 2012-12-07 06:22:35 | Computer Name = admin-PC | Source = DCOM | ID = 10005
Description =
 
Error - 2012-12-07 06:22:59 | Computer Name = admin-PC | Source = DCOM | ID = 10005
Description =

t'john 07.12.2012 18:35
Die Bereinigung besteht aus mehreren Schritten, die ausgefuehrt werden muessen.
Diese Nacheinander abarbeiten und die 3 Logs, die dabei erstellt werden bitte in deine naechste Antwort einfuegen.

Sollte der OTL-FIX nicht richig durchgelaufen sein. Fahre nicht fort, sondern melde dies bitte.

1. Schritt

Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

  • Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc.
  • Starte die OTL.exe.
    Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
  • Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:
  • Der Fix fängt mit :OTL an. Vergewissere dich, dass du ihn richtig kopiert hast.

Ersetze die *** Sternchen wieder in den Benutzernamen zurück!
Code:
:OTL
O2 - BHO: (UrlHelper Class) - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll File not found
O3 - HKLM\..\Toolbar: (BearShare MediaBar) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareMediaBar.dll File not found
O3 - HKU\S-1-5-21-2261950191-2028412838-3850619813-1006\..\Toolbar\WebBrowser: (BearShare MediaBar) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareMediaBar.dll File not found

O4 - HKU\S-1-5-21-2261950191-2028412838-3850619813-1006..\Run: [BearShareInstall] C:\Users\admin\AppData\Local\Temp\BearShareInstaller\nskBB3E.tmp.exe (Musiclab, LLC)
O4 - HKU\S-1-5-21-2261950191-2028412838-3850619813-1006..\Run: [Tjtutn] C:\Users\admin\AppData\Roaming\Tjtutn.exe File not found

[2012-12-06 22:19:49 | 000,000,906 | ---- | M] () -- C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk
[2012-12-06 23:12:17 | 095,023,320 | ---- | M] () -- C:\ProgramData\0tbpw.pad
[2012-12-06 23:10:17 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{5E1C6BB2-0567-4E68-BA0B-EF211A3C6B9C}.job
[2012-12-06 23:09:59 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012-12-06 23:09:58 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012-12-06 22:08:00 | 000,001,058 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2261950191-2028412838-3850619813-1006UA.job
[2012-12-06 19:08:01 | 000,001,006 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2261950191-2028412838-3850619813-1006Core.job
:Files
C:\ProgramData\*.exe
C:\ProgramData\*.dll
C:\ProgramData\*.tmp
C:\ProgramData\TEMP
C:\Users\++++++\*.tmp
C:\Users\++++++\AppData\Local\Temp\*.exe
C:\Users\++++++\AppData\LocalLow\Sun\Java\Deployment\cache
%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
ipconfig /flushdns /c
:Commands
[emptytemp]
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Wenn OTL einen Neustart verlangt, bitte zulassen.
  • Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
    Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\<datum_nummer.log>

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!



2. Schritt
Downloade dir bitte Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Entpacke das Archiv auf deinem Desktop.
  • Im neu erstellten Ordner starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers


danach:

3. Schritt
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

andybar 08.12.2012 16:43
hallo,

hab mit otl den fix nach anleitung durchgeführt. der pc startete im normalen modus neu. da kam dann nach kurzer zeit die meldung das windows jetzt nicht mehr korrekt funktionieren würde. habe daraufhin neugestartet im abgesicherten modus und habe da den anti-rootkit runtergeladen, mit diesem den scan durchgeführt und dann den clean gemacht, alles nach der anleitung. dann wurde ich um pc neustart gebeten. wieder startete der pc im normalen modus. diesmal öffnete sich ein fenster in dem gewarnt wurde dass möglicherweise jemand versucht den pc zu hacken. habe wieder neugestartet im abgesicherten modus. und tja... da kam die info, dass windows nicht funtioniert und somit der abgesicherte modus auch nicht starten kann.

sprich: nach abfertigung von punkt 1 und 2 habe ich nun gar keinen zugriff mehr auf meinen pc!

wie konnte sowas denn bitte passieren? und was soll ich jetzt weiter machen, wo windows komplett nicht mehr funkioniert?

gruss

t'john 09.12.2012 11:53
Es seht oben:

Zitat:
Sollte der OTL-FIX nicht richtig durchgelaufen sein. Fahre nicht fort, sondern melde dies bitte.
Benutze die Systemwiederherstelung um auf einen frueheren Zeitpunkt zurueckzusetzen.

andybar 09.12.2012 12:11
ok, also der otl fix ist ja eigentlich korrekt durchgelaufen, bis zum neustart hin war ja alles ok.

wie macht man denn diese systemwiederherstellung? ist das auch moeglich wenn ich gar keinen zugang zum pc habe?

mfg andybar

t'john 10.12.2012 13:49
  1. Entfernen Sie alle Disketten, CDs und DVDs aus dem Computer, und starten Sie dann den Computer neu.
    Klicken Sie auf die Schaltfläche Starthttp://res2.windows.microsoft.com/re...2a2fd33_47.png, klicken Sie auf den Pfeil neben der Schaltfläche Sperrenhttp://res2.windows.microsoft.com/re...83b705c_15.png, und klicken Sie dann auf Neu starten.
  2. Führen Sie eines der folgenden Verfahren aus:
    • Wenn auf dem Computer nur ein einziges Betriebssystem installiert ist, halten Sie beim Neustart des Computers F8 gedrückt. Sie müssen F8 drücken, bevor das Windows-Logo angezeigt wird. Wiederholen Sie den Vorgang, wenn das Windows-Logo angezeigt wird. Warten Sie, bis die Windows-Anmeldeaufforderung angezeigt wird, fahren Sie den Computer herunter, und starten Sie ihn dann neu.
    • Sind auf dem Computer mehrere Betriebssysteme installiert, markieren Sie das gewünschte Betriebssystem mit den Pfeiltasten, und drücken Sie dann F8.
  3. Markieren Sie auf dem Bildschirm Erweiterte Startoptionen mit den Pfeiltasten die Option Letzte als funktionierend bekannte Konfiguration, und drücken Sie dann die EINGABETASTE.
  4. Sind auf dem Computer mehrere Betriebssysteme installiert, markieren Sie mit den Pfeiltasten das Betriebssystem, das mit der letzten als funktionierend bekannten Konfiguration gestartet werden soll, und drücken Sie dann die EINGABETASTE. Windows startet dann wieder normal.

t'john 12.02.2013 08:10
Fehlende Rückmeldung

Gibt es Probleme beim Abarbeiten obiger Anleitung?

Um Kapazitäten für andere Hilfesuchende freizumachen, lösche ich dieses Thema aus meinen Benachrichtigungen.

Solltest Du weitermachen wollen, schreibe mir eine PN oder eröffne ein neues Thema.
http://www.trojaner-board.de/69886-a...-beachten.html


Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner sauber ist.


Alle Zeitangaben in WEZ +1. Es ist jetzt 15:33 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131