| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Ukash-BKA Trojaner - RansomwareWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
15.02.2012, 18:42
| #1 |
 |  Ukash-BKA Trojaner - Ransomware Hallöchen. Der Laptop meiner Eltern wurde von diesem Ukash BKA Trojaner infiziert. Es ist genau der hier: hxxp://scareware.de/2011/11/bundespolizei-national-cyber-crimes-unit-achtung/ Habe schon einen Avira scan durchgeführt, hat aber nichts geholfen. Ich erwarte eure Befehle. Danke im Vorraus. |
|
15.02.2012, 19:24
| #2 |
| /// Malware-holic   | Ukash-BKA Trojaner - Ransomware hi, guck mal ob du über f8 abgesicherter modus mit netzwerk, infiziertes konto, arbeiten kannst.
__________________Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
__________________ |
|
15.02.2012, 20:05
| #3 |
| | Ukash-BKA Trojaner - RansomwareCode:
ATTFilter OTL logfile created on: 15.02.2012 19:29:15 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Berat\Downloads Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 7.0.6001.18000) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,50 Gb Available Physical Memory | 83,38% Memory free 6,19 Gb Paging File | 5,93 Gb Available in Paging File | 95,76% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 133,87 Gb Total Space | 45,27 Gb Free Space | 33,81% Space Free | Partition Type: NTFS Drive D: | 89,25 Gb Total Space | 87,74 Gb Free Space | 98,31% Space Free | Partition Type: NTFS Computer Name: BERAT-PC | User Name: Berat | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.02.15 19:28:14 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Berat\Downloads\OTL.exe PRC - [2008.01.21 03:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe ========== Modules (No Company Name) ========== MOD - [2007.06.15 18:28:36 | 000,147,456 | ---- | M] () -- C:\Program Files\ASUS\ASUS Data Security Manager\OverlayIconShlExt.dll MOD - [2007.06.02 01:08:18 | 000,143,360 | ---- | M] () -- C:\Program Files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll ========== Win32 Services (SafeList) ========== SRV - [2012.01.13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2011.12.23 17:42:43 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2011.12.14 12:59:20 | 002,984,832 | ---- | M] (TeamViewer GmbH) [Auto | Stopped] -- C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7) SRV - [2011.04.15 10:43:20 | 002,280,312 | ---- | M] (TeamViewer GmbH) [Auto | Stopped] -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6) SRV - [2011.01.05 22:23:48 | 000,222,568 | ---- | M] (Teruten) [Auto | Stopped] -- C:\Windows\System32\FsUsbExService.Exe -- (FsUsbExService) SRV - [2010.06.24 16:14:52 | 001,111,880 | ---- | M] (Wisair Ltd.) [Auto | Stopped] -- C:\Program Files\devolo Vianect AIR Manager\Components\Association\CableAssociation.exe -- (CableAssociation) SRV - [2010.05.12 15:13:00 | 005,105,000 | ---- | M] (DisplayLink Corp.) [Auto | Stopped] -- C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe -- (DisplayLinkService) SRV - [2009.07.21 13:34:28 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2009.05.13 15:48:18 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2008.11.21 10:42:08 | 000,040,960 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Common Files\DeviceHelper\DeviceManager.exe -- (DeviceManager) SRV - [2008.11.11 08:38:06 | 000,620,544 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV - [2007.10.03 05:53:00 | 000,094,208 | ---- | M] () [Auto | Stopped] -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService) SRV - [2007.08.08 08:08:40 | 000,094,208 | ---- | M] () [Auto | Stopped] -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv) SRV - [2007.08.03 20:24:54 | 000,125,496 | ---- | M] () [Auto | Stopped] -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe -- (spmgr) SRV - [2007.05.18 10:31:16 | 000,073,728 | ---- | M] () [Auto | Stopped] -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe -- (ADSMService) ========== Driver Services (SafeList) ========== DRV - [2011.12.10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2011.03.26 18:48:48 | 000,021,888 | ---- | M] (libusb-Win32) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\DisplayLinkUsbPort_5.3.24903.0.sys -- (DisplayLinkUsbPort) DRV - [2011.01.05 22:23:40 | 000,042,112 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk) DRV - [2011.01.04 16:10:54 | 000,018,120 | ---- | M] (Devguru Co., Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dgderdrv.sys -- (dgderdrv) DRV - [2010.12.24 08:53:25 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd) DRV - [2010.12.21 06:55:02 | 000,132,424 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm) DRV - [2010.12.21 06:55:02 | 000,104,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM) DRV - [2010.12.21 06:55:02 | 000,014,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl) DRV - [2010.05.12 15:13:26 | 000,171,632 | ---- | M] (DisplayLink Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\dlkmd.sys -- (dlkmd) DRV - [2010.05.12 15:13:26 | 000,013,936 | ---- | M] (DisplayLink Corp.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\dlkmdldr.sys -- (dlkmdldr) DRV - [2010.05.10 12:37:52 | 000,142,848 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSR_RCI.SYS -- (HWARadio) DRV - [2010.05.10 12:37:38 | 000,483,328 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSR_DWA.SYS -- (DWA) DRV - [2010.05.10 12:37:14 | 000,794,624 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSR_HWA.SYS -- (hwa) DRV - [2010.05.10 12:02:28 | 000,046,720 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSR_USF.sys -- (WSR_USF) DRV - [2010.04.18 11:56:40 | 000,098,944 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSR_CBA.SYS -- (TunnelDrv) DRV - [2010.02.21 18:46:42 | 000,049,792 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSR_TBF.sys -- (DLCopyFilter) DRV - [2009.11.25 11:19:02 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2009.09.19 06:30:10 | 000,123,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bmdm.sys -- (ss_bmdm) DRV - [2009.09.19 06:30:10 | 000,100,224 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bserd.sys -- (ss_bserd) DRV - [2009.09.19 06:30:10 | 000,098,432 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bbus.sys -- (ss_bbus) SAMSUNG USB Mobile Device (WDM) DRV - [2009.09.19 06:30:10 | 000,014,848 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bmdfl.sys -- (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter) DRV - [2009.05.11 09:12:20 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.03.30 09:33:03 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2009.03.18 16:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi) DRV - [2009.02.13 11:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2008.10.22 17:50:44 | 000,103,552 | ---- | M] (TCT International Mobile Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\qcusbser.sys -- (qcusbser) DRV - [2008.08.26 08:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2008.01.21 03:23:20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R) DRV - [2008.01.14 11:06:32 | 000,021,632 | ---- | M] (ManyCam LLC.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ManyCam.sys -- (ManyCam) DRV - [2007.12.20 15:55:05 | 003,478,528 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2007.10.01 07:59:45 | 001,769,984 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC) DRV - [2007.09.26 23:03:42 | 000,015,416 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\lullaby.sys -- (lullaby) DRV - [2007.08.11 04:19:26 | 000,029,752 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [File_System | Boot | Running] -- C:\Windows\System32\drivers\AsDsm.sys -- (AsDsm) DRV - [2007.08.09 04:42:08 | 000,045,568 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk) DRV - [2007.08.03 05:26:21 | 000,020,936 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys -- (ghaio) DRV - [2007.07.30 19:54:02 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp) DRV - [2007.07.30 18:42:58 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk) DRV - [2007.07.24 19:09:04 | 000,013,880 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Program Files\ATKGFNEX\ASMMAP.sys -- (ASMMAP) DRV - [2007.06.20 21:51:27 | 002,222,080 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel(R) DRV - [2007.06.20 21:49:06 | 000,049,664 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\itecir.sys -- (itecir) DRV - [2007.04.11 17:18:33 | 000,048,000 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\jraid.sys -- (JRAID) DRV - [2007.01.24 11:08:39 | 000,005,632 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\kbfiltr.sys -- (kbfiltr) DRV - [2006.12.14 08:11:57 | 000,007,680 | ---- | M] (ATK0100) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATKACPI.sys -- (MTsensor) DRV - [2006.11.22 10:34:59 | 000,982,272 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\smserial.sys -- (smserial) DRV - [2006.02.07 12:52:57 | 000,006,912 | ---- | M] (JMicron ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\JGOGO.sys -- (JGOGO) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = ASUSTeK Computer Inc. IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\..\URLSearchHook: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\prxtbFree.dll (Conduit Ltd.) IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = ASUSTeK Computer Inc. IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\prxtbFree.dll (Conduit Ltd.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "SweetIM Search" FF - prefs.js..browser.search.defaultthis.engineName: "Freecorder Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.param.yahoo-fr: "moz2-ytff-" FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-" FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)" FF - prefs.js..browser.startup.homepage: "google.at" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: cnextend@babelphish.net:1.4.11 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.17 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29 FF - prefs.js..keyword.URL: "hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=" FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "" FF - prefs.js..sweetim.toolbar.previous.browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}" FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "Yahoo" FF - prefs.js..browser.startup.homepage: "google.at" FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "hxxp://search.sweetim.com/search.asp?src=2&q=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\3.0.40624.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Berat\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Berat\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Berat\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@www.flatcast.com/FlatViewer 5.2: C:\Windows\DOWNLO~1\NpFv522.dll () FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011.11.04 13:14:58 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.26\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.02.01 17:31:28 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.26\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.02.01 17:31:28 | 000,000,000 | ---D | M] [2009.11.18 16:00:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Berat\AppData\Roaming\mozilla\Extensions [2012.02.15 19:15:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Berat\AppData\Roaming\mozilla\Firefox\Profiles\g4impjmr.default\extensions [2012.02.12 18:18:44 | 000,000,000 | ---D | M] (Freecorder Community Toolbar) -- C:\Users\Berat\AppData\Roaming\mozilla\Firefox\Profiles\g4impjmr.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612} [2011.09.17 10:39:19 | 000,000,000 | ---D | M] (Complitly - Speed up your search with your personal search suggestions tool) -- C:\Users\Berat\AppData\Roaming\mozilla\Firefox\Profiles\g4impjmr.default\extensions\{33e0daa6-3af3-d8b5-6752-10e949c61516} [2012.02.12 18:18:42 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\Berat\AppData\Roaming\mozilla\Firefox\Profiles\g4impjmr.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} [2011.03.29 17:50:48 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Berat\AppData\Roaming\mozilla\Firefox\Profiles\g4impjmr.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.02.12 18:18:42 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Berat\AppData\Roaming\mozilla\Firefox\Profiles\g4impjmr.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2012.02.12 18:18:48 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Berat\AppData\Roaming\mozilla\Firefox\Profiles\g4impjmr.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [2011.05.25 12:28:40 | 000,000,000 | ---D | M] (SweetIM Toolbar for Firefox) -- C:\Users\Berat\AppData\Roaming\mozilla\Firefox\Profiles\g4impjmr.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847} [2011.04.24 11:18:34 | 000,000,000 | ---D | M] ("CNExtend") -- C:\Users\Berat\AppData\Roaming\mozilla\Firefox\Profiles\g4impjmr.default\extensions\cnextend@babelphish.net [2011.03.25 14:59:38 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Berat\AppData\Roaming\mozilla\Firefox\Profiles\g4impjmr.default\extensions\engine@conduit.com [2011.11.06 12:53:37 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\Berat\AppData\Roaming\mozilla\Firefox\Profiles\g4impjmr.default\extensions\ffxtlbr@babylon.com [2011.09.13 12:05:59 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Users\Berat\AppData\Roaming\mozilla\Firefox\Profiles\g4impjmr.default\extensions\toolbar@ask.com [2011.08.31 10:25:56 | 000,000,923 | ---- | M] () -- C:\Users\Berat\AppData\Roaming\Mozilla\Firefox\Profiles\g4impjmr.default\searchplugins\conduit.xml [2011.05.27 12:28:54 | 000,003,915 | ---- | M] () -- C:\Users\Berat\AppData\Roaming\Mozilla\Firefox\Profiles\g4impjmr.default\searchplugins\SweetIM Search.xml [2011.05.25 12:28:35 | 000,003,915 | ---- | M] () -- C:\Users\Berat\AppData\Roaming\Mozilla\Firefox\Profiles\g4impjmr.default\searchplugins\sweetim.xml [2012.02.15 19:15:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions [2010.08.21 08:54:08 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010.11.12 11:11:03 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2011.01.15 09:58:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011.05.08 13:31:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011.10.27 15:34:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} [2011.10.03 04:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2011.03.08 22:04:55 | 001,447,344 | ---- | M] (1 mal 1 Software GmbH) -- C:\Program Files\mozilla firefox\plugins\NpFv522.dll [2011.10.26 19:49:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll [2010.10.22 22:22:22 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.11.06 12:53:27 | 000,002,288 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml [2010.10.22 22:22:22 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2010.10.22 22:22:22 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2010.10.22 22:22:22 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2010.10.22 22:22:22 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Search the web (Babylon) (Enabled) CHR - default_search_provider: search_url = hxxp://search.babylon.com/web/{searchTerms}?babsrc=SP_ss&affID=101287&mntrId=08e15996000000000000001f3c87b1c1 CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Berat\AppData\Local\Google\Chrome\Application\16.0.912.63\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U24 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\3.0.40624.0\npctrl.dll CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Berat\AppData\Local\Google\Chrome\Application\16.0.912.63\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Berat\AppData\Local\Google\Chrome\Application\16.0.912.63\pdf.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll CHR - plugin: Flatcast Viewer Plugin 5.2.2.454 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NpFv522.dll CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: DSStorageBalancer = C:\Users\Berat\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckplgojbgdomekllihgghmjehhpgdhhf\1.0_0\ CHR - Extension: Complitly plugin for chrome = C:\Users\Berat\AppData\Local\Google\Chrome\User Data\Default\Extensions\defdhglnppeioeflggkmglipcecffkhk\1.1_0\ CHR - Extension: TW Massrecruitment = C:\Users\Berat\AppData\Local\Google\Chrome\User Data\Default\Extensions\idfeeicngjpeepmloeclapkmbmcipleb\1.0_0\ CHR - Extension: DS - Marktvorschlag = C:\Users\Berat\AppData\Local\Google\Chrome\User Data\Default\Extensions\idjfkbihgamcdnbanhcckadahlbcfnbc\1.0\ CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Berat\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\ CHR - Extension: DS Market-Balancer = C:\Users\Berat\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhahieindcfmhpgoeaihbmlefebagmmj\1.0\ CHR - Extension: DS Assistent = C:\Users\Berat\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjcjaegjhjfjihhlkilkpfbbbebajkma\1.0_0\ O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Freecorder Toolbar) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\prxtbFree.dll (Conduit Ltd.) O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.35.10\bh\BabylonToolbar.dll (Babylon BHO) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Complitly) - {D27FC31C-6E3D-4305-8D53-ACDAEFA5F862} - C:\Users\Berat\AppData\Roaming\Complitly\Complitly.dll (SimplyGen) O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (Freecorder Toolbar) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\prxtbFree.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.35.10\BabylonToolbarTlbr.dll (Babylon Ltd.) O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKCU\..\Toolbar\WebBrowser: (Freecorder Toolbar) - {1392B8D2-5C05-419F-A8F6-B9F15A596612} - C:\Program Files\Freecorder\prxtbFree.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [ASUS Camera ScreenSaver] C:\Windows\ASScrProlog.exe () O4 - HKLM..\Run: [ASUS Screen Saver Protector] C:\Windows\ASScrPro.exe () O4 - HKLM..\Run: [Athan] C:\Program Files\Athan\Athan.exe (IslamicFinder: Accurate Prayer Times, Athan (Azan), Mosques (Masjids), Islamic Center, Muslim Owned Businesses, Hijri Calendar, Islamic Directory worldwide.) O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE (ASUSTeK Computer INC.) O4 - HKLM..\Run: [ATKOSD2] C:\Program Files\ATKOSD2\ATKOSD2.exe () O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [ChkMail] C:\Program Files\ChkMail\ChkMail\ChkMail.exe (ChkMail) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [Freecorder FLV Service] C:\Program Files\Freecorder\FLVSrvc.exe (Applian Technologies, Inc.) O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe () O4 - HKLM..\Run: [PDFPrint] C:\Program Files\PDF24\pdf24.exe (Geek Software GmbH) O4 - HKLM..\Run: [PowerForPhone] C:\Program Files\P4P\P4P.exe () O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe () O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [WirelessUSBManager] C:\Program Files\devolo Vianect AIR Manager\Components\WirelessUSBManager\WirelessUSBManager.exe (Wisair Ltd.) O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKCU..\Run: [DriverScanner] C:\Program Files\Uniblue\DriverScanner\launcher.exe (Uniblue Systems Limited) O4 - HKCU..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe File not found O4 - HKCU..\Run: [Facebook Update] C:\Users\Berat\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) O4 - HKCU..\Run: [KiesHelper] C:\Program Files\Samsung\Kies\KiesHelper.exe (Samsung) O4 - HKCU..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware (cleanup)] C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation) O4 - Startup: C:\Users\Berat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\My_AutoWarkey_Script.lnk = C:\Program Files\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe () O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Berat\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O16 - DPF: {E55FD215-A32E-43FE-A777-A7E8F165F560} hxxp://92.51.137.94/objects/NpFv522.dll (Flatcast Viewer 5.2) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2AA965A5-98FC-459C-B85C-C841DD139F12}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F009357B-70D0-4094-852E-2A8073318276}: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Berat\AppData\Roaming\Microsoft\Windows Live Photo Gallery\Windows Live Fotogalerie-Hintergrundbild.jpg O24 - Desktop BackupWallPaper: C:\Users\Berat\AppData\Roaming\Microsoft\Windows Live Photo Gallery\Windows Live Fotogalerie-Hintergrundbild.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{1f26ee65-f300-11de-b53e-001f3c87b1c1}\Shell - "" = AutoRun O33 - MountPoints2\{1f26ee65-f300-11de-b53e-001f3c87b1c1}\Shell\AutoRun\command - "" = H:\autorun.exe O33 - MountPoints2\{37ef8d90-0f35-11e0-8172-001f3c87b1c1}\Shell - "" = AutoRun O33 - MountPoints2\{37ef8d90-0f35-11e0-8172-001f3c87b1c1}\Shell\AutoRun\command - "" = F:\autorun.exe O33 - MountPoints2\{37ef8d90-0f35-11e0-8172-001f3c87b1c1}\Shell\install\command - "" = F:\autorun.exe O33 - MountPoints2\{5a38a859-b8c3-11df-8eb6-0023543d52cc}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\jrZIem.Exe O33 - MountPoints2\{e04ae476-7cfb-11df-8377-0023543d52cc}\Shell - "" = AutoRun O33 - MountPoints2\{e04ae476-7cfb-11df-8377-0023543d52cc}\Shell\AutoRun\command - "" = G:\DPFMate.exe O33 - MountPoints2\{fdfa83f6-7e8a-11df-85dd-0023543d52cc}\Shell - "" = AutoRun O33 - MountPoints2\{fdfa83f6-7e8a-11df-85dd-0023543d52cc}\Shell\AutoRun\command - "" = F:\DPFMate.exe O33 - MountPoints2\F\Shell - "" = AutoRun O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\autorun.exe O33 - MountPoints2\G\Shell - "" = AutoRun O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\autorun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe" ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - StartUpReg: Steam - hkey= - key= - C:\Program Files\Steam\steam.exe (Valve Corporation) MsConfig - State: "startup" - 2 CREATERESTOREPOINT Error creating restore point. ========== Files/Folders - Created Within 30 Days ========== [2012.02.15 19:23:35 | 000,000,000 | ---D | C] -- C:\Users\Berat\AppData\Roaming\Malwarebytes [2012.02.15 19:23:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.02.15 19:23:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.02.15 19:23:25 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.02.15 19:23:25 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.02.15 16:26:50 | 000,000,000 | ---D | C] -- C:\Users\Berat\AppData\Roaming\froot [2012.02.09 20:54:56 | 000,000,000 | ---D | C] -- C:\Users\Berat\Desktop\Neuer ship [2007.01.24 11:08:39 | 000,005,632 | ---- | C] ( ) -- C:\Windows\System32\drivers\kbfiltr.sys ========== Files - Modified Within 30 Days ========== [2012.02.15 19:26:31 | 000,054,016 | ---- | M] () -- C:\Windows\System32\drivers\bsfl.sys [2012.02.15 19:23:27 | 000,000,913 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.02.15 19:03:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.02.15 18:56:32 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.02.15 18:56:28 | 000,004,912 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.02.15 18:56:28 | 000,004,912 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.02.15 18:56:25 | 000,000,260 | ---- | M] () -- C:\Windows\tasks\DriverScanner.job [2012.02.15 18:43:27 | 000,001,356 | ---- | M] () -- C:\Users\Berat\AppData\Local\d3d9caps.dat [2012.02.15 16:14:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.02.15 16:07:01 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3376503035-571490600-4091970899-1000UA.job [2012.02.15 16:00:00 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3376503035-571490600-4091970899-1000UA.job [2012.02.15 15:20:43 | 000,000,436 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Berat.job [2012.02.15 10:33:22 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{090556A9-9463-4EF4-B44A-E01CAA503B5F}.job [2012.02.15 10:16:38 | 000,045,056 | ---- | M] () -- C:\Windows\System32\acovcnt.exe [2012.02.14 21:00:00 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3376503035-571490600-4091970899-1000Core.job [2012.02.10 17:07:39 | 000,114,688 | ---- | M] () -- C:\Users\Berat\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.02.09 10:02:23 | 000,002,049 | ---- | M] () -- C:\Users\Berat\Desktop\Google Chrome.lnk ========== Files Created - No Company Name ========== [2012.02.15 19:26:31 | 000,054,016 | ---- | C] () -- C:\Windows\System32\drivers\bsfl.sys [2012.02.15 19:23:27 | 000,000,913 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2011.06.13 15:27:08 | 000,000,000 | ---- | C] () -- C:\Users\Berat\AppData\Local\{7B73C18E-B118-41FC-A318-6B0ACFFD228F} [2011.03.26 18:48:51 | 000,000,000 | ---- | C] () -- C:\Windows\System32\dlumd9.dll [2011.03.26 18:48:51 | 000,000,000 | ---- | C] () -- C:\Windows\System32\dlumd10.dll [2011.01.04 23:09:26 | 000,000,532 | ---- | C] () -- C:\Windows\eReg.dat [2011.01.04 16:10:58 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2011.01.04 16:10:56 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll [2011.01.04 16:10:56 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll [2011.01.04 16:10:56 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll [2011.01.04 16:10:56 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll [2010.12.26 17:47:49 | 000,081,738 | ---- | C] () -- C:\Windows\War3Unin.dat [2010.09.09 18:48:03 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll [2010.09.09 18:48:03 | 000,042,112 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys [2010.05.31 20:11:57 | 000,000,012 | ---- | C] () -- C:\Users\Berat\AppData\Roaming\vqdlkr.dat [2010.05.16 16:31:04 | 000,000,016 | ---- | C] () -- C:\Users\Berat\AppData\Roaming\qvjsge.dat [2010.05.10 12:37:52 | 000,142,848 | ---- | C] () -- C:\Windows\System32\drivers\WSR_RCI.SYS [2010.05.10 12:37:38 | 000,483,328 | ---- | C] () -- C:\Windows\System32\drivers\WSR_DWA.SYS [2010.05.10 12:37:14 | 000,794,624 | ---- | C] () -- C:\Windows\System32\drivers\WSR_HWA.SYS [2010.05.10 12:02:28 | 000,046,720 | ---- | C] () -- C:\Windows\System32\drivers\WSR_USF.sys [2010.04.18 11:56:40 | 000,098,944 | ---- | C] () -- C:\Windows\System32\drivers\WSR_CBA.SYS [2010.02.21 18:46:42 | 000,049,792 | ---- | C] () -- C:\Windows\System32\drivers\WSR_TBF.sys [2010.01.28 22:59:20 | 000,000,024 | ---- | C] () -- C:\Windows\ATKPF.ini [2009.12.28 00:05:26 | 000,001,356 | ---- | C] () -- C:\Users\Berat\AppData\Local\d3d9caps.dat [2009.11.22 13:16:09 | 000,000,430 | ---- | C] () -- C:\Users\Berat\AppData\Roaming\burnaware.ini [2009.11.20 21:35:02 | 000,114,688 | ---- | C] () -- C:\Users\Berat\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.08.15 18:03:53 | 000,037,232 | ---- | C] () -- C:\Windows\ASScrProlog.exe [2008.08.15 18:03:50 | 000,012,288 | ---- | C] () -- C:\Windows\impborl.dll [2008.08.15 18:03:39 | 000,033,136 | ---- | C] () -- C:\Windows\ASScrPro.exe [2008.08.15 17:58:31 | 000,045,056 | ---- | C] () -- C:\Windows\System32\acovcnt.exe [2008.08.15 17:56:01 | 000,000,024 | ---- | C] () -- C:\Windows\System32\ChkMail.ini [2008.08.15 16:24:56 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2008.04.16 12:11:34 | 000,618,430 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2008.04.16 12:11:34 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2008.04.16 12:11:34 | 000,122,842 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2008.04.16 12:11:34 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2008.04.16 11:43:39 | 000,000,010 | ---- | C] () -- C:\Windows\System32\ABLKSR.ini [2008.01.21 03:24:14 | 000,100,043 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2007.12.20 15:02:19 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll [2007.12.20 14:33:43 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat [2007.11.08 10:54:33 | 000,159,146 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2007.10.01 07:59:45 | 001,769,984 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys [2007.08.06 10:18:31 | 000,081,920 | ---- | C] () -- C:\Windows\PGMonitor.exe [2007.05.09 08:16:39 | 000,028,160 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys [2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 13:47:37 | 000,371,248 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 11:33:01 | 000,587,178 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 11:33:01 | 000,101,250 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2006.11.02 08:22:43 | 000,018,271 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2006.03.09 02:57:59 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll ========== LOP Check ========== [2011.11.06 12:53:26 | 000,000,000 | ---D | M] -- C:\Users\Berat\AppData\Roaming\Babylon [2011.11.06 12:54:10 | 000,000,000 | ---D | M] -- C:\Users\Berat\AppData\Roaming\Canneverbe Limited [2011.09.23 17:26:30 | 000,000,000 | ---D | M] -- C:\Users\Berat\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant [2011.09.17 10:39:18 | 000,000,000 | ---D | M] -- C:\Users\Berat\AppData\Roaming\Complitly [2010.12.24 09:13:09 | 000,000,000 | ---D | M] -- C:\Users\Berat\AppData\Roaming\DAEMON Tools Lite [2010.06.02 23:54:37 | 000,000,000 | ---D | M] -- C:\Users\Berat\AppData\Roaming\DeepBurner [2011.07.29 14:31:30 | 000,000,000 | ---D | M] -- C:\Users\Berat\AppData\Roaming\DVDVideoSoft [2011.03.29 17:50:47 | 000,000,000 | ---D | M] -- C:\Users\Berat\AppData\Roaming\DVDVideoSoftIEHelpers [2012.02.15 19:26:31 | 000,000,000 | ---D | M] -- C:\Users\Berat\AppData\Roaming\froot [2011.09.11 22:05:48 | 000,000,000 | ---D | M] -- C:\Users\Berat\AppData\Roaming\ManyCam [2011.11.06 12:53:56 | 000,000,000 | ---D | M] -- C:\Users\Berat\AppData\Roaming\OpenCandy [2010.09.09 19:04:13 | 000,000,000 | ---D | M] -- C:\Users\Berat\AppData\Roaming\PC Suite [2010.09.09 18:44:40 | 000,000,000 | ---D | M] -- C:\Users\Berat\AppData\Roaming\Samsung [2012.02.13 19:49:31 | 000,000,000 | ---D | M] -- C:\Users\Berat\AppData\Roaming\SmsDiscount [2011.10.14 17:05:43 | 000,000,000 | ---D | M] -- C:\Users\Berat\AppData\Roaming\TeamViewer [2010.12.27 14:07:48 | 000,000,000 | ---D | M] -- C:\Users\Berat\AppData\Roaming\TS3Client [2011.11.06 12:54:22 | 000,000,000 | ---D | M] -- C:\Users\Berat\AppData\Roaming\Uniblue [2011.01.02 15:16:55 | 000,000,000 | ---D | M] -- C:\Users\Berat\AppData\Roaming\wsIRC [2012.02.15 18:56:25 | 000,000,260 | ---- | M] () -- C:\Windows\Tasks\DriverScanner.job [2012.01.08 04:07:00 | 000,000,906 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3376503035-571490600-4091970899-1000Core.job [2012.02.15 16:07:01 | 000,000,928 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3376503035-571490600-4091970899-1000UA.job [2012.02.14 23:31:07 | 000,032,554 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2012.02.15 10:33:22 | 000,000,418 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{090556A9-9463-4EF4-B44A-E01CAA503B5F}.job ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2009.11.18 14:50:21 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN [2008.04.16 12:27:15 | 000,000,000 | -HSD | M] -- C:\Boot [2006.11.02 14:02:03 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2008.08.15 17:04:47 | 000,000,000 | ---D | M] -- C:\Intel [2008.08.15 16:26:15 | 000,000,000 | RH-D | M] -- C:\MSOCache [2008.01.21 03:32:31 | 000,000,000 | ---D | M] -- C:\PerfLogs [2012.02.15 19:23:25 | 000,000,000 | R--D | M] -- C:\Program Files [2012.02.15 19:23:26 | 000,000,000 | -H-D | M] -- C:\ProgramData [2008.08.15 17:48:47 | 000,000,000 | ---D | M] -- C:\RaidTool [2012.02.14 11:30:06 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2011.01.15 16:24:45 | 000,000,000 | ---D | M] -- C:\Temp [2009.11.18 14:44:26 | 000,000,000 | R--D | M] -- C:\Users [2011.12.15 10:52:17 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < MD5 for: AGP440.SYS > [2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys [2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys [2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys [2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys < MD5 for: ATAPI.SYS > [2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\drivers\atapi.sys [2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys [2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys [2006.11.02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys < MD5 for: CNGAUDIT.DLL > [2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll [2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll < MD5 for: EXPLORER.EXE > [2008.01.21 03:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\explorer.exe [2008.01.21 03:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe < MD5 for: IASTOR.SYS > [2007.09.29 16:03:11 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\Windows\System32\drivers\iaStor.sys [2007.09.29 16:03:11 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_7baf6192\iaStor.sys [2007.09.29 16:03:11 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_41af7b1f\iaStor.sys < MD5 for: IASTORV.SYS > [2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys [2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys [2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys [2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys < MD5 for: NETLOGON.DLL > [2008.01.21 03:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\System32\netlogon.dll [2008.01.21 03:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll < MD5 for: NVSTOR.SYS > [2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys [2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys [2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys [2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys < MD5 for: SCECLI.DLL > [2008.01.21 03:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\System32\scecli.dll [2008.01.21 03:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll < MD5 for: USER32.DLL > [2008.01.21 03:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\System32\user32.dll [2008.01.21 03:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll < MD5 for: USERINIT.EXE > [2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe [2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe < MD5 for: WINLOGON.EXE > [2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2008.01.21 03:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\System32\winlogon.exe [2008.01.21 03:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < MD5 for: WS2IFSL.SYS > [2008.01.21 03:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys [2008.01.21 03:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > [2008.01.21 04:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV [2008.01.21 04:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV [2008.01.21 04:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV [2006.11.02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV [2006.11.02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV < %systemroot%\system32\*.dll /lockedfiles > < %USERPROFILE%\*.* > [2010.09.08 14:55:56 | 000,096,969 | ---- | M] () -- C:\Users\Berat\00322294000955.png [2010.02.12 04:26:49 | 000,010,632 | ---- | M] () -- C:\Users\Berat\bekim kumanova.jpg [2010.10.09 02:18:26 | 000,038,822 | ---- | M] () -- C:\Users\Berat\linz_1242_00066.jpg [2012.02.15 19:32:23 | 004,718,592 | -HS- | M] () -- C:\Users\Berat\ntuser.dat [2012.02.15 19:32:23 | 000,262,144 | -H-- | M] () -- C:\Users\Berat\ntuser.dat.LOG1 [2009.11.18 14:44:27 | 000,000,000 | -H-- | M] () -- C:\Users\Berat\ntuser.dat.LOG2 [2010.01.05 02:07:58 | 000,065,536 | -HS- | M] () -- C:\Users\Berat\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf [2010.01.05 02:07:58 | 000,524,288 | -HS- | M] () -- C:\Users\Berat\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms [2009.11.18 16:14:53 | 000,524,288 | -HS- | M] () -- C:\Users\Berat\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms [2011.02.12 08:59:43 | 000,065,536 | -HS- | M] () -- C:\Users\Berat\ntuser.dat{40d64492-f996-11de-87a6-001f3c87b1c1}.TM.blf [2011.02.12 08:59:43 | 000,524,288 | -HS- | M] () -- C:\Users\Berat\ntuser.dat{40d64492-f996-11de-87a6-001f3c87b1c1}.TMContainer00000000000000000001.regtrans-ms [2010.01.05 02:15:28 | 000,524,288 | -HS- | M] () -- C:\Users\Berat\ntuser.dat{40d64492-f996-11de-87a6-001f3c87b1c1}.TMContainer00000000000000000002.regtrans-ms [2011.09.25 19:52:06 | 000,065,536 | -HS- | M] () -- C:\Users\Berat\ntuser.dat{4cca7e25-36a1-11e0-8c60-001f3c87b1c1}.TM.blf [2011.09.25 19:52:06 | 000,524,288 | -HS- | M] () -- C:\Users\Berat\ntuser.dat{4cca7e25-36a1-11e0-8c60-001f3c87b1c1}.TMContainer00000000000000000001.regtrans-ms [2011.02.12 16:39:42 | 000,524,288 | -HS- | M] () -- C:\Users\Berat\ntuser.dat{4cca7e25-36a1-11e0-8c60-001f3c87b1c1}.TMContainer00000000000000000002.regtrans-ms [2012.02.15 18:55:34 | 000,065,536 | -HS- | M] () -- C:\Users\Berat\ntuser.dat{7f80f0a5-e7a9-11e0-9d74-c1bba3e9be8d}.TM.blf [2012.02.15 18:55:34 | 000,524,288 | -HS- | M] () -- C:\Users\Berat\ntuser.dat{7f80f0a5-e7a9-11e0-9d74-c1bba3e9be8d}.TMContainer00000000000000000001.regtrans-ms [2011.09.25 20:35:09 | 000,524,288 | -HS- | M] () -- C:\Users\Berat\ntuser.dat{7f80f0a5-e7a9-11e0-9d74-c1bba3e9be8d}.TMContainer00000000000000000002.regtrans-ms [2011.09.25 20:17:30 | 000,065,536 | -HS- | M] () -- C:\Users\Berat\ntuser.dat{de91361a-e7a6-11e0-8f18-d6d1de520e52}.TM.blf [2011.09.25 20:17:30 | 000,524,288 | -HS- | M] () -- C:\Users\Berat\ntuser.dat{de91361a-e7a6-11e0-8f18-d6d1de520e52}.TMContainer00000000000000000001.regtrans-ms [2011.09.25 20:05:48 | 000,524,288 | -HS- | M] () -- C:\Users\Berat\ntuser.dat{de91361a-e7a6-11e0-8f18-d6d1de520e52}.TMContainer00000000000000000002.regtrans-ms [2009.11.18 14:44:27 | 000,000,020 | -HS- | M] () -- C:\Users\Berat\ntuser.ini < %USERPROFILE%\Local Settings\Temp\*.exe > < %USERPROFILE%\Local Settings\Temp\*.dll > < %USERPROFILE%\Application Data\*.exe > < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16 ========== Alternate Data Streams ========== @Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:D1B5B4F1 < End of report > Extra: Code:
ATTFilter OTL Extras logfile created on: 15.02.2012 19:29:15 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Berat\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 2,50 Gb Available Physical Memory | 83,38% Memory free
6,19 Gb Paging File | 5,93 Gb Available in Paging File | 95,76% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 133,87 Gb Total Space | 45,27 Gb Free Space | 33,81% Space Free | Partition Type: NTFS
Drive D: | 89,25 Gb Total Space | 87,74 Gb Free Space | 98,31% Space Free | Partition Type: NTFS
Computer Name: BERAT-PC | User Name: Berat | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0B179399-4544-4852-9BD6-F2661F1BF647}" = lport=445 | protocol=6 | dir=in | app=system |
"{14219EA2-38E7-4F7A-A682-4B39D18EA002}" = rport=137 | protocol=17 | dir=out | app=system |
"{2B16C6CE-A5CC-4CB5-A7AA-0AD596E573FC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{35323782-09B6-4AAB-A9B6-1C74B6221796}" = rport=138 | protocol=17 | dir=out | app=system |
"{53141A96-39EE-48C4-9999-DC1617EA39BB}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{5D9676F9-FDC1-43B8-9355-37F8C1AECFB0}" = rport=445 | protocol=6 | dir=out | app=system |
"{782F6F60-290F-474B-B541-6BCDC84B31B9}" = lport=139 | protocol=6 | dir=in | app=system |
"{7B101F2D-C696-4F8E-8216-3A36B7521265}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{7CAB9CDA-A403-4349-B288-487B9A44BA0C}" = lport=137 | protocol=17 | dir=in | app=system |
"{83A3EA7A-61E2-4924-88B0-93897D14C1F6}" = lport=138 | protocol=17 | dir=in | app=system |
"{99576FE1-DE61-4C92-A811-AB284EFE2347}" = rport=139 | protocol=6 | dir=out | app=system |
"{DB23FB6E-72C5-453C-AAB6-DE3DA31E79BF}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{DB40C60D-9F22-421E-8680-45994A41998E}" = lport=2869 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{095C4FF8-3621-4888-81D0-44CBE53D049C}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{1CD3AA9E-E57E-4D71-BE4D-5CFB13A2DB3B}" = protocol=6 | dir=in | app=c:\users\berat\downloads\sweetimsetup(4).exe |
"{216ED0D4-3CD4-4A27-9DB8-C891C10C2B14}" = protocol=17 | dir=in | app=c:\users\berat\downloads\sweetimsetup.exe |
"{2426DF62-C530-46C8-8192-C9385A66B530}" = protocol=6 | dir=in | app=c:\users\berat\downloads\sweetimsetup(3).exe |
"{246F45B8-760F-4582-8815-D0DBC4A4BB4F}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{33D82010-AA34-41B6-AB99-ADDE3037E606}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{558360F4-C99E-483B-890A-E4A7859EB4A2}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5C43802A-16BE-4952-B185-E6A77EE6027D}" = protocol=17 | dir=in | app=c:\users\berat\downloads\sweetimsetup(4).exe |
"{5CFB7F63-E4EC-41C2-8A2D-E842512A76DC}" = protocol=17 | dir=in | app=c:\users\berat\downloads\sweetimsetup(3).exe |
"{5F605075-98A1-44B6-BAD8-D968E14493F2}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version6\teamviewer.exe |
"{616A600D-3234-44E5-872F-03D60D55A44A}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{6594D1DF-7727-49F6-8C66-2477F0289DB8}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe |
"{6A2ED1CF-A105-4E25-9B00-89B7518FC9F6}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\dota 2 beta\dota.exe |
"{6E45622A-401D-49D0-A3D5-1E97100A566A}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version6\teamviewer.exe |
"{6F7E9181-0EA0-4C9E-91F0-3B861B47FF46}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe |
"{7CEB15C1-46CB-40F5-9589-8EAA908C7EBB}" = dir=in | app=c:\users\berat\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{87A1674F-6304-45B8-B2C5-3D3D361B7C76}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe |
"{954D7977-756E-4EE7-AA29-08236FEB5D06}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version6\teamviewer_service.exe |
"{95E0A4E1-1AA4-42A0-8EB8-7EE8479EFF45}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{972032A0-5619-44EF-BAA6-E6DF737D7628}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{98A5A84A-1F6C-4CA4-96A3-E84A610730E6}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe |
"{9A10A49D-3E8A-479E-AE30-DC861BA01065}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{A143B558-67A7-4940-8ADA-74F1597F8FA4}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\dota 2 beta\dota.exe |
"{A4D87FE2-45D3-4D71-9298-126B3F62D5EC}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe |
"{A8B0B3BF-C1F6-42AB-B686-C72AF7E74F5E}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{B0F5A85E-4FAE-4C44-BFA9-65B84C938E24}" = protocol=17 | dir=in | app=c:\program files\smsdiscount.com\smsdiscount\smsdiscount.exe |
"{B2431A8D-F9FA-4C5C-B663-0D8969764B9B}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{C11EAD8A-EECC-47DF-BA59-BE52B90C8588}" = protocol=6 | dir=in | app=e:\hiw\stinstall.exe |
"{C7E57A3B-5486-477D-8BF5-F2D59FFB673B}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{C811C791-ABB7-4208-BFE8-EF1986EDD343}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{CE74CF4D-66D5-4345-816A-A81D96E09A2B}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe |
"{D2FC39EB-5A25-4511-9C0B-A644CA30B050}" = protocol=17 | dir=in | app=e:\hiw\stinstall.exe |
"{E6819C98-8AB9-457F-9461-38E54929056E}" = protocol=6 | dir=in | app=c:\users\berat\downloads\sweetimsetup.exe |
"{ED3D21E9-3CCD-4EFA-981C-13B82072C1F3}" = protocol=6 | dir=in | app=c:\program files\smsdiscount.com\smsdiscount\smsdiscount.exe |
"{FB54E73F-C4E9-4E81-A3FA-0BD71011DD3E}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version6\teamviewer_service.exe |
"{FE6A5130-BEAF-432D-992D-4D92AEFEB22A}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"TCP Query User{17D4B02F-1445-4780-9DB6-B71E93CD811C}C:\program files\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files\mirc\mirc.exe |
"TCP Query User{30143B5E-7517-4712-9571-034E542572CF}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"TCP Query User{84A8D46E-DD3B-4387-8B9D-A686CDAB5E60}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe |
"TCP Query User{A2228783-39CC-40DB-859D-C4B99F869E3E}D:\warcraft iii\war3.exe" = protocol=6 | dir=in | app=d:\warcraft iii\war3.exe |
"TCP Query User{F933CEA4-B78B-43A4-91EB-3549F66CF7C9}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{424C64A5-206E-40E7-B012-970213BAFCE1}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{7DEA36BB-4FEC-4DBD-92A4-73CFCF5ED2A0}C:\program files\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files\mirc\mirc.exe |
"UDP Query User{A84C00BE-ED2E-4D4A-BBA7-3F62A46710BE}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"UDP Query User{DF2C465D-13AC-46D4-80E3-DF8297DFEDD5}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe |
"UDP Query User{FA2615A3-76D9-4CF1-8895-5DA6FFBC6D4E}D:\warcraft iii\war3.exe" = protocol=17 | dir=in | app=d:\warcraft iii\war3.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{004C5DA2-2051-4D25-94BA-51CF810C91EB}" = LightScribe System Software 1.12.37.1
"{025F9C8B-27B3-76B0-08E8-4EB918DE287B}" = Catalyst Control Center Localization Dutch
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0813BDD1-7E8E-4F18-A13C-037CDD7F9A48}" = Catalyst Control Center Localization Chinese Traditional
"{0B3ED35F-3BDC-72FE-3477-A7CA54325F06}" = CCC Help Chinese Traditional
"{0B950F52-0FD9-C679-6FD0-C4D4F43ACA3E}" = Catalyst Control Center Localization Greek
"{0E4DC8EF-9438-AEEF-A042-851C2EA86FEA}" = Catalyst Control Center Localization Finnish
"{139B0FFA-187E-4BA1-BCA6-6B56B2B6AB8C}" = ATK Media
"{1A915E9E-75A0-5FD6-53C3-D2E5EDA27B52}" = Catalyst Control Center Localization Polish
"{1BDCA62C-699A-A3C2-57C6-D496414BA297}" = Catalyst Control Center Graphics Full New
"{1C8521E5-5A7B-4A4E-A9CD-AD53116EAEE0}" = ASUS Data Security Manager
"{1CE34A07-F95C-C749-B8FB-10BEFBB5D917}" = Catalyst Control Center Localization Swedish
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22AD2DF3-00C4-68EB-8D2A-C5AC60BDA907}" = CCC Help Greek
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2396F815-84E0-4353-83D7-8B190556DA42}" = ASUS CopyProtect
"{24339461-1E3B-290E-613E-B0B234B64ABE}" = Catalyst Control Center Localization Japanese
"{250F0996-1830-40C8-9B1D-6874D808DD95}" = ChkMail
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 29
"{27DB888F-A703-E898-6261-D84260EF93DA}" = Catalyst Control Center Core Implementation
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{337C0055-BE59-63E5-72AE-DAED46ED980B}" = CCC Help Korean
"{342D2010-703F-2098-441E-F96F532EBD09}" = CCC Help Chinese Standard
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{34610DE0-3C13-42CA-8E32-01FFA38AB6E8}" = PC Connectivity Solution
"{3912D529-02BC-4CA8-B5ED-0D0C20EB6003}" = ATK Hotkey
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMB36X Raid Configurer
"{3A9A74B7-DAE0-EB01-E51A-D2A6720CF135}" = CCC Help Japanese
"{3E7CE151-F6EC-8550-9B73-427F6A89AC42}" = CCC Help Polish
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{45936E5D-5CEB-A100-8694-B62523FD99C6}" = Catalyst Control Center Localization German
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BE52CD7-9B51-F4D8-ED51-8E89324F3EBD}" = Catalyst Control Center Localization Norwegian
"{4EE9DA0A-4CED-1FB9-3231-24C85855A387}" = Catalyst Control Center Localization Spanish
"{4FFBB818-B13C-11E0-931D-B2664824019B}_is1" = Complitly
"{50DD51CF-31D8-7831-D4E8-E13E0A736D93}" = Catalyst Control Center Localization Russian
"{52159193-1EA1-B129-7C03-7120CB0C502E}" = CCC Help Portuguese
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{52E43F33-7D7C-3209-0539-1B2A43010E0D}" = Catalyst Control Center Localization Turkish
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{57B15AD4-8C9D-4164-82BB-E33D8644E757}" = ASUS InstantFun
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{58752780-E21C-A458-2397-BD8D5E3CB0C1}" = Catalyst Control Center Localization Portuguese
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.52.02
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5C1DB4ED-E9B4-402D-BB14-D75D97D6C1A6}" = ATKOSD2
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{624E54D0-E4F4-434F-9EF6-D4D066EE4348}" = Facebook Video Calling 1.1.1.1
"{6324A1EF-CEF4-43E3-8BCD-9EF3F67317FD}" = NB Probe
"{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6602C18D-52EC-BB1F-C3B9-EFF2F1463A58}" = Catalyst Control Center Localization Thai
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D45461F-F0FF-4E32-A16D-C636722FCA12}" = devolo Vianect AIR Manager
"{6E32B134-CA8D-49DD-B94C-0DB155CE70B5}" = ccc-Branding
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{77AD4A77-F70F-84BC-B52B-91DAB868EF27}" = CCC Help Czech
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 3.1.0
"{83F73CB1-7705-49D1-9852-84D839CA2A45}" = Wireless Console 2
"{84C176F9-1DAE-803C-5993-CF8703AE5841}" = Adobe Download Assistant
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{872717DD-EE82-F142-4DF7-0308772A8DE4}" = ccc-utility
"{88D44595-9B8E-38FF-7CD9-F5A1423BA2D6}" = Catalyst Control Center Graphics Light
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8CFEBE9C-F29F-4C49-80E0-7106970F8734}" = Power4Gear eXtreme
"{8D3D4041-DA1D-F814-B37E-ABF774556DAA}" = Catalyst Control Center Localization Italian
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{900F0963-B211-5692-EEEC-4DFF6F7321F6}" = CCC Help Swedish
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-040C-0000-0000000FF1CE}" = Microsoft Office Access MUI (French) 2007
"{90120000-0015-0410-0000-0000000FF1CE}" = Microsoft Office Access MUI (Italian) 2007
"{90120000-0015-0413-0000-0000000FF1CE}" = Microsoft Office Access MUI (Dutch) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-040C-0000-0000000FF1CE}" = Microsoft Office Excel MUI (French) 2007
"{90120000-0016-0410-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Italian) 2007
"{90120000-0016-0413-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Dutch) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (French) 2007
"{90120000-0018-0410-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Italian) 2007
"{90120000-0018-0413-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Dutch) 2007
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-040C-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (French) 2007
"{90120000-0019-0410-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Italian) 2007
"{90120000-0019-0413-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Dutch) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-040C-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (French) 2007
"{90120000-001A-0410-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Italian) 2007
"{90120000-001A-0413-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Dutch) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-040C-0000-0000000FF1CE}" = Microsoft Office Word MUI (French) 2007
"{90120000-001B-0410-0000-0000000FF1CE}" = Microsoft Office Word MUI (Italian) 2007
"{90120000-001B-0413-0000-0000000FF1CE}" = Microsoft Office Word MUI (Dutch) 2007
"{90120000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2007
"{90120000-002C-0410-0000-0000000FF1CE}" = Microsoft Office Proofing (Italian) 2007
"{90120000-002C-0413-0000-0000000FF1CE}" = Microsoft Office Proofing (Dutch) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2007
"{90120000-006E-0410-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Italian) 2007
"{90120000-006E-0413-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Dutch) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91AA9814-7B89-DA53-5FCA-EBDCDAC4F611}" = CCC Help Italian
"{92C98289-5C00-4A4E-03ED-6E59F7D73435}" = Catalyst Control Center Localization Chinese Standard
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{97C9E93A-7DEA-37C2-50F0-E6172D91DEE6}" = CCC Help German
"{97F73E68-213C-6F88-A590-9C600186E36C}" = CCC Help Finnish
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BF9D522-7FA6-D442-9769-558E3B4503F0}" = Skins
"{9D48531D-2135-49FC-BC29-ACCDA5396A76}" = ASUS MultiFrame
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A7A34FC9-DF24-4A36-00AD-D4EFE94CC116}" = SimCity 4 Deluxe
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB870B63-94EF-0B0A-340E-62CAF5D48B17}" = CCC Help French
"{AC76BA86-7AD7-1031-7B44-A81200000003}" = Adobe Reader 8.1.2 - Deutsch
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B6512E97-FFA8-6A76-4B07-036784E56A7B}" = Catalyst Control Center Localization Czech
"{B7DBF6E8-0D17-4BE4-853B-ACD6EFBD4A1F}" = iTunes
"{B8F1FA25-D1F3-5DEB-5AE2-18E72A2955CA}" = Catalyst Control Center Localization Danish
"{B935DAF9-605C-A1F8-7A4E-BE87E82B7237}" = CCC Help Norwegian
"{C0BAF48F-940E-7AC7-63B3-BDFAF8A6CCA5}" = CCC Help Thai
"{C0FC1C14-4824-4A73-87A6-9E888C9C3102}" = ASUS Splendid Video Enhancement Technology
"{C1B22596-9F6C-6795-F374-D6843ABA8A9A}" = Catalyst Control Center Localization Korean
"{C1D783C5-D3ED-D03E-59CE-1FCC0C059B0F}" = ATI Catalyst Install Manager
"{C2F8CA82-2BD9-4513-B2D1-08A47914C1DA}_is1" = Uniblue DriverScanner
"{C376495E-6F9D-2A3A-329E-960682A22B3B}" = Catalyst Control Center Localization Hungarian
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C6FB5BC4-823A-FE8B-01CB-3A7F51B4C9C2}" = ccc-core-static
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D02505DA-696D-4114-84F7-72A468A074B9}" = devolo Vianect AIR TV
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D3D54F3E-C5C3-443D-978F-87A72E5616E8}" = ATK Generic Function Service
"{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}" = GTA San Andreas
"{D8438AE5-4BE7-CEC7-D0AA-189B34C4628F}" = CCC Help Dutch
"{DE10AB76-4756-4913-BE25-55D1C1051F9A}" = WinFlash
"{DF4EB70F-6EBF-AD9E-AF89-D1398A284C86}" = Catalyst Control Center Graphics Previews Common
"{E037311F-0715-DB85-4394-6B09A66605C0}" = CCC Help Spanish
"{E1D0A2DB-9B8D-E7B1-295B-DDAB0B9A423F}" = Catalyst Control Center Localization French
"{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update
"{EAF8F949-849D-9E39-2A86-0DB83A90405B}" = Catalyst Control Center Graphics Full Existing
"{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera
"{EDFE36E7-B60E-BF8E-F2DF-0DD61B1E3CAE}" = CCC Help Hungarian
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F656696C-CF30-03E5-03A8-05078E02ACEB}" = CCC Help Danish
"{F6CAF803-A534-705F-A673-A04FCEC5AFC9}" = CCC Help Russian
"{F7F10613-0F49-4001-AC23-B6F5163F838D}" = DisplayLink Core Software
"{FC3D290D-79BE-44B7-ABF9-FDD110925930}" = P4P
"{FCABF3BF-D716-980B-F463-32D5734A3DB4}" = CCC Help English
"{FCED9B62-34FF-4C15-8A23-F65221F7874D}" = ITECIR Driver
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FE0C4C63-56C1-087C-3404-C547405FCEA7}" = Catalyst Control Center Graphics Previews Vista
"{FE44D8AC-80B2-A8BA-291F-59109DE96C11}" = CCC Help Turkish
"2EFF310ED3BF3BFB24E6CC25AEB5491813E56803" = Windows Driver Package - ITE Tech.Inc. (itecir) HIDClass (06/20/2007 5.0.0004.2)
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"AC3Filter" = AC3Filter (remove only)
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Asus_Camera_ScreenSaver" = Asus_Camera_ScreenSaver
"Athan" = Athan Basic 4.2
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"BabylonToolbar" = Babylon toolbar on IE
"BurnAware Free_is1" = BurnAware Free 2.4.1
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"conduitEngine" = Conduit Engine
"Die Gilde Gold Update v. 2.06 " = Die Gilde Gold Update v. 2.06
"Die Gilde Gold-Edition" = Die Gilde Gold-Edition
"DivX Setup.divx.com" = DivX-Setup
"DotAlicious Gaming Client" = DotAlicious Gaming Client
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.5.722
"Freecorder Toolbar" = Freecorder Toolbar
"Freecorder4.12" = Freecorder 4
"Freecorder5.05" = Freecorder 5
"Garena" = Garena 2010
"HSPA USB MODEM ALCATEL_is1" = HSPA USB MODEM
"InstallShield_{6D45461F-F0FF-4E32-A16D-C636722FCA12}" = devolo Vianect AIR Manager
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.1.1000
"ManyCam" = ManyCam 2.6.55 (remove only)
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"mIRC" = mIRC
"Mozilla Firefox (3.6.26)" = Mozilla Firefox (3.6.26)
"NSS" = Norton Security Scan
"PROHYBRIDR" = 2007 Microsoft Office system
"RealPlayer 12.0" = RealPlayer
"SmsDiscount_is1" = SmsDiscount
"SMSERIAL" = Motorola SM56 Speakerphone Modem
"Steam App 570" = Dota 2
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TeamViewer 6" = TeamViewer 6
"TeamViewer 7" = TeamViewer 7
"Uninstall_is1" = Uninstall 1.0.0.1
"USB 2.0 1.3M UVC WebCam" = USB 2.0 1.3M UVC WebCam
"USB MP3 Player WIN98 Drivers" = USB MP3 Player WIN98 Drivers
"Warcraft III" = Warcraft III
"Warkeys" = Warkeys 1.18.1.0b
"Winamp" = Winamp
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Warcraft III" = Warcraft III: All Products
"Winamp Detect" = Winamp Erkennungs-Plug-in
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 17.11.2010 03:55:21 | Computer Name = Berat-PC | Source = WinMgmt | ID = 10
Description =
Error - 17.11.2010 11:37:18 | Computer Name = Berat-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 17.11.2010 11:37:18 | Computer Name = Berat-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 17.11.2010 11:38:19 | Computer Name = Berat-PC | Source = WinMgmt | ID = 10
Description =
Error - 17.11.2010 18:36:07 | Computer Name = Berat-PC | Source = EventSystem | ID = 4621
Description =
Error - 18.11.2010 05:23:51 | Computer Name = Berat-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 18.11.2010 05:23:51 | Computer Name = Berat-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 18.11.2010 05:24:56 | Computer Name = Berat-PC | Source = WinMgmt | ID = 10
Description =
Error - 18.11.2010 08:50:25 | Computer Name = Berat-PC | Source = EventSystem | ID = 4621
Description =
Error - 18.11.2010 09:39:51 | Computer Name = Berat-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
[ OSession Events ]
Error - 24.05.2010 13:17:44 | Computer Name = Berat-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 51
seconds with 0 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 20.02.2011 19:15:48 | Computer Name = Berat-PC | Source = DCOM | ID = 10010
Description =
Error - 21.02.2011 02:51:38 | Computer Name = Berat-PC | Source = HTTP | ID = 15016
Description =
Error - 21.02.2011 02:52:24 | Computer Name = Berat-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =
Error - 21.02.2011 18:47:25 | Computer Name = Berat-PC | Source = DCOM | ID = 10010
Description =
Error - 22.02.2011 05:52:49 | Computer Name = Berat-PC | Source = HTTP | ID = 15016
Description =
Error - 22.02.2011 05:53:29 | Computer Name = Berat-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =
Error - 22.02.2011 18:37:32 | Computer Name = Berat-PC | Source = DCOM | ID = 10010
Description =
Error - 23.02.2011 04:13:28 | Computer Name = Berat-PC | Source = HTTP | ID = 15016
Description =
Error - 23.02.2011 04:14:06 | Computer Name = Berat-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =
Error - 23.02.2011 07:06:10 | Computer Name = Berat-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 23.02.2011 um 12:01:18 unerwartet heruntergefahren.
< End of report >
|
|
15.02.2012, 20:43
| #4 |
| /// Malware-holic | Ukash-BKA Trojaner - Ransomware öffne malwarebytes, poste alle berichte.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
15.02.2012, 20:46
| #5 |
| | Ukash-BKA Trojaner - Ransomware Hab ich nur gerad installiert als ich noch auf deine erste Antwort wartete. Hab einen prozess-scan gemacht. Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.60.1.1000 www.malwarebytes.org Datenbank Version: v2012.02.15.03 Windows Vista Service Pack 1 x86 NTFS (Abgesichertenmodus/Netzwerkfähig) Internet Explorer 7.0.6001.18000 Berat :: BERAT-PC [Administrator] Schutz: Deaktiviert 15.02.2012 19:24:36 mbam-log-2012-02-15 (19-24-36).txt Art des Suchlaufs: Flash-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: Registrierung | Dateisystem | P2P Durchsuchte Objekte: 127244 Laufzeit: 1 Minute(n), 45 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|froot (Trojan.VUPX.TP1) -> Daten: C:\Users\Berat\AppData\Roaming\froot\froot.exe -b -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\Users\Berat\AppData\Roaming\froot\froot.exe (Trojan.VUPX.TP1) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) |
|
15.02.2012, 20:58
| #6 |
| /// Malware-holic | Ukash-BKA Trojaner - Ransomware hi, du kannst wieder in den normalen modus, aber nur auf von mir genannten seiten surfen, das teil hat einige sicherheitslücken. Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde! Bitte downloade dir Combofix.exe und speichere es unbedingt auf deinem Desktop.
__________________ --> Ukash-BKA Trojaner - Ransomware |
|
15.02.2012, 22:10
| #7 |
| | Ukash-BKA Trojaner - RansomwareCode:
ATTFilter ComboFix 12-02-15.01 - Berat 15.02.2012 21:20:20.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.49.1031.18.3070.1963 [GMT 1:00]
ausgeführt von:: c:\users\Berat\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\iun6002.exe
c:\windows\system32\muzapp.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-01-15 bis 2012-02-15 ))))))))))))))))))))))))))))))
.
.
2012-02-15 20:49 . 2012-02-15 20:50 -------- d-----w- c:\users\Berat\AppData\Local\temp
2012-02-15 20:49 . 2012-02-15 20:49 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-15 18:23 . 2012-02-15 18:23 -------- d-----w- c:\users\Berat\AppData\Roaming\Malwarebytes
2012-02-15 18:23 . 2012-02-15 18:23 -------- d-----w- c:\programdata\Malwarebytes
2012-02-15 18:23 . 2012-02-15 18:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-02-15 18:23 . 2011-12-10 14:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-15 15:26 . 2012-02-15 18:26 -------- d-----w- c:\users\Berat\AppData\Roaming\froot
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-15 20:04 . 2008-08-15 16:58 45056 ----a-w- c:\windows\system32\acovcnt.exe
2011-12-15 10:37 . 2011-12-15 10:37 1207568 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-11-21 15:25 . 2011-06-01 20:50 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{1392b8d2-5c05-419f-a8f6-b9f15a596612}"= "c:\program files\Freecorder\prxtbFree.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
2011-01-17 14:54 175912 ----a-w- c:\program files\Freecorder\prxtbFree.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 14:54 175912 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-08-23 19:20 1515688 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-08-23 1515688]
"{1392b8d2-5c05-419f-a8f6-b9f15a596612}"= "c:\program files\Freecorder\prxtbFree.dll" [2011-01-17 175912]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-08-23 1515688]
"{1392B8D2-5C05-419F-A8F6-B9F15A596612}"= "c:\program files\Freecorder\prxtbFree.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 00:08 143360 ----a-w- c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-03-18 2289664]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2011-01-05 3370296]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"KiesHelper"="c:\program files\Samsung\Kies\KiesHelper.exe" [2011-01-05 860472]
"DriverScanner"="c:\program files\Uniblue\DriverScanner\launcher.exe" [2011-05-16 338296]
"Facebook Update"="c:\users\Berat\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2011-12-25 137536]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-11-22 630784]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-15 4874240]
"ATKOSD2"="c:\program files\ATKOSD2\ATKOSD2.exe" [2007-10-18 7737344]
"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMEDIA.EXE" [2006-11-02 61440]
"ChkMail"="c:\program files\ChkMail\ChkMail\ChkMail.exe" [2007-07-14 741376]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1029416]
"PowerForPhone"="c:\program files\P4P\P4P.exe" [2007-08-03 778240]
"ASUS Screen Saver Protector"="c:\windows\ASScrPro.exe" [2008-08-15 33136]
"ASUS Camera ScreenSaver"="c:\windows\ASScrProlog.exe" [2008-08-15 37232]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"WirelessUSBManager"="c:\program files\devolo Vianect AIR Manager\Components\WirelessUSBManager\WirelessUSBManager.exe" [2010-06-24 2516816]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2011-08-23 887976]
"PDFPrint"="c:\program files\PDF24\pdf24.exe" [2011-06-16 220552]
"Freecorder FLV Service"="c:\program files\Freecorder\FLVSrvc.exe" [2011-03-24 167936]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"TkBellExe"="c:\program files\real\realplayer\Update\realsched.exe" [2011-11-04 273528]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2011-10-26 74752]
"Athan"="c:\program files\Athan\Athan.exe" [2011-11-20 1204224]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-12-08 421736]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
c:\users\Berat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
My_AutoWarkey_Script.lnk - c:\program files\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe [2009-9-25 245248]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2011-11-12 18:57 1242448 ----a-w- c:\program files\Steam\Steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - MBAMPROTECTOR
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-03-18 00:56 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners
.
2012-02-15 c:\windows\Tasks\DriverScanner.job
- c:\program files\Uniblue\DriverScanner\dsmonitor.exe [2011-11-06 10:22]
.
2012-01-08 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3376503035-571490600-4091970899-1000Core.job
- c:\users\Berat\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-12-25 03:02]
.
2012-02-15 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3376503035-571490600-4091970899-1000UA.job
- c:\users\Berat\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-12-25 03:02]
.
2012-02-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-30 13:28]
.
2012-02-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-30 13:28]
.
2012-02-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3376503035-571490600-4091970899-1000Core.job
- c:\users\Berat\AppData\Local\Google\Update\GoogleUpdate.exe [2010-03-11 14:41]
.
2012-02-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3376503035-571490600-4091970899-1000UA.job
- c:\users\Berat\AppData\Local\Google\Update\GoogleUpdate.exe [2010-03-11 14:41]
.
2012-02-15 c:\windows\Tasks\Norton Security Scan for Berat.job
- c:\progra~1\NORTON~2\Engine\351~1.8\Nss.exe [2011-10-27 23:02]
.
2012-02-15 c:\windows\Tasks\User_Feed_Synchronization-{090556A9-9463-4EF4-B44A-E01CAA503B5F}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 02:24]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://google.at/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Free YouTube to Mp3 Converter - c:\users\Berat\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
TCP: DhcpNameServer = 192.168.0.1
DPF: {E55FD215-A32E-43FE-A777-A7E8F165F560} - hxxp://92.51.137.94/objects/NpFv522.dll
FF - ProfilePath - c:\users\Berat\AppData\Roaming\Mozilla\Firefox\Profiles\g4impjmr.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)
FF - prefs.js: browser.startup.homepage - google.at
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
FF - Ext: CNExtend: cnextend@babelphish.net - %profile%\extensions\cnextend@babelphish.net
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - user.js: yahoo.homepage.dontask - true
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
HKCU-Run-DU Meter - c:\program files\DU Meter\DUMeter.exe
AddRemove-Athan - c:\windows\iun6002.exe
AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\SAMSUNG\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-07_Schorl - c:\program files\SAMSUNG\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-15_Symbian_Samsung_PC_DLC_Driver - c:\program files\SAMSUNG\USB Drivers\15_Symbian_Samsung_PC_DLC_Driver\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-02-15 21:50
Windows 6.0.6001 Service Pack 1 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
.
C:\ADSM_PData_0150
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 1
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2012-02-15 22:03:22
ComboFix-quarantined-files.txt 2012-02-15 21:03
.
Vor Suchlauf: 8 Verzeichnis(se), 45.331.279.872 Bytes frei
Nach Suchlauf: 12 Verzeichnis(se), 47.943.376.896 Bytes frei
.
- - End Of File - - D56CAC11C4A4F9195874DA9440DA9975
|
|
16.02.2012, 12:55
| #8 |
| /// Malware-holic | Ukash-BKA Trojaner - Ransomware lade den CCleaner standard: CCleaner Download - CCleaner 3.15.1643 falls der CCleaner bereits instaliert, überspringen. instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
16.02.2012, 14:55
| #9 |
| | Ukash-BKA Trojaner - Ransomware PUh das ist schwierig. Wie gesagt, ist nicht mein Laptop und da kann ich schwierig entscheiden. Ich habe alle unnötigen Programme markiert. Bei allem anderen würde ich sie am liebsten behalten, es sei denn du sagst irgendetwas ist ein totales no-go oder so. Code:
ATTFilter 2007 Microsoft Office system Microsoft Corporation 14.08.2008 1.022MB 12.0.4518.1014 AC3Filter (remove only) 18.11.2009 4,16MB Activation Assistant for the 2007 Microsoft Office suites Microsoft Corporation 14.08.2008 13,5MB Adobe AIR Adobe Systems Incorporated 22.09.2011 30,1MB 2.7.1.19610 Adobe Download Assistant Adobe Systems Incorporated 22.09.2011 2,88MB 1.0.4 Adobe Flash Player 11 ActiveX Adobe Systems Incorporated 20.11.2011 11.1.102.55 Adobe Flash Player 11 Plugin Adobe Systems Incorporated 13.11.2011 11.1.102.55 Adobe Reader 8.1.2 - Deutsch Adobe Systems Incorporated 17.11.2009 99,6MB 8.1.2 Apple Application Support Apple Inc. 13.12.2011 61,2MB 2.1.6 Apple Mobile Device Support Apple Inc. 14.12.2011 24,1MB 4.0.0.97 Apple Software Update Apple Inc. 13.12.2011 2,38MB 2.1.3.127 Ask Toolbar Ask.com 13.09.2011 5,59MB 1.13.1.0 <--- unnötig ASUS CopyProtect ASUS 14.08.2008 5,11MB 1.00.0004 ASUS Data Security Manager ASUS 14.08.2008 4,95MB 1.00.0006 ASUS InstantFun ASUS 14.08.2008 14,6MB 1.0.0015 ASUS LifeFrame3 ASUS 14.08.2008 27,7MB 3.0.6 ASUS Live Update ASUS 14.08.2008 0,46MB 2.5.6 ASUS MultiFrame 17.11.2009 1,19MB 1.0.0016 ASUS SmartLogon ASUS 14.08.2008 10,5MB 1.0.0004 ASUS Splendid Video Enhancement Technology ASUS 14.08.2008 16,6MB 1.02.0020 ASUS Virtual Camera asus 17.11.2009 2,71MB 1.0.08 Asus_Camera_ScreenSaver ASUS 14.08.2008 2.0.0006 ATI Catalyst Install Manager ATI Technologies, Inc. 14.08.2008 13,9MB 3.0.657.0 ATK Generic Function Service ATK 14.08.2008 0,45MB 1.00.0008 ATK Hotkey ATK 14.08.2008 5,86MB 1.00.0027 ATK Media 14.08.2008 0,63MB ATKOSD2 ATK 14.08.2008 7,38MB 6.64.1.6 Avira AntiVir Personal - Free Antivirus Avira GmbH 24.02.2010 85,5MB Babylon toolbar on IE 05.11.2011 1,75MB <--- unnötig Bonjour Apple Inc. 14.12.2011 1,03MB 3.0.0.10 BurnAware Free 2.4.1 Burnaware Technologies 21.11.2009 16,0MB CCleaner Piriform 15.02.2012 4,24MB 3.15 CDBurnerXP CDBurnerXP 05.11.2011 17,3MB 4.3.9.2762 ChkMail ChkMail 14.08.2008 0,71MB 2.0.0.16 Complitly 16.09.2011 0,78MB Conduit Engine Conduit Ltd. 16.09.2011 4,28MB <---unnötig CyberLink LabelPrint CyberLink Corp. 14.08.2008 86,4MB 2.0.2830 devolo Vianect AIR Manager devolo AG 25.03.2011 8,33MB 14.2.51.16 devolo Vianect AIR TV devolo 26.03.2011 1,23MB 5.3.26044.0 Die Gilde Gold Update v. 2.06 Die Gilde Gold-Edition 23.12.2010 1.000MB DisplayLink Core Software DisplayLink Corp. 25.03.2011 13,8MB 5.3.24903.0 DivX-Setup DivX, LLC 01.05.2011 2,20MB 2.5.0.8 Dota 2 11.11.2011 3.006MB DotAlicious Gaming Client 26.12.2010 15,2MB Facebook Video Calling 1.1.1.1 Skype Limited 25.01.2012 3,93MB 1.1.1 Free Audio CD Burner version 1.4.7 DVDVideoSoft Limited. 28.03.2011 2,60MB Free YouTube to MP3 Converter version 3.10.5.722 DVDVideoSoft Limited. 28.07.2011 2,67MB Freecorder 4 Applian Technologies Inc. 28.03.2011 10,8MB 4.12 Freecorder 5 Applian Technologies Inc. 16.09.2011 15,8MB 5.05 Freecorder Toolbar Freecorder 16.09.2011 15,8MB 6.3.3.3 Garena 2010 Garena Online Pte Ltd. 30.12.2010 30,8MB 2010 Google Chrome Google Inc. 10.03.2010 157,9MB 17.0.963.46 Google Earth Google 14.11.2011 92,8MB 6.1.0.5001 GTA San Andreas Rockstar Games 25.07.2010 4.811MB 1.00.00001 HSPA USB MODEM Alcatel 04.01.2010 4,54MB ITECIR Driver ITE 14.08.2008 1,82MB 1.00.000 iTunes Apple Inc. 13.12.2011 169,6MB 10.5.2.11 Java(TM) 6 Update 29 Sun Microsystems, Inc. 13.12.2009 95,0MB 6.0.290 JMB36X Raid Configurer JMICRON Technology Corp. 14.08.2008 2,26MB 1.00.0000 LightScribe System Software 1.12.37.1 LightScribe 14.08.2008 20,9MB 1.12.37.1 Malwarebytes Anti-Malware Version 1.60.1.1000 Malwarebytes Corporation 14.02.2012 11,5MB 1.60.1.1000 <---unnötig ManyCam 2.6.55 (remove only) ManyCam LLC 10.09.2011 14,6MB 2.6.55 Microsoft .NET Framework 3.5 SP1 Microsoft Corporation 08.09.2010 28,0MB Microsoft Office Live Add-in 1.3 Microsoft Corporation 25.01.2010 0,48MB 2.0.2313.0 Microsoft Office Outlook Connector Microsoft Corporation 25.01.2010 6,13MB 12.0.6423.1000 Microsoft Silverlight Microsoft Corporation 18.11.2009 14,9MB 3.0.40624.0 Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 26.01.2010 1,74MB 3.1.0000 Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 15.08.2008 2,37MB 8.0.50727.42 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 25.02.2010 0,58MB 9.0.30729 Motorola SM56 Speakerphone Modem 14.08.2008 1,91MB Mozilla Firefox (3.6.26) Mozilla 31.01.2012 31,7MB 3.6.26 (de) NB Probe 14.08.2008 2,76MB Norton Security Scan Symantec Corporation 26.10.2011 12,2MB 3.5.1.8 P4P P4P 14.08.2008 0,75MB 1.0.0.16 PC Connectivity Solution Nokia 08.09.2010 11,0MB 8.47.7.0 PDF24 Creator 3.1.0 PDF24.org 20.06.2011 34,9MB Power2Go CyberLink Corp. 14.08.2008 93,3MB 5.6.3917 Power4Gear eXtreme ATK 14.08.2008 1.00.0014 QuickTime Apple Inc. 16.12.2010 73,7MB 7.69.80.9 RealPlayer RealNetworks 03.11.2011 92,7MB Realtek High Definition Audio Driver Realtek Semiconductor Corp. 14.08.2008 16,0MB 6.0.1.5548 RICOH R5C83x/84x Flash Media Controller Driver Ver.3.52.02 14.08.2008 1,93MB 3.52.02 Samsung Kies Samsung Electronics Co., Ltd. 14.01.2011 160,5MB 2.0.0.11011_16 SAMSUNG USB Driver for Mobile Phones SAMSUNG Electronics Co., Ltd. 14.02.2012 31,8MB 1.3.1800.0 SimCity 4 Deluxe 03.01.2011 1.180MB Skype™ 4.1 Skype Technologies S.A. 02.01.2010 25,0MB 4.1.179 SmsDiscount Finarea S.A. Switzerland 17.11.2009 10,7MB 4.04 build 550 Steam Valve Corporation 12.11.2011 35,5MB 1.0.0.0 Synaptics Pointing Device Driver Synaptics 14.08.2008 13,7MB 10.1.8.0 TeamSpeak 3 Client TeamSpeak Systems GmbH 25.12.2010 29,4MB TeamViewer 6 TeamViewer GmbH 10.05.2011 55,6MB 6.0.10511 TeamViewer 7 TeamViewer 30.12.2011 106,1MB 7.0.12313 Uniblue DriverScanner Uniblue Systems Ltd 05.11.2011 25,9MB 4.0.1.6 Uninstall 1.0.0.1 28.03.2011 17,7MB USB 2.0 1.3M UVC WebCam 14.08.2008 USB MP3 Player WIN98 Drivers 16.01.2010 4,00KB Warcraft III 25.12.2010 1.167MB Warcraft III: All Products 25.12.2010 1.167MB Warkeys 1.18.1.0b 25.12.2010 15,2MB 1.18.1.0b Winamp Nullsoft, Inc 03.11.2011 61,8MB 5.622 Winamp Erkennungs-Plug-in Nullsoft, Inc 03.11.2011 0,15MB 1.0.0.1 Windows Driver Package - ITE Tech.Inc. (itecir) HIDClass (06/20/2007 5.0.0004.2) ITE Tech.Inc. 14.08.2008 06/20/2007 5.0.0004.2 Windows Live Anmelde-Assistent Microsoft Corporation 17.11.2009 1,93MB 5.000.818.5 Windows Live Essentials Microsoft Corporation 20.01.2011 116,8MB 14.0.8117.0416 Windows Live Sync Microsoft Corporation 20.01.2011 2,79MB 14.0.8117.416 Windows Live-Uploadtool Microsoft Corporation 18.11.2009 0,22MB 14.0.8014.1029 Windows Media Player Firefox Plugin Microsoft Corp 10.03.2010 0,29MB 1.0.0.8 Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0) Nokia 08.09.2010 08/22/2008 7.0.0.0 WinFlash 14.08.2008 1,36MB WinRAR 26.12.2009 3,78MB Wireless Console 2 ATK 14.08.2008 1,59MB 2.0.8 |
|
16.02.2012, 15:48
| #10 |
| /// Malware-holic | Ukash-BKA Trojaner - Ransomware dann frag doch den besitzer...
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
16.02.2012, 18:05
| #11 |
| | Ukash-BKA Trojaner - Ransomware Das hätte ich doch schon längst getan wenn ich die Möglichkeit gehabt hätte  Habs aber jetzt nochmal versuhct. Code:
ATTFilter 2007 Microsoft Office system Microsoft Corporation 14.08.2008 1.022MB 12.0.4518.1014 <---- nötig AC3Filter (remove only) 18.11.2009 4,16MB <---- nötig Activation Assistant for the 2007 Microsoft Office suites Microsoft Corporation 14.08.2008 13,5MB <---- nötig Adobe AIR Adobe Systems Incorporated 22.09.2011 30,1MB 2.7.1.19610 <---- nötig Adobe Download Assistant Adobe Systems Incorporated 22.09.2011 2,88MB 1.0.4 <---- nötig Adobe Flash Player 11 ActiveX Adobe Systems Incorporated 20.11.2011 11.1.102.55 <---- nötig Adobe Flash Player 11 Plugin Adobe Systems Incorporated 13.11.2011 11.1.102.55 <---- nötig Adobe Reader 8.1.2 - Deutsch Adobe Systems Incorporated 17.11.2009 99,6MB 8.1.2 <---- nötig Apple Application Support Apple Inc. 13.12.2011 61,2MB 2.1.6 <---- nötig Apple Mobile Device Support Apple Inc. 14.12.2011 24,1MB 4.0.0.97 <---- nötig Apple Software Update Apple Inc. 13.12.2011 2,38MB 2.1.3.127 <---- nötig Ask Toolbar Ask.com 13.09.2011 5,59MB 1.13.1.0 <--- unnötig ASUS CopyProtect ASUS 14.08.2008 5,11MB 1.00.0004 ASUS Data Security Manager ASUS 14.08.2008 4,95MB 1.00.0006 ASUS InstantFun ASUS 14.08.2008 14,6MB 1.0.0015 ASUS LifeFrame3 ASUS 14.08.2008 27,7MB 3.0.6 <----- das ist alles von anfang an drin gewesen ASUS Live Update ASUS 14.08.2008 0,46MB 2.5.6 ASUS MultiFrame 17.11.2009 1,19MB 1.0.0016 ASUS SmartLogon ASUS 14.08.2008 10,5MB 1.0.0004 ASUS Splendid Video Enhancement Technology ASUS 14.08.2008 16,6MB 1.02.0020 ASUS Virtual Camera asus 17.11.2009 2,71MB 1.0.08 Asus_Camera_ScreenSaver ASUS 14.08.2008 2.0.0006 ATI Catalyst Install Manager ATI Technologies, Inc. 14.08.2008 13,9MB 3.0.657.0 ATK Generic Function Service ATK 14.08.2008 0,45MB 1.00.0008 ATK Hotkey ATK 14.08.2008 5,86MB 1.00.0027 ATK Media 14.08.2008 0,63MB ATKOSD2 ATK 14.08.2008 7,38MB 6.64.1.6 Avira AntiVir Personal - Free Antivirus Avira GmbH 24.02.2010 85,5MB Babylon toolbar on IE 05.11.2011 1,75MB <--- unnötig Bonjour Apple Inc. 14.12.2011 1,03MB 3.0.0.10 <--- nötig BurnAware Free 2.4.1 Burnaware Technologies 21.11.2009 16,0MB <--- nötig CCleaner Piriform 15.02.2012 4,24MB 3.15 <--- kommt von dir CDBurnerXP CDBurnerXP 05.11.2011 17,3MB 4.3.9.2762 <--- unnötig ChkMail ChkMail 14.08.2008 0,71MB 2.0.0.16 <---- keine ahnung was das ist Complitly 16.09.2011 0,78MB <--- keine ahnugn was das ist Conduit Engine Conduit Ltd. 16.09.2011 4,28MB <---unnötig CyberLink LabelPrint CyberLink Corp. 14.08.2008 86,4MB 2.0.2830 <--- keine ahnung was das ist devolo Vianect AIR Manager devolo AG 25.03.2011 8,33MB 14.2.51.16 <--- nötig devolo Vianect AIR TV devolo 26.03.2011 1,23MB 5.3.26044.0 <--- nötig Die Gilde Gold Update v. 2.06 <--- unnötig Die Gilde Gold-Edition 23.12.2010 1.000MB <---unnötig DisplayLink Core Software DisplayLink Corp. 25.03.2011 13,8MB 5.3.24903.0 <--- keine ahnugn was das ist DivX-Setup DivX, LLC 01.05.2011 2,20MB 2.5.0.8 <--- nötig Dota 2 11.11.2011 3.006MB <---nötig DotAlicious Gaming Client 26.12.2010 15,2MB <---nötig Facebook Video Calling 1.1.1.1 Skype Limited 25.01.2012 3,93MB 1.1.1 <--- unnötig Free Audio CD Burner version 1.4.7 DVDVideoSoft Limited. 28.03.2011 2,60MB <---- nötig Free YouTube to MP3 Converter version 3.10.5.722 DVDVideoSoft Limited. 28.07.2011 2,67MB <---- nötig Freecorder 4 Applian Technologies Inc. 28.03.2011 10,8MB 4.12 Freecorder 5 Applian Technologies Inc. 16.09.2011 15,8MB 5.05 <--- unnötig Freecorder Toolbar Freecorder 16.09.2011 15,8MB 6.3.3.3 Garena 2010 Garena Online Pte Ltd. 30.12.2010 30,8MB 2010 <--- unnötig Google Chrome Google Inc. 10.03.2010 157,9MB 17.0.963.46 <---nötig Google Earth Google 14.11.2011 92,8MB 6.1.0.5001 <---unnötig GTA San Andreas Rockstar Games 25.07.2010 4.811MB 1.00.00001 <--nötig HSPA USB MODEM Alcatel 04.01.2010 4,54MB <- nötig ITECIR Driver ITE 14.08.2008 1,82MB 1.00.000 <---- keine ahnugn was das ist iTunes Apple Inc. 13.12.2011 169,6MB 10.5.2.11 <- nötig Java(TM) 6 Update 29 Sun Microsystems, Inc. 13.12.2009 95,0MB 6.0.290 <---nötig JMB36X Raid Configurer JMICRON Technology Corp. 14.08.2008 2,26MB 1.00.0000 <--- keine ahnung was das ist LightScribe System Software 1.12.37.1 LightScribe 14.08.2008 20,9MB 1.12.37.1 <--- keine ahnung was das ist Malwarebytes Anti-Malware Version 1.60.1.1000 Malwarebytes Corporation 14.02.2012 11,5MB 1.60.1.1000 <---nötig ManyCam 2.6.55 (remove only) ManyCam LLC 10.09.2011 14,6MB 2.6.55 <---unnötig Microsoft .NET Framework 3.5 SP1 Microsoft Corporation 08.09.2010 28,0MB Microsoft Office Live Add-in 1.3 Microsoft Corporation 25.01.2010 0,48MB 2.0.2313.0 Microsoft Office Outlook Connector Microsoft Corporation 25.01.2010 6,13MB 12.0.6423.1000 <---microsocft zeug ist nötig Microsoft Silverlight Microsoft Corporation 18.11.2009 14,9MB 3.0.40624.0 Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 26.01.2010 1,74MB 3.1.0000 Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 15.08.2008 2,37MB 8.0.50727.42 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 25.02.2010 0,58MB 9.0.30729 <--- unnötig Motorola SM56 Speakerphone Modem 14.08.2008 1,91MB Mozilla Firefox (3.6.26) Mozilla 31.01.2012 31,7MB 3.6.26 (de) NB Probe 14.08.2008 2,76MB <--- keine ahnung was das ist Norton Security Scan Symantec Corporation 26.10.2011 12,2MB 3.5.1.8 <--- keine ahnung was (oder woher) das ist P4P P4P 14.08.2008 0,75MB 1.0.0.16 <--- keine ahnung was das ist PC Connectivity Solution Nokia 08.09.2010 11,0MB 8.47.7.0 <--- keine ahnung was das ist PDF24 Creator 3.1.0 PDF24.org 20.06.2011 34,9MB <----unnötig Power2Go CyberLink Corp. 14.08.2008 93,3MB 5.6.3917 Power4Gear eXtreme ATK 14.08.2008 1.00.0014 <---- gehört glaub ich beides zur grundausstattung QuickTime Apple Inc. 16.12.2010 73,7MB 7.69.80.9 RealPlayer RealNetworks 03.11.2011 92,7MB <---- beide player nötig Realtek High Definition Audio Driver Realtek Semiconductor Corp. 14.08.2008 16,0MB 6.0.1.5548 RICOH R5C83x/84x Flash Media Controller Driver Ver.3.52.02 14.08.2008 1,93MB 3.52.02 <--- keine ahnung was das ist Samsung Kies Samsung Electronics Co., Ltd. 14.01.2011 160,5MB 2.0.0.11011_16 <--- unnötig SAMSUNG USB Driver for Mobile Phones SAMSUNG Electronics Co., Ltd. 14.02.2012 31,8MB 1.3.1800.0 <--- unnötig SimCity 4 Deluxe 03.01.2011 1.180MB <--- keine ahnung was das ist Skype™ 4.1 Skype Technologies S.A. 02.01.2010 25,0MB 4.1.179 SmsDiscount Finarea S.A. Switzerland 17.11.2009 10,7MB 4.04 build 550 <---die 3 nötig Steam Valve Corporation 12.11.2011 35,5MB 1.0.0.0 Synaptics Pointing Device Driver Synaptics 14.08.2008 13,7MB 10.1.8.0 <---- <--- keine ahnung was das ist TeamSpeak 3 Client TeamSpeak Systems GmbH 25.12.2010 29,4MB TeamViewer 6 TeamViewer GmbH 10.05.2011 55,6MB 6.0.10511 <--- teamviewer und teamspeak nötig TeamViewer 7 TeamViewer 30.12.2011 106,1MB 7.0.12313 Uniblue DriverScanner Uniblue Systems Ltd 05.11.2011 25,9MB 4.0.1.6 <--- keine ahnung was das ist Uninstall 1.0.0.1 28.03.2011 17,7MB <--- keine ahnung was das ist USB 2.0 1.3M UVC WebCam 14.08.2008 <--- keine ahnung was das ist USB MP3 Player WIN98 Drivers 16.01.2010 4,00KB <--- keine ahnung was das ist Warcraft III 25.12.2010 1.167MB Warcraft III: All Products 25.12.2010 1.167MB nötig Warkeys 1.18.1.0b 25.12.2010 15,2MB 1.18.1.0b nötig Winamp Nullsoft, Inc 03.11.2011 61,8MB 5.622 nötig Winamp Erkennungs-Plug-in Nullsoft, Inc 03.11.2011 0,15MB 1.0.0.1 ???? Windows Driver Package - ITE Tech.Inc. (itecir) HIDClass (06/20/2007 5.0.0004.2) ITE Tech.Inc. 14.08.2008 06/20/2007 5.0.0004.2 Windows Live Anmelde-Assistent Microsoft Corporation 17.11.2009 1,93MB 5.000.818.5 <---windows zeug? Keine ahung ob ich das brauche Windows Live Essentials Microsoft Corporation 20.01.2011 116,8MB 14.0.8117.0416 Windows Live Sync Microsoft Corporation 20.01.2011 2,79MB 14.0.8117.416 Windows Live-Uploadtool Microsoft Corporation 18.11.2009 0,22MB 14.0.8014.1029 Windows Media Player Firefox Plugin Microsoft Corp 10.03.2010 0,29MB 1.0.0.8 Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0) Nokia 08.09.2010 08/22/2008 7.0.0.0 <--- keine ahnung was das ist WinFlash 14.08.2008 1,36MB <--- keine ahnung was das ist WinRAR 26.12.2009 3,78MB Wireless Console 2 ATK 14.08.2008 1,59MB 2.0.8 <--- keine ahnung was das ist |
|
16.02.2012, 18:32
| #12 |
| /// Malware-holic | Ukash-BKA Trojaner - Ransomware deinstaliere: Adobe Flash Player alle Adobe - Adobe Flash Player installieren neueste version laden adobe reader: Adobe - Adobe Reader herunterladen - Alle Versionen haken bei mcafee security scan raus nehmen bitte auch mal den adobe reader wie folgt konfigurieren: adobe reader öffnen, bearbeiten, voreinstellungen. allgemein: nur zertifizierte zusatz module verwenden, anhaken. internet: hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc. es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht. bei javascript den haken bei java script verwenden raus nehmen bei updater, automatisch instalieren wählen. übernehmen /ok deinstaliere: Ask Babylon CDBurnerXP ChkMail Complitly Conduit CyberLink Die Gilde : alle Freecorder : alle Garena Java Download der kostenlosen Java-Software downloade java jre, instalieren deinstaliere. LightScribe ManyCam Mozilla Firefox öffnen hilfe updaten. deinstaliere: Norton P4P PC Connectivity PDF24 SimCity Uniblue Windows Live : alle, falls alle unnötig öffne otl, bereinigen, neustart öffne CCleaner analysieren, bereinigen neustart, testen ob alles nach wunsch läuft
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
| Themen zu Ukash-BKA Trojaner - Ransomware |
| avira, bka trojaner, durchgeführt, laptop, nichts, ransomware, scan, troja, trojaner, ukash |
Linear-Darstellung
