| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Telekom Brief; Verdacht auf TrojanerWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
08.06.2013, 14:35
| #1 |
 |  Telekom Brief; Verdacht auf Trojaner Hallo Trojaner-Board Gemeinde, ich habe vor einigen Tagen einen Brief von der Telekom erhalten, in der steht, dass mein Internetzugang benutzt wurde um fremde Computer zu hacken. Deswegen wollte ich meinen PC auf Viren und Schädlingsprogramme untersuchen. Nun zu meinem Problem, ich hab leider nicht so viel Ahnung in diesem Bereich. Ich habe gestern mit Malwarebytes schon einmal einen vollständigen Scan durchlaufen lassen. Bei meinem PC wurde eine "Trojan.Spyeye"(C:\Recycle.bin(Trojan.Spyeye)) und zwei "PUP.FakeFlash.Domaiq"(C:\Users\Mui\Downloads\FlashPlayer_V.121027780c.exe und C:\Users\Mui\Downloads\FlashPlayer_V.121048706c.exe) gefunden. Auf dem Laptop wurde nur eine "PUP.Blabbers"(C:\Program Files\BrowserCompanion\BCHelper.exe) gefunden. Ich hoffe, ihr könnt mir dabei helfen. Ein weiteres Problem ist, dass ich einen PC und einen Laptop besitze und ich weiss nicht, auf welchem jetzt eine Spyware drauf ist. Ich hoffe es ist nicht allzu umständlich für euch. hier sind die Log Dateien: Log Datei vom PC: Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.06.07.05 Windows Vista Service Pack 1 x86 NTFS Internet Explorer 8.0.6001.19088 Mui :: MUI-PC [Administrator] 07.06.2013 13:34:58 mbam-log-2013-06-07 (13-34-58).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|F:\|G:\|H:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 352503 Laufzeit: 51 Minute(n), 23 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 1 C:\Recycle.Bin (Trojan.Spyeyes) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateien: 2 C:\Users\Mui\Downloads\FlashPlayer_V.121027780c.exe (PUP.FakeFlash.Domaiq) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Mui\Downloads\FlashPlayer_V.121048706c.exe (PUP.FakeFlash.Domaiq) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.06.07.05 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 FUJITSU :: FUJITSU-PC [Administrator] 7/6/2013 13:39:04 mbam-log-2013-06-07 (13-39-04).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 355263 Laufzeit: 1 Stunde(n), 12 Minute(n), 38 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\Program Files\BrowserCompanion\BCHelper.exe (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) LG Treengo |
|
08.06.2013, 15:45
| #2 |
| /// Malware-holic   | Telekom Brief; Verdacht auf Trojaner Hi,
__________________Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
__________________ |
|
08.06.2013, 16:39
| #3 |
| | Telekom Brief; Verdacht auf Trojaner Vielen Dank für die Antwort!
__________________Da der Inhalt der beiden OTL.txt und Extras.txt zu groß sind für einen Beitrag, muss ich es in zwei Beiträge aufteilen. Ich hoffe, das ist für Sie in Ordnung. PC: OTL.txt Code:
ATTFilter OTL logfile created on: 08.06.2013 17:06:18 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Mui\Desktop Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19088) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,25 Gb Total Physical Memory | 1,62 Gb Available Physical Memory | 49,74% Memory free 6,72 Gb Paging File | 5,35 Gb Available in Paging File | 79,55% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 445,30 Gb Total Space | 306,13 Gb Free Space | 68,75% Space Free | Partition Type: NTFS Drive D: | 20,44 Gb Total Space | 10,37 Gb Free Space | 50,70% Space Free | Partition Type: FAT32 Computer Name: MUI-PC | User Name: Mui | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.06.08 17:03:11 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Mui\Desktop\OTL.exe PRC - [2013.05.23 11:09:59 | 002,827,728 | ---- | M] () -- C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe PRC - [2013.05.12 10:28:13 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2013.05.12 10:27:43 | 000,079,584 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2013.05.12 10:27:36 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2013.05.12 10:27:35 | 000,345,312 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2013.03.08 02:56:38 | 006,727,544 | ---- | M] (PPStream Inc.) -- D:\PPS.tv\PPStream\PPStream.exe PRC - [2013.02.05 17:48:44 | 000,272,248 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee Security Scan\3.0.318\SSScheduler.exe PRC - [2013.01.31 16:10:00 | 000,201,808 | ---- | M] (Somoto) -- C:\Programme\FilesFrog Update Checker\update_checker.exe PRC - [2013.01.23 04:57:34 | 003,682,168 | ---- | M] (PPStream Inc.) -- D:\PPS.tv\PPStream\PPSKernel.exe PRC - [2013.01.18 16:21:02 | 000,873,248 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\NvXDSync.exe PRC - [2013.01.18 16:21:00 | 001,821,984 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvtray.exe PRC - [2013.01.18 08:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2012.06.06 11:41:48 | 001,823,160 | ---- | M] (Bandoo Media, inc) -- C:\Programme\Searchqu Toolbar\Datamngr\datamngrUI.exe PRC - [2011.09.02 23:48:30 | 000,016,384 | ---- | M] () -- C:\Programme\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe PRC - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011.03.24 23:27:38 | 000,273,544 | ---- | M] (RealNetworks, Inc.) -- C:\Programme\Real\RealPlayer\Update\realsched.exe PRC - [2011.01.17 18:50:34 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.exe PRC - [2011.01.17 18:50:34 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.bin PRC - [2009.08.28 11:43:14 | 001,486,848 | R--- | M] (VIA) -- C:\Programme\VIA\VIAudioi\VDeck\VDeck.exe PRC - [2009.03.08 13:34:00 | 000,115,712 | ---- | M] (Microsoft Corporation) -- C:\Programme\Internet Explorer\ielowutil.exe PRC - [2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2008.01.21 04:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe PRC - [2008.01.21 04:24:54 | 000,088,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe PRC - [2008.01.21 04:24:43 | 000,151,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\schtasks.exe PRC - [2008.01.21 04:24:13 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe PRC - [2008.01.21 04:23:29 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe ========== Modules (No Company Name) ========== MOD - [2013.05.23 11:09:59 | 002,827,728 | ---- | M] () -- C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe MOD - [2013.05.23 11:09:01 | 002,521,040 | ---- | M] () -- c:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.dll MOD - [2012.08.27 21:33:32 | 000,087,912 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2012.08.27 21:33:08 | 001,242,512 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2012.02.13 02:37:30 | 000,449,968 | ---- | M] () -- D:\PPS.tv\PPStream\powerlua.dll MOD - [2011.09.02 23:48:30 | 000,143,360 | ---- | M] () -- C:\Programme\Logitech\Desktop Messenger\8876480\6.1.4.36-8876480L\Program\bwfiles.dll MOD - [2011.09.02 23:48:30 | 000,049,152 | ---- | M] () -- C:\Programme\Logitech\Desktop Messenger\8876480\6.1.4.36-8876480L\Program\clntutil.dll MOD - [2011.09.02 23:48:30 | 000,020,480 | ---- | M] () -- C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWfiles-8876480.dll MOD - [2011.09.02 23:48:30 | 000,016,384 | ---- | M] () -- C:\Programme\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe MOD - [2011.07.17 21:32:29 | 000,985,088 | ---- | M] () -- C:\Programme\OpenOffice.org 3\program\libxml2.dll MOD - [2011.05.28 23:04:56 | 000,140,288 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll MOD - [2009.08.28 05:31:08 | 047,628,288 | R--- | M] () -- C:\Programme\VIA\VIAudioi\VDeck\skin.dll MOD - [2009.05.07 10:53:18 | 000,106,496 | R--- | M] () -- C:\Programme\VIA\VIAudioi\VDeck\Dts2ApoApi.dll MOD - [2009.05.07 10:50:46 | 000,073,728 | R--- | M] () -- C:\Programme\VIA\VIAudioi\VDeck\QsApoApi.dll MOD - [2008.02.14 07:57:00 | 000,094,208 | R--- | M] () -- C:\Programme\VIA\VIAudioi\VDeck\VMicApi.dll ========== Services (SafeList) ========== SRV - [2013.05.23 11:09:59 | 002,827,728 | ---- | M] () [Auto | Running] -- C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe -- (BrowserDefendert) SRV - [2013.05.12 10:28:13 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2013.05.12 10:27:36 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2013.02.26 00:22:34 | 001,260,320 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2013.02.05 17:48:00 | 000,235,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Programme\McAfee Security Scan\3.0.318\McCHSvc.exe -- (McComponentHostService) SRV - [2013.01.18 08:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - [2013.05.12 10:28:32 | 000,135,136 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2013.05.12 10:28:32 | 000,084,744 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2013.05.12 10:28:32 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2013.05.12 10:28:32 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2013.02.26 00:22:06 | 008,939,296 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2011.02.23 10:48:36 | 000,122,984 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA) DRV - [2009.08.17 13:17:44 | 001,077,760 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\viahduaa.sys -- (VIAHdAudAddService) DRV - [2009.08.05 08:18:22 | 000,048,640 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1E60x86.sys -- (L1E) DRV - [2006.10.18 07:44:48 | 000,007,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor) DRV - [2002.06.10 08:16:34 | 000,371,766 | ---- | M] (Philips Semiconductors) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CamDrL21.sys -- (PhilCam8116) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=394&systemid=406&sr=0&q={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://www.delta-search.com/?affID=119816&babsrc=HP_ss&mntrId=AA9CBCAEC5D759CF IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.delta-search.com/?affID=119816&babsrc=HP_ss&mntrId=AA9CBCAEC5D759CF IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B5 9F 7F 8F 65 EA CB 01 [binary data] IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKCU\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www.delta-search.com/?q={searchTerms}&affID=119816&babsrc=SP_ss&mntrId=AA9CBCAEC5D759CF IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7RNRN_de IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=394&systemid=406&sr=0&q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost;*.local ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@qq.com/npqscall: C:\Program Files\Common Files\Tencent\NPQSCALL\npqscall.dll (Tencent) FF - HKLM\Software\MozillaPlugins\@qq.com/TXSSO: C:\Program Files\Common Files\Tencent\TXSSO\1.2.1.38\Bin\npSSOAxCtrlForPTLogin.dll () FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.633: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.633: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.633: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.633: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Mui\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Mui\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011.03.24 23:27:47 | 000,000,000 | ---D | M] [2013.06.08 17:01:59 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions ========== Chrome ========== CHR - default_search_provider: () CHR - default_search_provider: search_url = CHR - default_search_provider: suggest_url = CHR - homepage: hxxp://www.delta-search.com/?affID=119816&babsrc=HP_ss&mntrId=AA9CBCAEC5D759CF CHR - Extension: No name found = C:\Users\Mui\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde\1.4_0\ CHR - Extension: No name found = C:\Users\Mui\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.3_0\ O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Programme\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (Adblock IE) - {667BEE43-20BD-4CE3-94AC-E63E04D4B191} - C:\Programme\MGTEK\Adblock IE\adblockie.dll (MGTEK) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Programme\Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll () O2 - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Programme\Searchqu Toolbar\Datamngr\BrowserConnection.dll (Bandoo Media, inc) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.) O2 - BHO: (delta Helper Object) - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Programme\Delta\delta\1.8.21.5\bh\delta.dll (Delta-search.com) O3 - HKLM\..\Toolbar: (Delta Toolbar) - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Programme\Delta\delta\1.8.21.5\deltaTlbr.dll (Delta-search.com) O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Programme\Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll () O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [DATAMNGR] C:\Programme\Searchqu Toolbar\Datamngr\datamngrUI.exe (Bandoo Media, inc) O4 - HKLM..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe (VIA) O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [Ehycex] C:\Users\Mui\AppData\Roaming\Azgiqy\ulofa.exe (Sysinternals - www.sysinternals.com) O4 - HKCU..\Run: [Facebook Update] C:\Users\Mui\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) O4 - HKCU..\Run: [LDM] C:\Programme\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe () O4 - HKCU..\Run: [Pando Media Booster] C:\Programme\Pando Networks\Media Booster\PMB.exe () O4 - HKCU..\Run: [PPS Accelerator] D:\PPS.tv\PPStream\PPSKernel.exe (PPStream Inc.) O4 - HKCU..\Run: [SDP] C:\Program Files\FilesFrog Update Checker\update_checker.exe (Somoto) O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [awde7zip22994] File not found O4 - Startup: C:\Users\Mui\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Mui\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: pps.tv ([]http in Trusted sites) O15 - HKCU\..Trusted Domains: ppstream.com ([]http in Trusted sites) O15 - HKCU\..Trusted Domains: webscache.com ([]http in Trusted sites) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33) O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C52ABCC1-6FB8-4295-AB3D-65F69F759300}: DhcpNameServer = 192.168.2.1 O20 - AppInit_DLLs: (c:\progra~2\browse~1\261339~1.144\{c16c1~1\browse~1.dll) - c:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.dll () O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files\Google\Chrome\Application\27.0.1453.110\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2013.06.08 17:03:09 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Mui\Desktop\OTL.exe [2013.06.08 17:02:19 | 000,000,000 | ---D | C] -- C:\Users\Mui\Local Settings [2013.06.08 17:02:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip [2013.06.08 17:02:17 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip [2013.06.08 17:02:15 | 000,000,000 | ---D | C] -- C:\Windows\System32\searchplugins [2013.06.08 17:02:15 | 000,000,000 | ---D | C] -- C:\Windows\System32\Extensions [2013.06.08 17:02:14 | 000,000,000 | ---D | C] -- C:\Users\Mui\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserDefender [2013.06.08 17:02:08 | 000,000,000 | ---D | C] -- C:\ProgramData\BrowserDefender [2013.06.08 17:02:04 | 000,000,000 | ---D | C] -- C:\Users\Mui\AppData\Roaming\BabSolution [2013.06.08 17:01:59 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2013.06.08 17:01:59 | 000,000,000 | ---D | C] -- C:\Users\Mui\AppData\Roaming\Delta [2013.06.08 17:01:59 | 000,000,000 | ---D | C] -- C:\Program Files\Delta [2013.06.08 17:01:41 | 000,000,000 | ---D | C] -- C:\Users\Mui\AppData\Roaming\Babylon [2013.06.08 17:01:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon [2013.06.08 17:01:39 | 000,000,000 | ---D | C] -- C:\Users\Mui\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FilesFrog Update Checker [2013.06.08 17:01:39 | 000,000,000 | ---D | C] -- C:\Program Files\FilesFrog Update Checker [2013.06.07 13:30:47 | 000,000,000 | ---D | C] -- C:\Users\Mui\AppData\Roaming\Malwarebytes [2013.06.07 13:30:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.06.07 13:30:40 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2013.06.07 13:30:40 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2013.06.07 13:30:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.05.12 10:40:38 | 000,000,000 | ---D | C] -- C:\Users\Mui\AppData\Roaming\Avira [2013.05.12 10:35:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2013.05.12 10:34:40 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys [2013.05.12 10:34:39 | 000,135,136 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys [2013.05.12 10:34:39 | 000,084,744 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys [2013.05.12 10:34:39 | 000,037,352 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys [2013.05.12 10:33:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2013.05.12 10:33:43 | 000,000,000 | ---D | C] -- C:\Program Files\Avira [2012.10.04 21:19:04 | 078,545,304 | ---- | C] (Apple Inc.) -- C:\Users\Mui\iTunesSetup.exe [2011.10.10 20:13:36 | 029,363,192 | ---- | C] (TeamSpeak Systems GmbH) -- C:\Users\Mui\TeamSpeak3-Client-win32-3.0.1.exe [2011.09.02 23:36:08 | 000,493,520 | ---- | C] (Facebook Inc.) -- C:\Users\Mui\FacebookVideoCallSetup_v1.2.203.0.exe [2011.08.31 13:37:35 | 004,179,293 | ---- | C] (Lavalys, Inc. ) -- C:\Users\Mui\everesthome220.exe ========== Files - Modified Within 30 Days ========== [2013.06.08 17:03:11 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Mui\Desktop\OTL.exe [2013.06.08 17:01:39 | 000,000,966 | ---- | M] () -- C:\Users\Mui\Desktop\Check for Updates.lnk [2013.06.08 16:33:00 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.06.08 16:06:22 | 000,003,760 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2013.06.08 16:06:22 | 000,003,760 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2013.06.08 15:20:29 | 000,617,844 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.06.08 15:20:29 | 000,595,798 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.06.08 15:20:29 | 000,125,824 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.06.08 15:20:29 | 000,103,872 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.06.08 14:46:01 | 000,001,130 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1981867468-2835684101-309093867-1000UA.job [2013.06.08 08:46:05 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1981867468-2835684101-309093867-1000Core.job [2013.06.08 08:06:25 | 000,001,088 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.06.08 08:06:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.06.08 08:06:17 | 3488,800,768 | -HS- | M] () -- C:\hiberfil.sys [2013.06.07 23:13:20 | 000,015,360 | ---- | M] () -- C:\Users\Mui\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2013.06.07 22:50:29 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{C2618CAF-3356-4046-B5FE-FBFA09391981}.job [2013.06.07 13:30:41 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.06.06 19:37:29 | 000,001,971 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2013.05.12 10:35:00 | 000,001,847 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2013.05.12 10:28:32 | 000,135,136 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys [2013.05.12 10:28:32 | 000,084,744 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys [2013.05.12 10:28:32 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys [2013.05.12 10:28:32 | 000,028,520 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys ========== Files Created - No Company Name ========== [2013.06.08 17:01:39 | 000,000,966 | ---- | C] () -- C:\Users\Mui\Desktop\Check for Updates.lnk [2013.06.07 13:30:41 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.05.12 10:35:00 | 000,001,847 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2012.09.08 16:45:52 | 000,035,013 | ---- | C] () -- C:\Users\Mui\booking_20120908-00223[1].pdf [2011.11.02 20:46:40 | 001,531,359 | ---- | C] () -- C:\Users\Mui\wrar401d.exe [2011.10.12 23:23:47 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI [2011.09.03 00:03:39 | 000,005,187 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini [2011.09.02 23:48:30 | 000,081,920 | R--- | C] () -- C:\Windows\bwUnin-6.1.4.36-8876480L.exe [2011.09.02 22:31:10 | 018,460,672 | ---- | C] () -- C:\Users\Mui\SkypeSetup_5.5.0.115.msi [2011.08.05 21:18:59 | 000,001,670 | ---- | C] () -- C:\Users\Mui\League of Legends spielen .lnk [2011.07.27 22:13:51 | 001,264,480 | ---- | C] () -- C:\Users\Mui\CHECK24_Anfahrtsbeschreibung_klein.pdf [2011.07.17 22:17:55 | 001,152,079 | ---- | C] () -- C:\Users\Mui\Berwerbung Ka-Wai Lung bei Check 24.zip [2011.07.17 21:27:04 | 168,166,968 | ---- | C] () -- C:\Users\Mui\OOo_3.3.0_Win_x86_install-wJRE_de.exe [2011.06.23 11:55:56 | 000,015,360 | ---- | C] () -- C:\Users\Mui\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.04.20 16:09:55 | 000,000,774 | ---- | C] () -- C:\Users\Mui\Little Fighter 2.lnk [2011.03.18 21:28:05 | 000,009,944 | ---- | C] () -- C:\Users\Mui\AppData\Local\d3d9caps.dat [2011.01.19 13:34:42 | 003,003,392 | ---- | C] () -- C:\Users\Mui\openofficeorg33.msi [2011.01.19 13:33:04 | 000,475,016 | ---- | C] () -- C:\Users\Mui\setup.exe [2011.01.19 13:30:10 | 142,700,671 | ---- | C] () -- C:\Users\Mui\openofficeorg1.cab ========== ZeroAccess Check ========== [2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2011.01.21 17:46:32 | 011,582,464 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.03.03 06:36:24 | 000,615,424 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2008.01.21 04:24:03 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2013.02.09 17:44:25 | 000,000,000 | ---D | M] -- C:\Users\Mui\AppData\Roaming\Audacity [2013.05.18 10:03:21 | 000,000,000 | ---D | M] -- C:\Users\Mui\AppData\Roaming\Avygz [2013.04.29 18:11:05 | 000,000,000 | ---D | M] -- C:\Users\Mui\AppData\Roaming\Azgiqy [2013.06.08 17:02:05 | 000,000,000 | ---D | M] -- C:\Users\Mui\AppData\Roaming\BabSolution [2013.06.08 17:01:41 | 000,000,000 | ---D | M] -- C:\Users\Mui\AppData\Roaming\Babylon [2013.06.08 17:01:59 | 000,000,000 | ---D | M] -- C:\Users\Mui\AppData\Roaming\Delta [2012.10.17 21:17:29 | 000,000,000 | ---D | M] -- C:\Users\Mui\AppData\Roaming\DVDVideoSoft [2012.10.17 21:17:17 | 000,000,000 | ---D | M] -- C:\Users\Mui\AppData\Roaming\DVDVideoSoftIEHelpers [2013.05.16 19:32:33 | 000,000,000 | ---D | M] -- C:\Users\Mui\AppData\Roaming\Ebuto [2013.04.28 08:58:01 | 000,000,000 | ---D | M] -- C:\Users\Mui\AppData\Roaming\Gymyo [2011.08.05 22:20:36 | 000,000,000 | ---D | M] -- C:\Users\Mui\AppData\Roaming\LolClient [2013.04.28 22:33:54 | 000,000,000 | ---D | M] -- C:\Users\Mui\AppData\Roaming\Maawq [2011.04.12 23:10:48 | 000,000,000 | ---D | M] -- C:\Users\Mui\AppData\Roaming\NJStar [2012.10.17 21:16:54 | 000,000,000 | ---D | M] -- C:\Users\Mui\AppData\Roaming\OpenCandy [2011.07.17 21:36:30 | 000,000,000 | ---D | M] -- C:\Users\Mui\AppData\Roaming\OpenOffice.org [2013.06.08 12:56:46 | 000,000,000 | ---D | M] -- C:\Users\Mui\AppData\Roaming\PPStream [2011.03.25 12:45:59 | 000,000,000 | ---D | M] -- C:\Users\Mui\AppData\Roaming\Tencent [2011.10.12 20:21:16 | 000,000,000 | ---D | M] -- C:\Users\Mui\AppData\Roaming\TS3Client [2012.10.17 21:18:18 | 000,000,000 | ---D | M] -- C:\Users\Mui\AppData\Roaming\TuneUp Software [2013.04.24 08:49:48 | 000,000,000 | ---D | M] -- C:\Users\Mui\AppData\Roaming\Uwtapo [2013.05.03 08:09:30 | 000,000,000 | ---D | M] -- C:\Users\Mui\AppData\Roaming\Viegr [2013.05.20 18:30:44 | 000,000,000 | ---D | M] -- C:\Users\Mui\AppData\Roaming\Xuqile [2013.04.29 18:11:05 | 000,000,000 | ---D | M] -- C:\Users\Mui\AppData\Roaming\Yhdyx ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2011.03.18 21:28:20 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2011.03.18 21:19:50 | 000,000,000 | -HSD | M] -- C:\Boot [2006.11.02 15:02:03 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2011.03.18 21:26:37 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2012.10.17 21:17:05 | 000,000,000 | ---D | M] -- C:\Free YouTube to MP3 Converter [2011.03.18 21:41:56 | 000,000,000 | ---D | M] -- C:\Intel [2008.01.21 04:32:31 | 000,000,000 | ---D | M] -- C:\PerfLogs [2013.04.09 22:54:04 | 000,000,000 | ---D | M] -- C:\PPSDownload [2013.06.08 12:56:49 | 000,000,000 | ---D | M] -- C:\ppsvodcache [2013.06.08 17:02:17 | 000,000,000 | R--D | M] -- C:\Program Files [2013.06.08 17:02:08 | 000,000,000 | -H-D | M] -- C:\ProgramData [2011.03.18 21:26:37 | 000,000,000 | -HSD | M] -- C:\Programme [2011.08.05 21:15:01 | 000,000,000 | ---D | M] -- C:\Riot Games [2013.06.08 17:08:17 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2013.04.12 23:43:03 | 000,000,000 | ---D | M] -- C:\temp [2011.08.31 23:02:12 | 000,000,000 | R--D | M] -- C:\Users [2013.04.13 00:09:44 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < C:\Windows\system32\*.tsp > [2006.11.02 11:44:49 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp [2006.11.02 11:44:49 | 000,038,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp [2006.11.02 11:44:49 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp [2006.11.02 11:44:49 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp [2008.01.21 04:24:48 | 000,280,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp [2006.11.02 15:01:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT [2006.11.02 15:01:49 | 000,032,510 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2011.03.24 23:28:01 | 000,001,088 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job [2011.03.24 23:28:04 | 000,001,092 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job [2011.08.06 21:09:29 | 000,000,418 | -H-- | C] () -- C:\Windows\Tasks\User_Feed_Synchronization-{C2618CAF-3356-4046-B5FE-FBFA09391981}.job [2011.09.02 23:36:16 | 000,001,108 | ---- | C] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1981867468-2835684101-309093867-1000Core.job [2011.09.02 23:36:17 | 000,001,130 | ---- | C] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1981867468-2835684101-309093867-1000UA.job < MD5 for: AGP440.SYS > [2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys [2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys [2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys [2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys [2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys < MD5 for: ATAPI.SYS > [2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\SoftwareDistribution\Download\bcfed137e95e2bc1b83ef80262a82b16\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys [2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\drivers\atapi.sys [2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys [2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys [2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys < MD5 for: CNGAUDIT.DLL > [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll < MD5 for: EXPLORER.EXE > [2008.10.29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe [2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\explorer.exe [2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe [2008.10.30 05:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SoftwareDistribution\Download\bcfed137e95e2bc1b83ef80262a82b16\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe [2008.10.28 04:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe [2008.01.21 04:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe < MD5 for: IASTORV.SYS > [2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys [2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys [2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys [2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SoftwareDistribution\Download\bcfed137e95e2bc1b83ef80262a82b16\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll [2008.01.21 04:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\System32\netlogon.dll [2008.01.21 04:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll < MD5 for: NVSTOR.SYS > [2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys [2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys [2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys [2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys < MD5 for: SCECLI.DLL > [2008.01.21 04:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\System32\scecli.dll [2008.01.21 04:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll [2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SoftwareDistribution\Download\bcfed137e95e2bc1b83ef80262a82b16\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll < MD5 for: USER32.DLL > [2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\SoftwareDistribution\Download\bcfed137e95e2bc1b83ef80262a82b16\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll [2008.01.21 04:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll [2008.01.21 04:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll < MD5 for: USERINIT.EXE > [2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe [2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe < MD5 for: WINLOGON.EXE > [2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SoftwareDistribution\Download\bcfed137e95e2bc1b83ef80262a82b16\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2013.04.04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\System32\winlogon.exe [2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < MD5 for: WS2IFSL.SYS > [2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys [2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > [2008.01.21 05:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV [2008.01.21 05:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV [2008.01.21 05:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV [2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV [2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV < %systemroot%\system32\*.dll /lockedfiles > [2009.03.08 13:31:42 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtmsft.dll [2009.03.08 13:31:37 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtrans.dll < %USERPROFILE%\*.* > [2011.07.17 22:18:03 | 001,152,079 | ---- | M] () -- C:\Users\Mui\Berwerbung Ka-Wai Lung bei Check 24.zip [2012.09.08 16:45:52 | 000,035,013 | ---- | M] () -- C:\Users\Mui\booking_20120908-00223[1].pdf [2011.07.27 22:14:03 | 001,264,480 | ---- | M] () -- C:\Users\Mui\CHECK24_Anfahrtsbeschreibung_klein.pdf [2011.08.31 13:37:49 | 004,179,293 | ---- | M] (Lavalys, Inc. ) -- C:\Users\Mui\everesthome220.exe [2011.09.02 23:36:12 | 000,493,520 | ---- | M] (Facebook Inc.) -- C:\Users\Mui\FacebookVideoCallSetup_v1.2.203.0.exe [2012.10.04 21:19:05 | 078,545,304 | ---- | M] (Apple Inc.) -- C:\Users\Mui\iTunesSetup.exe [2011.08.05 21:18:59 | 000,001,670 | ---- | M] () -- C:\Users\Mui\League of Legends spielen .lnk [2011.04.20 16:09:55 | 000,000,774 | ---- | M] () -- C:\Users\Mui\Little Fighter 2.lnk [2013.06.08 17:13:45 | 003,407,872 | -HS- | M] () -- C:\Users\Mui\NTUSER.DAT [2013.06.08 17:13:44 | 000,262,144 | -H-- | M] () -- C:\Users\Mui\ntuser.dat.LOG1 [2011.03.18 21:28:05 | 000,000,000 | -H-- | M] () -- C:\Users\Mui\ntuser.dat.LOG2 [2013.06.07 23:27:11 | 000,065,536 | -HS- | M] () -- C:\Users\Mui\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf [2013.06.07 23:27:11 | 000,524,288 | -HS- | M] () -- C:\Users\Mui\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms [2012.12.04 09:59:21 | 000,524,288 | -HS- | M] () -- C:\Users\Mui\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms [2011.03.18 21:28:05 | 000,000,020 | -HS- | M] () -- C:\Users\Mui\ntuser.ini [2011.07.17 21:27:05 | 168,166,968 | ---- | M] () -- C:\Users\Mui\OOo_3.3.0_Win_x86_install-wJRE_de.exe [2011.01.19 13:30:10 | 142,700,671 | ---- | M] () -- C:\Users\Mui\openofficeorg1.cab [2011.01.19 13:34:42 | 003,003,392 | ---- | M] () -- C:\Users\Mui\openofficeorg33.msi [2011.01.19 13:33:04 | 000,475,016 | ---- | M] () -- C:\Users\Mui\setup.exe [2011.09.02 22:31:10 | 018,460,672 | ---- | M] () -- C:\Users\Mui\SkypeSetup_5.5.0.115.msi [2011.10.10 20:13:36 | 029,363,192 | ---- | M] (TeamSpeak Systems GmbH) -- C:\Users\Mui\TeamSpeak3-Client-win32-3.0.1.exe [2011.11.02 20:46:45 | 001,531,359 | ---- | M] () -- C:\Users\Mui\wrar401d.exe < %USERPROFILE%\Local Settings\Temp\*.exe > < %USERPROFILE%\Local Settings\Temp\*.dll > < %USERPROFILE%\Application Data\*.exe > < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16 < > < End of report > Code:
ATTFilter OTL Extras logfile created on: 08.06.2013 17:06:18 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Mui\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,25 Gb Total Physical Memory | 1,62 Gb Available Physical Memory | 49,74% Memory free
6,72 Gb Paging File | 5,35 Gb Available in Paging File | 79,55% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 445,30 Gb Total Space | 306,13 Gb Free Space | 68,75% Space Free | Partition Type: NTFS
Drive D: | 20,44 Gb Total Space | 10,37 Gb Free Space | 50,70% Space Free | Partition Type: FAT32
Computer Name: MUI-PC | User Name: Mui | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02E72166-D3DD-4513-A37D-6F76A811C9C2}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{03BBE0F9-E66A-42D6-9BAB-637A60E2EB1C}" = dir=in | app=d:\pps.tv\ppsgame\updater.exe |
"{085E7FF6-89D1-4148-8574-63EC74C2B1B0}" = protocol=6 | dir=in | app=c:\program files\tencent\qqintl\bin\auclt.exe |
"{1E54B754-DC8E-4393-9C02-117BAEC59E94}" = dir=in | app=c:\users\mui\appdata\roaming\ppstream\ppsupdate.exe |
"{2D9E9D4D-C326-4968-8EB0-348647C2B169}" = dir=in | app=d:\pps.tv\ppsgame\ppsgame.exe |
"{3428B75E-579B-4FA7-9FBC-DD48A48985F8}" = protocol=17 | dir=in | app=d:\pps.tv\ppstream\ppstream.exe |
"{3A65146A-F86F-4EDD-A955-8F16C76A3D4B}" = protocol=17 | dir=in | app=c:\program files\searchqu toolbar\datamngr\toolbar\dtuser.exe |
"{3E83FD96-A2DC-4FF6-83C2-5D60E25A2C39}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{47932D75-D3DB-4595-A25E-73954B5E0EFD}" = protocol=6 | dir=in | app=d:\pps.tv\ppsgame\ppsgame.exe |
"{4897A6DA-A97D-4D28-9B42-2D91B770E409}" = protocol=17 | dir=in | app=c:\program files\world of warcraft\launcher.exe |
"{59A40C6B-A3F0-464D-BD6F-43D69BBAD641}" = protocol=17 | dir=in | app=d:\pps.tv\ppsgame\ppsgame.exe |
"{60CF5D25-3C5C-4B8B-B503-9FE5945D3E70}" = protocol=6 | dir=in | app=d:\pps.tv\ppstream\ppstream.exe |
"{6D9CB6FF-8CFB-4F98-B44F-ECBD9464BF48}" = protocol=17 | dir=in | app=c:\program files\world of warcraft\launcher.patch.exe |
"{724F93FA-FBBF-4750-89EB-C9184ED38BC0}" = protocol=6 | dir=in | app=c:\program files\world of warcraft\launcher.exe |
"{8776E7B3-50D3-475E-B9E7-D57D2590C9E8}" = dir=in | app=d:\pps.tv\ppsgame\ppswebclientgame.exe |
"{A293D0D4-06F2-491F-8ED6-2684D4783E0F}" = protocol=6 | dir=in | app=c:\program files\tencent\qqintl\bin\qq.exe |
"{AAC4CE4A-7701-443C-92E7-F746DECCAE4E}" = dir=in | app=d:\pps.tv\ppstream\ppskernel.exe |
"{AAD55EF2-C634-450D-B0CD-F54303307694}" = protocol=17 | dir=in | app=c:\program files\tencent\qqintl\bin\auclt.exe |
"{B4F3BA99-2AAA-4214-8100-85641CAD25B0}" = protocol=6 | dir=in | app=c:\program files\world of warcraft\launcher.patch.exe |
"{C2B2328E-5748-47EA-9DC4-E5536428FE1F}" = protocol=17 | dir=in | app=c:\program files\tencent\qqintl\bin\qq.exe |
"{CEADC890-45F8-4E1B-91A4-FF57121FEA6E}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{CF8096B9-0816-48D6-A62C-A03D46F6CD58}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{DC07682A-BD21-4A91-9610-F69CE76830B8}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{EAA54763-317F-4FB3-9276-580333D272DA}" = protocol=6 | dir=in | app=c:\program files\tencent\qqintl\bin\txupd.exe |
"{F0675CA8-7322-4994-8808-96231C890BB9}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{F3798E6B-D622-4F4B-A851-BB7C3B758B17}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{F3ADB6D0-9E99-4EDA-9C85-959C7D2D5F11}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{F3BD7D67-4C24-4ECE-A8A4-6B8070A1A23C}" = dir=in | app=c:\users\mui\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{F84CF247-42E4-4955-84D2-895CF520BA3B}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{F9F257B8-75E4-4BE7-8570-09D8C5659833}" = protocol=6 | dir=in | app=c:\program files\searchqu toolbar\datamngr\toolbar\dtuser.exe |
"{FB4A7971-430C-43C6-8B09-9878836EDA3F}" = protocol=17 | dir=in | app=c:\program files\tencent\qqintl\bin\txupd.exe |
"{FBED8A37-002F-4559-B94B-7BB88239E0DD}" = dir=in | app=d:\pps.tv\ppstream\ppstream.exe |
"{FC319A6F-A2FA-4BD5-A2B3-6A2F5665DE29}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"TCP Query User{0086F261-DD58-4083-A9DE-91FCCE712D8B}C:\users\mui\datensicherung\documents\lf2.exe" = protocol=6 | dir=in | app=c:\users\mui\datensicherung\documents\lf2.exe |
"TCP Query User{08887054-8139-4D06-A7D3-93B3CDD8EC07}C:\program files\logitech\desktop messenger\8876480\program\backweb-8876480.exe" = protocol=6 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\backweb-8876480.exe |
"TCP Query User{102E83D2-4F8B-48F5-9456-0E835DCC9C42}C:\users\mui\downloads\r-lf2\r-lf2\lf2.exe" = protocol=6 | dir=in | app=c:\users\mui\downloads\r-lf2\r-lf2\lf2.exe |
"TCP Query User{32B88FF6-38AF-432A-942F-D4D5FF35D017}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{45602BDF-2727-47DD-AD0F-F275DBC9472E}C:\program files\world of warcraft\temp\wow-4.2.0.2552-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\temp\wow-4.2.0.2552-enus-tools-downloader.exe |
"TCP Query User{576B86F5-B270-4814-B85F-AF6A8B9CFD6E}D:\pps.tv\ppstream\ppsap.exe" = protocol=6 | dir=in | app=d:\pps.tv\ppstream\ppsap.exe |
"TCP Query User{5E02096F-55A2-42F9-BA32-940FAB96C40D}C:\program files\world of warcraft\temp\wow-4.2.1.2683-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\temp\wow-4.2.1.2683-enus-tools-downloader.exe |
"TCP Query User{64447110-BFB5-447B-817F-6F0353DF99A1}C:\program files\world of warcraft\temp\wow-4.2.1.2617-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\temp\wow-4.2.1.2617-enus-tools-downloader.exe |
"TCP Query User{6B238FC1-ECB5-4C87-979C-E5AA2D36E045}C:\program files\tencent\qq_en\bin\qq.exe" = protocol=6 | dir=in | app=c:\program files\tencent\qq_en\bin\qq.exe |
"TCP Query User{6C9D6D7C-7B9C-4864-9813-A1DE78E87DC8}C:\program files\logitech\desktop messenger\8876480\program\backweb-8876480.exe" = protocol=6 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\backweb-8876480.exe |
"TCP Query User{73AE9F2C-2050-432E-AF16-E6D5FCF4D2D5}C:\program files\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\backgrounddownloader.exe |
"TCP Query User{8541BB5F-A7AF-450E-ACC0-B14D186B9CA6}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{A8A51FBD-E125-4430-8472-0606E5105166}C:\program files\tencent\qq_en\bin\qq.exe" = protocol=6 | dir=in | app=c:\program files\tencent\qq_en\bin\qq.exe |
"TCP Query User{B7751303-A987-47DA-8E33-B887B56C01A9}D:\pps.tv\ppstream\ppskernel.exe" = protocol=6 | dir=in | app=d:\pps.tv\ppstream\ppskernel.exe |
"TCP Query User{CB3B9B4B-8FB1-41B1-975F-A4B931CA5F11}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"TCP Query User{EB85E72F-8F0C-4060-A56D-1E999730DDB4}C:\program files\world of warcraft\temp\wow-4.2.1.2609-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\temp\wow-4.2.1.2609-enus-tools-downloader.exe |
"TCP Query User{F3EF48A5-05F3-4CA0-855E-AF90A5FF970A}C:\program files\world of warcraft\temp\wow-4.2.1.2685-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\temp\wow-4.2.1.2685-enus-tools-downloader.exe |
"UDP Query User{0542C2D8-C775-40E6-8649-2D62FE423773}C:\program files\logitech\desktop messenger\8876480\program\backweb-8876480.exe" = protocol=17 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\backweb-8876480.exe |
"UDP Query User{06FE0103-F800-410F-8B4A-32FE2BD2FD15}C:\program files\world of warcraft\temp\wow-4.2.1.2609-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\temp\wow-4.2.1.2609-enus-tools-downloader.exe |
"UDP Query User{15E467AF-9587-430D-9EF7-0D5D4FB1A9C4}C:\program files\world of warcraft\temp\wow-4.2.1.2683-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\temp\wow-4.2.1.2683-enus-tools-downloader.exe |
"UDP Query User{227004B6-6FFC-4972-836D-ED7C10071AD6}C:\users\mui\downloads\r-lf2\r-lf2\lf2.exe" = protocol=17 | dir=in | app=c:\users\mui\downloads\r-lf2\r-lf2\lf2.exe |
"UDP Query User{2A6A8ACD-93AC-4F6B-83E2-A2E197C87210}C:\users\mui\datensicherung\documents\lf2.exe" = protocol=17 | dir=in | app=c:\users\mui\datensicherung\documents\lf2.exe |
"UDP Query User{3602C5CB-3372-4711-8777-DC2DA01D585F}C:\program files\world of warcraft\temp\wow-4.2.1.2617-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\temp\wow-4.2.1.2617-enus-tools-downloader.exe |
"UDP Query User{413643D5-AE33-4661-881F-7E407FD32CB5}C:\program files\world of warcraft\temp\wow-4.2.0.2552-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\temp\wow-4.2.0.2552-enus-tools-downloader.exe |
"UDP Query User{617057E2-63FF-496A-ADC4-47C82945E2CD}C:\program files\logitech\desktop messenger\8876480\program\backweb-8876480.exe" = protocol=17 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\backweb-8876480.exe |
"UDP Query User{672A2DEA-E220-411E-8AC6-320C0CCA6A86}C:\program files\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\backgrounddownloader.exe |
"UDP Query User{98CDF29F-18C2-4EE6-BCCE-C3B4249309EB}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{A715CD06-D14F-4946-8CB2-CD8C5F2AE42C}C:\program files\world of warcraft\temp\wow-4.2.1.2685-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\temp\wow-4.2.1.2685-enus-tools-downloader.exe |
"UDP Query User{A9490DBB-47BE-4233-93F4-808EE7F0EFBF}C:\program files\tencent\qq_en\bin\qq.exe" = protocol=17 | dir=in | app=c:\program files\tencent\qq_en\bin\qq.exe |
"UDP Query User{D2C652B1-3432-4A5F-940C-55579630E02C}C:\program files\tencent\qq_en\bin\qq.exe" = protocol=17 | dir=in | app=c:\program files\tencent\qq_en\bin\qq.exe |
"UDP Query User{DD2B4545-FA72-4945-8D8F-068728EB7EB1}D:\pps.tv\ppstream\ppskernel.exe" = protocol=17 | dir=in | app=d:\pps.tv\ppstream\ppskernel.exe |
"UDP Query User{E6C32ED9-8A0A-41F2-B6A0-811456236BD8}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{FB374624-716E-466A-AF2C-E78236B53DB5}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0F6F6876-6334-4977-B5DD-CFC12E193420}" = iTunes
"{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}" = BrowserDefender
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 33
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3CA54984-A14B-42FE-9FF1-7EA90151D725}" = Tencent QQ
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{56D01524-CD68-4576-B1AE-D572E8EAFF3D}" = Adblock IE 2.2
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.0) - Deutsch
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 311.06
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.11.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.1.13.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D4DDFAA1-EC37-4529-AD5B-A433ADE68662}" = Apple Mobile Device Support
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Audacity_is1" = Audacity 2.0.3
"Avira AntiVir Desktop" = Avira Free Antivirus
"bi_uninstaller" = Bundled software uninstaller
"delta" = Delta toolbar
"Delta Chrome Toolbar" = Delta Chrome Toolbar
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"FilesFrog Update Checker" = FilesFrog Update Checker
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.34.1015
"Google Chrome" = Google Chrome
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager
"Little Fighter 2 version 2.0a" = Little Fighter 2 version 2.0a
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"NJStar Communicator" = NJStar Communicator
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"PPSGame" = PPSGame V1.0.2.6
"PPStream" = PPStream V2.7.0.1516 Final
"RealPlayer 12.0" = RealPlayer
"Searchqu Toolbar" = Searchqu Toolbar
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"VLC media player" = VLC media player 0.9.6
"WinRAR archiver" = WinRAR 4.01 (32-Bit)
"World of Warcraft" = World of Warcraft
"YTdetect" = Yahoo! Detect
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"UnityWebPlayer" = Unity Web Player
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 27.03.2012 10:23:20 | Computer Name = Mui-PC | Source = WinMgmt | ID = 10
Description =
Error - 27.03.2012 12:30:05 | Computer Name = Mui-PC | Source = WinMgmt | ID = 10
Description =
Error - 27.03.2012 15:13:00 | Computer Name = Mui-PC | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 8.0.6001.19088 arbeitet nicht mehr
mit Windows zusammen und wurde beendet. überprüfen Sie den Problemverlauf im Applet
"L?sungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen
über das Problem zu suchen. Prozess-ID: 1648 Anfangszeit: 01cd0c3c952d6aa5 Zeitpunkt
der Beendigung: 17
Error - 27.03.2012 18:04:07 | Computer Name = Mui-PC | Source = WinMgmt | ID = 10
Description =
Error - 28.03.2012 02:27:48 | Computer Name = Mui-PC | Source = WinMgmt | ID = 10
Description =
Error - 28.03.2012 11:01:38 | Computer Name = Mui-PC | Source = WinMgmt | ID = 10
Description =
Error - 28.03.2012 18:02:09 | Computer Name = Mui-PC | Source = WinMgmt | ID = 10
Description =
Error - 29.03.2012 02:25:29 | Computer Name = Mui-PC | Source = WinMgmt | ID = 10
Description =
Error - 29.03.2012 10:31:08 | Computer Name = Mui-PC | Source = WinMgmt | ID = 10
Description =
Error - 29.03.2012 12:40:35 | Computer Name = Mui-PC | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 07.06.2013 08:43:46 | Computer Name = Mui-PC | Source = DCOM | ID = 10010
Description =
Error - 07.06.2013 09:17:25 | Computer Name = Mui-PC | Source = HTTP | ID = 15016
Description =
Error - 07.06.2013 09:20:19 | Computer Name = Mui-PC | Source = Service Control Manager | ID = 7038
Description =
Error - 07.06.2013 09:20:19 | Computer Name = Mui-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 07.06.2013 16:46:41 | Computer Name = Mui-PC | Source = HTTP | ID = 15016
Description =
Error - 07.06.2013 16:49:53 | Computer Name = Mui-PC | Source = Service Control Manager | ID = 7038
Description =
Error - 07.06.2013 16:49:53 | Computer Name = Mui-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 08.06.2013 02:06:23 | Computer Name = Mui-PC | Source = HTTP | ID = 15016
Description =
Error - 08.06.2013 02:09:07 | Computer Name = Mui-PC | Source = Service Control Manager | ID = 7038
Description =
Error - 08.06.2013 02:09:07 | Computer Name = Mui-PC | Source = Service Control Manager | ID = 7000
Description =
< End of report >
|
|
08.06.2013, 16:42
| #4 |
| | Telekom Brief; Verdacht auf Trojaner Hier sind die OTL.txt und Extras.txt Dateien für den Laptop: OTL.txt Code:
ATTFilter OTL logfile created on: 8/6/2013 17:08:22 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\FUJITSU\Desktop Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000C04 | Country: Hong Kong S.A.R. | Language: ZHH | Date Format: d/M/yyyy 2.95 Gb Total Physical Memory | 1.59 Gb Available Physical Memory | 53.97% Memory free 6.13 Gb Paging File | 4.98 Gb Available in Paging File | 81.32% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 144.61 Gb Total Space | 62.37 Gb Free Space | 43.13% Space Free | Partition Type: NTFS Drive D: | 144.61 Gb Total Space | 144.15 Gb Free Space | 99.68% Space Free | Partition Type: NTFS Computer Name: FUJITSU-PC | User Name: FUJITSU | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013/06/08 17:01:23 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\FUJITSU\Desktop\OTL.exe PRC - [2013/05/29 05:13:51 | 003,918,200 | ---- | M] (PPStream Inc.) -- D:\PPS.tv\PPStream\PPSKernel.exe PRC - [2013/05/28 12:20:33 | 005,496,696 | ---- | M] (PPStream Inc.) -- D:\PPS.tv\PPStream\PPStream.exe PRC - [2013/05/10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2013/05/06 14:06:08 | 000,345,312 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2013/03/27 20:49:01 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2013/03/27 20:48:38 | 000,079,584 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe PRC - [2013/03/27 20:48:35 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2012/12/16 15:37:47 | 000,125,952 | ---- | M] (Yuna Software) -- C:\Program Files\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe PRC - [2009/12/17 18:04:18 | 000,185,640 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe PRC - [2009/04/11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2008/08/19 06:00:09 | 000,013,312 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe PRC - [2008/08/19 05:37:08 | 006,183,456 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2008/07/23 03:51:00 | 000,290,816 | ---- | M] (Vimicro) -- C:\Windows\VM331_STI.EXE PRC - [2008/07/07 01:06:46 | 001,945,688 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImage\TimounterMonitor.exe PRC - [2008/07/07 01:00:50 | 000,148,760 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe PRC - [2008/07/07 01:00:44 | 000,406,808 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe PRC - [2008/07/07 00:57:20 | 001,165,152 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe PRC - [2008/06/30 03:36:44 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint2K\HidFind.exe PRC - [2008/06/03 08:43:18 | 000,131,072 | R--- | M] (FUJITSU LIMITED) -- C:\Program Files\Fujitsu\PSUtility\TrayManager.exe PRC - [2008/05/24 01:07:00 | 000,288,072 | ---- | M] (TOSHIBA CORPORATION.) -- c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe PRC - [2008/05/23 07:54:42 | 000,120,168 | ---- | M] (TOSHIBA CORPORATION) -- c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe PRC - [2008/05/14 03:45:04 | 000,357,704 | ---- | M] (TOSHIBA CORPORATION.) -- c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe PRC - [2008/04/24 22:10:52 | 000,268,840 | ---- | M] (FUJITSU LIMITED) -- C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe PRC - [2008/04/15 08:05:40 | 002,979,144 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe PRC - [2008/04/01 04:08:50 | 000,083,272 | ---- | M] (TOSHIBA CORPORATION.) -- c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe PRC - [2008/02/22 19:33:00 | 000,104,960 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe PRC - [2008/02/06 00:17:24 | 000,047,656 | ---- | M] (.) -- C:\Program Files\Fujitsu\BtnHnd\BtnHndHkb.exe PRC - [2008/02/01 08:35:20 | 000,062,760 | R--- | M] (FUJITSU LIMITED) -- C:\Program Files\Fujitsu\PSUtility\PSUService.exe PRC - [2008/02/01 03:37:40 | 000,088,616 | ---- | M] (FUJITSU LIMITED) -- C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe PRC - [2008/01/21 04:33:00 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe PRC - [2007/09/29 01:03:46 | 000,075,136 | ---- | M] ( TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe PRC - [2007/08/03 00:20:00 | 000,011,264 | ---- | M] (FUJITSU LIMITED) -- C:\Program Files\Fujitsu\updnavi\updnvsrv.exe PRC - [2007/08/03 00:18:00 | 000,167,936 | ---- | M] (FUJITSU LIMITED) -- C:\Program Files\Fujitsu\updnavi\updatenv.exe PRC - [2007/02/06 19:00:12 | 000,068,400 | ---- | M] (FUJITSU LIMITED) -- C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe PRC - [2006/11/07 23:45:38 | 000,097,072 | ---- | M] (FUJITSU LIMITED) -- C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe ========== Modules (No Company Name) ========== MOD - [2012/01/09 20:44:20 | 000,166,912 | ---- | M] () -- C:\Program Files\WinRAR\rarext.dll MOD - [2012/01/08 15:41:12 | 000,093,696 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll MOD - [2011/11/02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011/11/02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2008/07/07 00:19:08 | 000,050,456 | ---- | M] () -- C:\Program Files\Common Files\Acronis\Common\gc.dll MOD - [2005/07/23 06:30:18 | 000,065,536 | ---- | M] () -- C:\Windows\System32\TosCommAPI.dll ========== Services (SafeList) ========== SRV - [2013/05/17 13:02:15 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013/05/16 12:36:02 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013/05/10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2013/03/27 20:49:01 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2013/03/27 20:48:35 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2013/03/01 12:11:32 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012/12/16 15:37:47 | 000,125,952 | ---- | M] (Yuna Software) [Auto | Running] -- C:\Program Files\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe -- (MsgPlusService) SRV - [2009/12/17 18:04:18 | 000,185,640 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5) SRV - [2008/08/19 06:00:09 | 000,013,312 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio) SRV - [2008/07/07 01:00:44 | 000,406,808 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc) SRV - [2008/05/23 07:54:42 | 000,120,168 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service) SRV - [2008/02/22 19:33:00 | 000,104,960 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon) SRV - [2008/02/01 08:35:20 | 000,062,760 | R--- | M] (FUJITSU LIMITED) [Auto | Running] -- C:\Program Files\Fujitsu\PSUtility\PSUService.exe -- (PowerSavingUtilityService) SRV - [2008/01/21 04:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV - [2007/08/03 00:20:00 | 000,011,264 | ---- | M] (FUJITSU LIMITED) [Auto | Running] -- C:\Program Files\Fujitsu\updnavi\updnvsrv.exe -- (UpdateNaviInstallService) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbmdm.sys -- (hwdatacard) DRV - [2013/03/27 20:49:11 | 000,135,136 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2013/03/27 20:49:11 | 000,084,744 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2013/03/27 20:49:11 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2012/08/27 16:50:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009/08/21 01:25:40 | 000,400,864 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\timntr.sys -- (timounter) DRV - [2009/08/21 01:25:40 | 000,120,992 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\snapman.sys -- (snapman) DRV - [2009/08/21 01:25:40 | 000,040,064 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\Windows\System32\drivers\tifsfilt.sys -- (tifsfilter) DRV - [2008/11/11 14:42:00 | 000,024,832 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbmodem.sys -- (USBModem) DRV - [2008/11/11 14:41:00 | 000,019,968 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbdiag.sys -- (UsbDiag) DRV - [2008/11/11 14:41:00 | 000,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbbus.sys -- (usbbus) DRV - [2008/08/19 06:00:09 | 001,203,776 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2008/07/25 07:19:00 | 000,975,616 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vm331avs.sys -- (vm331avs) DRV - [2008/07/01 04:56:12 | 000,917,504 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2008/05/23 12:07:16 | 000,041,856 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfusb.sys -- (Tosrfusb) DRV - [2008/05/14 01:16:06 | 000,064,000 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\tosrfcom.sys -- (Tosrfcom) DRV - [2008/04/24 02:15:26 | 000,131,712 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfbd.sys -- (tosrfbd) DRV - [2008/04/18 15:43:40 | 000,170,032 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService) DRV - [2008/03/25 22:54:02 | 000,041,472 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosporte.sys -- (tosporte) DRV - [2008/03/19 20:38:24 | 000,074,112 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Tosrfhid.sys -- (Tosrfhid) DRV - [2008/01/21 04:32:52 | 000,045,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tpm.sys -- (TPM) DRV - [2007/11/29 18:45:44 | 000,036,608 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfbnp.sys -- (tosrfbnp) DRV - [2007/03/19 09:15:00 | 000,475,136 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vvftav323.sys -- (vvftav323) DRV - [2006/11/02 09:30:52 | 000,030,720 | ---- | M] (SMSC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\smscirda.sys -- (SMSCIRDA) DRV - [2006/11/01 13:59:24 | 000,005,632 | ---- | M] (FUJITSU LIMITED) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\fuj02e3.sys -- (FUJ02E3) DRV - [2006/11/01 13:20:28 | 000,005,888 | ---- | M] (FUJITSU LIMITED) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\fuj02b1.sys -- (FUJ02B1) DRV - [2005/01/07 14:42:00 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfnds.sys -- (tosrfnds) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hk.fujitsu.com/pc IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5} IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://www.plusnetwork.com/?sp=ctbar&q={searchTerms}&dp=MessengerPlus IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hk.fujitsu.com/pc IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.plusnetwork.com/?sp=ctbar&q={searchTerms}&dp=MessengerPlus IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.plusnetwork.com/?sp=ctbar&q={searchTerms}&dp=MessengerPlus IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.plusnetwork.com/?sp=hp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.plusnetwork.com/?sp=ctbar&q={searchTerms}&dp=MessengerPlus IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.plusnetwork.com/?sp=ctbar&q={searchTerms}&dp=MessengerPlus IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://www.plusnetwork.com/?sp=ctbar&q={searchTerms}&dp=MessengerPlus IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{4327FABE-3C22-4689-8DBF-D226CF777FE9}: "URL" = hxxp://plusnetwork.com/?sp=brw&q={searchTerms} IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 172.17.1.5:3128 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.selectedEngine: "Plus! Network" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://de-de.facebook.com/" FF - prefs.js..extensions.enabledAddons: %7B20a82645-c095-46ed-80e3-08825760534b%7D:0.0.0 FF - prefs.js..extensions.enabledAddons: ich%40maltegoetz.de:1.4.8 FF - prefs.js..extensions.enabledAddons: bbrs_002%40blabbers.com:1.0.5 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0 FF - prefs.js..extensions.enabledItems: helperbar@helperbar.com:1.0 FF - prefs.js..extensions.enabledItems: linkuryfirefoxremoteplugin@linkury.com:1.0 FF - prefs.js..extensions.enabledItems: searchrecs@veoh.com:1.5.2 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.5 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..keyword.URL: "hxxp://www.plusnetwork.com/?sp=addr&q=" FF - prefs.js..network.proxy.http: "195.64.196.242" FF - prefs.js..network.proxy.http_port: 3128 FF - prefs.js..network.proxy.no_proxies_on: "localhost, 127.0.0.1, stealthy.co" FF - prefs.js..network.proxy.share_proxy_settings: true FF - prefs.js..network.proxy.type: 2 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}: C:\Program Files\Common Files\DVDVideoSoft\plugins\ff\ [2013/01/19 22:58:55 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/05/17 13:02:04 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/05/17 13:02:04 | 000,000,000 | ---D | M] [2010/01/02 12:48:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\Extensions [2013/05/08 22:34:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\Firefox\Profiles\yywmxr00.default\extensions [2011/12/18 19:12:28 | 000,000,000 | ---D | M] (Browser Companion Helper) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\Firefox\Profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com [2013/04/06 11:29:29 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\Firefox\Profiles\yywmxr00.default\extensions\ich@maltegoetz.de [2012/12/11 23:47:40 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2013/05/08 22:34:12 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011/11/08 13:01:16 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\007e9a9f5b0553de6731549af9d8167d_expire [2012/05/31 12:05:04 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\01e5db4d4b4e067ef2417404c7741115_expire [2013/03/23 22:52:44 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\0324adea3b6ec02af09ea4ae9424591b_expire [2011/11/25 22:46:21 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\035f82295f0ff55a33ccf300bf57631f_expire [2013/02/16 22:40:08 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\0bb66476c57d47d5a6fb7e7674377c0d_expire [2012/05/23 14:36:36 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\102f6f0e8ada94b46176ac3fd91eb694_expire [2013/04/07 23:08:39 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\1048fa0383ec8c1a4365d4bd4fed1de5_expire [2012/05/23 14:10:30 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\1b4f137ffe0d6bcea65e445742e8e685_expire [2012/12/23 14:53:39 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\1b56f16ed9915e2ddbdc7e781b9b40c4_expire [2013/06/07 21:15:16 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\1ba8dcb77ad3084a8e9c7b8837e6b859_expire [2012/05/27 22:18:26 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\1cae717a609d46190f77658ee7768d03_expire [2013/03/10 17:09:30 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\1d8715bd00dbafbff504a0b9666c85e1_expire [2013/06/07 21:15:18 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\1dd4a0fdeff86d7113af5bf9018092d1_expire [2013/02/16 22:40:09 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\21a6fdff5cdeec15248bec4975ed92cb_expire [2012/07/02 22:25:00 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\21d2bb231d3c04f5b6434220b2b1cb9e_expire [2013/06/07 21:15:16 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\2328e1768b820b18ab2f301c9ff88e2c_expire [2013/06/07 21:15:17 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\24779e9d2de93d13d7e07b527a1684d4_expire [2012/07/10 11:25:23 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\24aabe24d9b7b4a445fe1ddff60ce74d_expire [2013/05/16 21:24:26 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\277a8fa54e28ecd52962c65ae09f7923_expire [2013/04/30 20:45:46 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\27995a315232c8f0f18115234b83c42a_expire [2012/05/27 22:18:26 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\2800659db32f1a307bd9575f27a4bce9_expire [2013/03/25 23:35:16 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\292124057d00cb0fa73db6b90d079658_expire [2011/12/19 21:33:51 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\295cc53b8adc91e6b0dcd86f727c138a_expire [2013/06/08 16:59:45 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\29885a00fc20421354db5b581d6fb9c7_expire [2013/02/20 00:05:29 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\2a86ac4f3322238b4f27d14a09839275_expire [2012/05/23 14:08:28 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\2c53d289972e69e7e81577c21fdd593b_expire [2013/06/08 16:59:45 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\2e699bb621ffe89ade68eaef9df0d2d9_expire [2012/08/11 22:09:20 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\2e74403c227112bec523796d5a77d77e_expire [2012/07/08 15:44:11 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\2f69b14b68c25849cfb7abc31c5355f8_expire [2012/12/19 21:39:31 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\3023ea304694934d7ae4a2980eb93de4_expire [2013/06/07 21:15:17 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\35be5402f067ffc68e907e81a84fb1f3_expire [2013/04/20 11:05:16 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\38126fd00e0eb9d5ca912a5939b4755d_expire [2012/08/17 16:57:32 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\3b507b6d0186efd3615b9b9233c5f708_expire [2013/04/07 20:15:23 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\3d7ac6206caeabc3e5955ad4ede73a32_expire [2012/06/06 23:41:52 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\3ee6bbef623a0ac7077352d3a4953dd7_expire [2012/07/08 15:44:11 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\409dc4ca65bcc01439d855c7dd3360ea_expire [2012/10/30 22:56:05 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\40e3ea44623e1e5db2de1acdf7eb2f8a_expire [2012/07/09 11:34:10 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\47c8e93101435074defa1a58122ad1c7_expire [2012/05/20 22:50:16 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\4870f5baa646c6a601303fa8f1dad6ef_expire [2012/08/28 15:58:07 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\4ad053d40dfa5cab7948e9251df6e3d9_expire [2013/06/02 00:20:08 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\4d3d10bd28ff623813254a49b26be41f_expire [2012/09/04 18:21:54 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\4ee61aeb9faeedf9f688a467a779ea96_expire [2013/05/19 20:38:12 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\523d7b210506c14afc813021ceca69ca_expire [2013/06/08 12:07:01 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\530e52021dc20843b1aa62957edeb9f8_expire [2012/05/31 12:05:04 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\5417125bc3e532bbf6507d4c7d8ac7b0_expire [2013/06/08 16:59:46 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\5788583a7409be95d97bfac3cdfea8c1_expire [2012/05/20 13:40:30 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\579b035f19e1a0707f0294f32edcfa39_expire [2012/05/23 14:08:28 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\5a8686d61969b81997733c782fc226cf_expire [2013/05/25 00:19:03 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\5c07ce6ac7fa7b9ff2f3fd7a4d77eef8_expire [2013/06/07 21:15:19 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\5cdf8a7ef2ec84abac286c67587b78d9_expire [2013/06/08 16:59:46 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\5da170010c7d60c511b102f5dcf6ae5b_expire [2012/05/23 14:08:28 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\5ed19da221283f299333684825c61a6b_expire [2012/10/20 21:50:35 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\608fb1265439dbf7f648e04f0f11d4c1_expire [2012/09/04 18:21:54 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\61e2ae11ba3d1cbe8887ea80f192e299_expire [2012/11/19 20:01:28 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\667befd0f3f7c8fde6cea034bd9f8e61_expire [2013/01/01 14:14:23 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\6ec88a37be1bea7fa99383e8b8c69afe_expire [2013/01/08 18:58:00 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\719f6985083c6f0c2a8fef7aa1f75d63_expire [2013/04/21 22:50:56 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\72891ec935a3d247f2da6562ef29a005_expire [2012/05/23 14:10:38 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\762f321c310035dacba4539d731284ce_expire [2012/04/10 22:38:45 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\768412a1c6e2f386bd41b5670d561fc4_expire [2012/10/21 21:50:04 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\77f74a3ba17cc6583beabc2a8d7e13db_expire [2012/07/24 17:45:32 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\7acafe2d3e4c14a116bde4e028813ba7_expire [2012/07/11 22:55:20 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\7afc04f75c99af49b833d06743e69768_expire [2013/06/07 01:36:49 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\7c0022298b948a99e406a6310bffea7f_expire [2013/06/07 21:15:17 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\80bdd74895296ba59ed249e55290d5c8_expire [2011/12/21 23:22:34 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\80c56a238c33ccd81d90cbc7939c6c5e_expire [2012/05/31 12:05:04 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\83ed2d62b3629381be4ff461166e8480_expire [2012/04/04 22:12:21 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\845d35a3845a6b81af290ebab09006a3_expire [2012/05/23 14:08:28 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\851bcd2d947640fb66c87aac19054c32_expire [2013/05/18 22:12:18 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\867f10e9a70010ef71d15c41fd2874be_expire [2012/07/11 22:55:20 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\87b21290866cab00a1fea6ecf40c1918_expire [2012/12/17 19:30:17 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\8a8dc36effa0a0300d6fb1a383936a49_expire [2012/05/27 22:18:26 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\8a9418c23c13a5a04c34bec8df5352c8_expire [2013/06/08 16:59:45 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\8f43b50088266b9870b42ce6ef7ffbde_expire [2012/11/27 23:06:28 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\8ffbb13aa6f702b0cafab391f90d1db7_expire [2012/07/09 11:34:10 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\9319bddf873cd62f8c0abd827cc10a6b_expire [2013/01/19 19:13:11 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\955571742befe31f5193475438c5602f_expire [2012/05/23 14:12:40 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\97fc67931046beb0231ce812417f164a_expire [2012/05/31 12:05:04 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\9dc8414e1b352cbe0663cc5f2b2490fb_expire [2013/02/19 17:21:58 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\9ef5e4c08312c8e6d81dfd42b7176e39_expire [2013/04/21 22:50:56 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\a2853631512ec717cfd936b9a1f41b5c_expire [2012/08/02 13:56:30 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\a35ec2adf572a908b47081c94acefc6d_expire [2013/03/25 23:20:59 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\a38dbdd1af07f4236d43e8fd995f57a6_expire [2013/06/04 23:15:59 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\a4978ceb564459d3d64682b37d89bbe3_expire [2013/04/29 19:55:55 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\a7e0abb80dabcdbb6dbaec920aa126a0_expire [2012/07/10 11:25:23 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\acf1266707f20bbb676d16ae40f3f12d_expire [2013/03/09 22:57:28 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\addabc0e1349eebead03532357f33ad8_expire [2013/01/16 23:45:53 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\adf275b6644b3fcac86a14ffe551dede_expire [2013/06/05 21:21:19 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\b1ee91b2ef2163f40d85f38713cdc027_expire [2013/06/08 16:59:46 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\b4e6d346c3e211a88a4175dba0d9e052_expire [2012/08/12 19:57:05 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\b590e59d04fbf1a2e539ed0365d8391a_expire [2012/08/27 15:10:12 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\b5bc7084382de95cb69790e5d10db338_expire [2012/09/05 17:48:31 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\b98ec85a6f6b5dca57a81c971a2ec1f5_expire [2012/07/02 22:25:00 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\bd75b259da6df295d57bcf03a94e1ba6_expire [2013/03/25 23:35:12 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\bf73732e1f0b76bac435293ba3880579_expire [2012/07/24 17:45:32 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\c1c44ca1d695da7ece0f59471a8950a1_expire [2012/06/06 23:41:52 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\c4a4e7d52f3f8044d9a639a16862ea54_expire [2013/06/04 23:15:59 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\c75261e846ce457d11060410767952c4_expire [2012/10/28 13:06:02 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\cbb647c72e5b13b52d1392c603dcfde6_expire [2012/08/19 23:23:20 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\cbb69a449d3e39b3a3781ffb1d7fa52b_expire [2013/06/08 11:06:04 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\cf28706faad49b5cccfc9e9e3ebbd818_expire [2011/10/27 11:46:32 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\cf87db3efc99e942bedf72cf557feabb_expire [2012/05/20 22:50:16 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\d61cdfce7e564c2af9695c5b4da97f80_expire [2013/02/21 14:06:56 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\d6407da917e78b4f045697ed666fbcb9_expire [2013/01/13 23:08:11 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\d6819d73321b1d4654cdce0c282871fd_expire [2012/08/19 23:23:20 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\d6867a63f98943c5d45ac3e1e96e45bb_expire [2012/08/26 15:59:15 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\d83bb387de1d7c4401815e133de06c6b_expire [2012/12/19 21:39:31 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\d89bfd841403290d610bcf662008b443_expire [2012/08/15 19:48:36 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\dc6668d28979688b1e2066d1dcaef0f6_expire [2012/10/30 22:56:05 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\df4525cd4117d8ae1c7453b139759242_expire [2012/09/05 17:48:29 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\e02b35320e5111f1b626466c13c70a0a_expire [2012/05/19 23:15:21 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\e05508e03bf34762151d9d19fffe93df_expire [2011/12/12 12:08:50 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\e0f1337b66f08442c075a4178ef3b007_expire [2012/09/05 17:18:28 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\e2ba8bade2b6471a4e6a9db92b44f5b1_expire [2013/06/08 16:59:46 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\e440d29f88739418e905adc0a155a174_expire [2012/08/25 21:49:13 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\e7215b147326809c45f6cf0952274624_expire [2013/04/07 23:08:39 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\e7d8325da90d91d3c4e7720f0e629e17_expire [2013/06/07 21:15:17 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\e919434ec29526b28593c426e4264271_expire [2012/05/27 22:18:26 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\ea15f46b68de3232a26cfd2fe6a67eb7_expire [2012/11/19 20:01:28 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\ece5f266221b5245c6e3d7e27ddee963_expire [2012/10/21 21:59:07 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\ece71b71690fad200cbed95871ef4bb2_expire [2012/05/31 12:05:04 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\ed0c923c82a39debf5c71d22f5ef3dc7_expire [2013/06/05 21:21:18 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\ee2135fec207a636822e2513020c079a_expire [2011/11/09 13:34:03 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\ef28fe6e4f8adf440e17d86f964a51f0_expire [2011/12/22 23:23:05 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\ef7b33f6a532640a1c82c7aefb7373f0_expire [2013/04/07 13:46:30 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\f03527c67e08602d2e4c18ae7867300d_expire [2013/04/07 20:15:24 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\f1586b879e32b889596b836c8855994f_expire [2012/05/27 22:18:26 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\f7c63b13407f14f24c0e3a83e0b48e5c_expire [2012/05/23 14:08:28 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\f7d063f20a5874a655b5c650c8f266ec_expire [2013/06/02 00:20:07 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\fa74672918974682c82b8d91dfbe0d6b_expire [2012/09/02 15:16:17 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\fb2a2d37c3a5abdb2d5c51d90fdaebc4_expire [2013/04/07 20:15:25 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\fd884a02221ff58a33d44bd2b23a7ab9_expire [2013/06/02 00:20:07 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\ff4d692d5e7cccbc4b3e9ef4062b1c6f_expire [2013/06/05 18:31:13 | 000,000,950 | ---- | M] () -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\searchplugins\icqplugin-1.xml [2010/10/21 14:08:37 | 000,000,950 | ---- | M] () -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\searchplugins\icqplugin-10.xml [2010/10/29 12:30:55 | 000,000,950 | ---- | M] () -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\searchplugins\icqplugin-11.xml [2010/12/12 13:15:21 | 000,000,950 | ---- | M] () -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\searchplugins\icqplugin-12.xml [2011/03/02 12:58:49 | 000,000,950 | ---- | M] () -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\searchplugins\icqplugin-13.xml [2011/03/05 11:53:00 | 000,000,950 | ---- | M] () -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\searchplugins\icqplugin-14.xml [2011/03/24 15:18:15 | 000,000,950 | ---- | M] () -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\searchplugins\icqplugin-15.xml [2011/04/25 15:20:45 | 000,000,950 | ---- | M] () -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\searchplugins\icqplugin-16.xml [2010/03/23 20:35:41 | 000,000,950 | ---- | M] () -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\searchplugins\icqplugin-2.xml [2010/04/02 15:52:27 | 000,000,950 | ---- | M] () -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\searchplugins\icqplugin-3.xml [2010/06/23 21:41:23 | 000,000,950 | ---- | M] () -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\searchplugins\icqplugin-4.xml [2010/06/28 15:58:27 | 000,000,950 | ---- | M] () -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\searchplugins\icqplugin-5.xml [2010/07/22 12:46:35 | 000,000,950 | ---- | M] () -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\searchplugins\icqplugin-6.xml [2010/07/25 12:24:44 | 000,000,950 | ---- | M] () -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\searchplugins\icqplugin-7.xml [2010/09/08 12:49:00 | 000,000,950 | ---- | M] () -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\searchplugins\icqplugin-8.xml [2010/09/18 10:19:52 | 000,000,950 | ---- | M] () -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\searchplugins\icqplugin-9.xml [2010/03/11 17:51:20 | 000,000,958 | ---- | M] () -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\searchplugins\icqplugin.xml [2012/01/06 13:30:27 | 000,002,314 | ---- | M] () -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\searchplugins\Messenger Plus Smartbar Search.xml [2012/01/27 21:43:25 | 000,002,770 | ---- | M] () -- C:\Users\FUJITSU\AppData\Roaming\mozilla\firefox\profiles\yywmxr00.default\searchplugins\Plusnetwork.xml [2013/05/17 13:02:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\browser\extensions [2013/05/17 13:02:17 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2009/11/30 17:11:06 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION ========== Chrome ========== CHR - default_search_provider: Messenger Plus Smartbar Search (Enabled) CHR - default_search_provider: search_url = hxxp://www.plusnetwork.com/?sp=ctbar&q={searchTerms}&dp=MessengerPlus CHR - default_search_provider: suggest_url = CHR - homepage: hxxp://www.plusnetwork.com/?sp=hp/ O1 HOSTS File: ([2006/09/18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O4 - HKLM..\Run: [331BigDog] C:\Windows\VM331_STI.EXE (Vimicro) O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis) O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImage\TimounterMonitor.exe (Acronis) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [FJUPDNV_Chitose] C:\Program Files\Fujitsu\updnavi\updatenv.exe (FUJITSU LIMITED) O4 - HKLM..\Run: [IndicatorUtility] C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe (FUJITSU LIMITED) O4 - HKLM..\Run: [ITSecMng] C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe ( TOSHIBA CORPORATION) O4 - HKLM..\Run: [LoadBtnHnd] C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe (FUJITSU LIMITED) O4 - HKLM..\Run: [LoadFUJ02E3] C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe (FUJITSU LIMITED) O4 - HKLM..\Run: [LoadFujitsuQuickTouch] C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe (FUJITSU LIMITED) O4 - HKLM..\Run: [MessengerPlusForSkypeService] C:\Program Files\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe (Yuna Software) O4 - HKLM..\Run: [PlusService] C:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe (Yuna Software) O4 - HKLM..\Run: [PSUtility] C:\Program Files\Fujitsu\PSUtility\TrayManager.exe (FUJITSU LIMITED) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe (Acronis) O4 - HKLM..\Run: [TvOutSwitch] c:\Program Files\Fujitsu\DispSwitch\DispSwitchLauncher.exe (FUJITSU LIMITED) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [PPS Accelerator] D:\PPS.tv\PPStream\PPSKernel.exe (PPStream Inc.) O4 - Startup: C:\Users\FUJITSU\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PPS.lnk = D:\PPS.tv\PPStream\PPStream.exe (PPStream Inc.) O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Free YouTube to iPhone Converter - C:\Users\FUJITSU\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetoiphoneconverter.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\FUJITSU\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre7\bin\jp2iexp.dll () O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe File not found O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 10.17.2) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{686D1F74-0519-4F9A-A403-2FFF9464FAE8}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\livecall - No CLSID value found O18 - Protocol\Handler\msnim - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\FUJITSU\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\FUJITSU\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O30 - LSA: Authentication Packages - (relog_ap) - C:\Windows\System32\relog_ap.dll (Acronis) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/09/18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{3904ee46-1435-11e1-8ba7-002326650d1f}\Shell - "" = AutoRun O33 - MountPoints2\{3904ee46-1435-11e1-8ba7-002326650d1f}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{3904ee74-1435-11e1-8ba7-002326650d1f}\Shell - "" = AutoRun O33 - MountPoints2\{3904ee74-1435-11e1-8ba7-002326650d1f}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{3904ee75-1435-11e1-8ba7-002326650d1f}\Shell - "" = AutoRun O33 - MountPoints2\{3904ee75-1435-11e1-8ba7-002326650d1f}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{7d35514c-df2a-11de-8a0f-002326650d1f}\Shell - "" = AutoRun O33 - MountPoints2\{7d35514c-df2a-11de-8a0f-002326650d1f}\Shell\AutoRun\command - "" = G:\USBAutoRun.exe O33 - MountPoints2\F\Shell - "" = AutoRun O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\USBAutoRun.exe O33 - MountPoints2\G\Shell - "" = AutoRun O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\USBAutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Yahoo! Messenger ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2013/06/08 17:01:20 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\FUJITSU\Desktop\OTL.exe [2013/06/07 13:38:27 | 000,000,000 | ---D | C] -- C:\Users\FUJITSU\AppData\Roaming\Malwarebytes [2013/06/07 13:38:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013/06/07 13:38:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013/06/07 13:38:07 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2013/06/07 13:38:07 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2013/05/17 13:02:02 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2013/05/17 12:08:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2013/05/17 12:07:35 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2013/05/17 12:07:33 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2013/05/17 12:07:33 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1 [1 C:\Users\FUJITSU\AppData\Local\*.tmp files -> C:\Users\FUJITSU\AppData\Local\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013/06/08 17:03:34 | 000,003,216 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2013/06/08 17:03:34 | 000,003,216 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2013/06/08 17:01:23 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\FUJITSU\Desktop\OTL.exe [2013/06/08 16:35:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013/06/08 15:25:30 | 000,632,380 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013/06/08 15:25:30 | 000,119,006 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013/06/08 15:03:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013/06/08 15:03:26 | 3172,868,096 | -HS- | M] () -- C:\hiberfil.sys [2013/06/07 13:38:09 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013/06/04 19:25:29 | 000,000,649 | ---- | M] () -- C:\Users\FUJITSU\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PPS.lnk [2013/06/04 19:25:29 | 000,000,633 | ---- | M] () -- C:\Users\Public\Desktop\PPStream.lnk [2013/06/04 19:25:29 | 000,000,633 | ---- | M] () -- C:\Users\FUJITSU\Application Data\Microsoft\Internet Explorer\Quick Launch\PPStream.lnk [2013/05/29 16:29:13 | 000,016,896 | ---- | M] () -- C:\Users\FUJITSU\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2013/05/25 13:29:04 | 000,028,045 | ---- | M] () -- C:\Users\FUJITSU\Documents\Essay Lung.odt [2013/05/17 12:08:27 | 000,001,664 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2013/05/16 18:46:02 | 000,391,552 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [1 C:\Users\FUJITSU\AppData\Local\*.tmp files -> C:\Users\FUJITSU\AppData\Local\*.tmp -> ] ========== Files Created - No Company Name ========== [2013/06/07 13:38:09 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013/05/19 17:51:31 | 000,028,045 | ---- | C] () -- C:\Users\FUJITSU\Documents\Essay Lung.odt [2013/05/17 12:08:27 | 000,001,664 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2012/09/26 21:57:14 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll [2012/09/26 21:57:14 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll [2012/09/26 21:57:14 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll [2012/09/26 21:57:14 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll [2012/08/30 12:08:04 | 000,000,204 | ---- | C] () -- C:\ProgramData\a6a8008388080ff88b184073dfc9b946c0134559 [2010/01/14 17:17:46 | 000,000,863 | ---- | C] () -- C:\Users\FUJITSU\.recently-used.xbel [2009/08/19 08:42:04 | 000,016,896 | ---- | C] () -- C:\Users\FUJITSU\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009/08/18 06:05:29 | 000,000,680 | ---- | C] () -- C:\Users\FUJITSU\AppData\Local\d3d9caps.dat ========== ZeroAccess Check ========== [2006/11/02 14:51:16 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 08:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2011/04/17 15:14:26 | 000,000,000 | ---D | M] -- C:\Users\FUJITSU\AppData\Roaming\Aegisub [2013/01/19 22:58:49 | 000,000,000 | ---D | M] -- C:\Users\FUJITSU\AppData\Roaming\DVDVideoSoft [2012/10/09 17:34:02 | 000,000,000 | ---D | M] -- C:\Users\FUJITSU\AppData\Roaming\DVDVideoSoftIEHelpers [2012/08/16 13:44:19 | 000,000,000 | ---D | M] -- C:\Users\FUJITSU\AppData\Roaming\FileZilla [2010/06/06 15:55:11 | 000,000,000 | ---D | M] -- C:\Users\FUJITSU\AppData\Roaming\FreeFLVConverter [2010/06/06 16:25:22 | 000,000,000 | ---D | M] -- C:\Users\FUJITSU\AppData\Roaming\GetRightToGo [2010/01/14 17:17:46 | 000,000,000 | ---D | M] -- C:\Users\FUJITSU\AppData\Roaming\gtk-2.0 [2010/12/19 23:22:43 | 000,000,000 | ---D | M] -- C:\Users\FUJITSU\AppData\Roaming\ICQ [2013/02/08 22:44:55 | 000,000,000 | ---D | M] -- C:\Users\FUJITSU\AppData\Roaming\LeeGT-Games [2009/12/02 19:59:14 | 000,000,000 | ---D | M] -- C:\Users\FUJITSU\AppData\Roaming\LG Electronics [2011/08/20 19:12:13 | 000,000,000 | ---D | M] -- C:\Users\FUJITSU\AppData\Roaming\LolClient [2013/04/28 16:25:04 | 000,000,000 | ---D | M] -- C:\Users\FUJITSU\AppData\Roaming\MOVAVI [2010/06/06 16:06:13 | 000,000,000 | ---D | M] -- C:\Users\FUJITSU\AppData\Roaming\Moyea [2010/09/13 14:55:24 | 000,000,000 | ---D | M] -- C:\Users\FUJITSU\AppData\Roaming\NJStar [2010/02/28 15:56:12 | 000,000,000 | ---D | M] -- C:\Users\FUJITSU\AppData\Roaming\OpenOffice.org [2013/06/08 17:04:46 | 000,000,000 | ---D | M] -- C:\Users\FUJITSU\AppData\Roaming\PPStream [2009/12/18 23:07:22 | 000,000,000 | ---D | M] -- C:\Users\FUJITSU\AppData\Roaming\TeamViewer [2013/02/11 00:46:08 | 000,000,000 | ---D | M] -- C:\Users\FUJITSU\AppData\Roaming\Windows Live Writer ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2009/08/18 06:03:34 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2009/11/28 12:26:08 | 000,000,000 | -HSD | M] -- C:\Boot [2006/11/02 14:59:44 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2008/09/12 03:32:37 | 000,000,000 | ---D | M] -- C:\Drivers [2008/09/12 04:39:58 | 000,000,000 | ---D | M] -- C:\Model [2008/01/21 04:43:50 | 000,000,000 | ---D | M] -- C:\PerfLogs [2013/06/07 13:38:07 | 000,000,000 | R--D | M] -- C:\Program Files [2013/06/07 13:38:08 | 000,000,000 | -H-D | M] -- C:\ProgramData [2009/12/02 20:02:44 | 000,000,000 | ---D | M] -- C:\Sounds [2013/06/08 17:11:14 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2011/09/14 20:44:27 | 000,000,000 | ---D | M] -- C:\Temp [2009/08/18 05:57:59 | 000,000,000 | R--D | M] -- C:\Users [2013/06/08 12:13:25 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < C:\Windows\system32\*.tsp > [2006/11/02 11:44:49 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp [2006/11/02 11:44:49 | 000,038,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp [2006/11/02 11:44:49 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp [2006/11/02 11:44:49 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp [2009/04/11 08:27:17 | 000,280,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp [2006/11/02 14:58:10 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT [2006/11/02 14:58:10 | 000,032,570 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2012/04/03 11:49:54 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job < MD5 for: AGP440.SYS > [2008/01/21 04:32:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys [2008/01/21 04:32:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys [2008/01/21 04:32:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys [2008/01/21 04:32:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys [2008/01/21 04:32:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys [2006/11/02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys < MD5 for: ATAPI.SYS > [2009/04/11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys [2009/04/11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys [2008/01/21 04:32:21 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\drivers\atapi.sys [2008/01/21 04:32:21 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys [2008/01/21 04:32:21 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys [2006/11/02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys < MD5 for: CNGAUDIT.DLL > [2006/11/02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll [2006/11/02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll < MD5 for: EXPLORER.EXE > [2008/10/29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe [2008/10/29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe [2008/10/30 05:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe [2009/04/11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe [2009/04/11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe [2008/10/28 04:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe [2008/01/21 04:34:05 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe < MD5 for: IASTOR.SYS > [2008/08/19 05:35:47 | 000,317,976 | ---- | M] (Intel Corporation) MD5=80C633722DA72E97F3F5B3B11325696D -- C:\Drivers\SATA\IaStor.sys [2008/08/19 05:35:47 | 000,317,976 | ---- | M] (Intel Corporation) MD5=80C633722DA72E97F3F5B3B11325696D -- C:\Windows\System32\drivers\iaStor.sys [2008/08/19 05:35:47 | 000,317,976 | ---- | M] (Intel Corporation) MD5=80C633722DA72E97F3F5B3B11325696D -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_1ab0331f\iaStor.sys [2008/08/19 05:35:47 | 000,317,976 | ---- | M] (Intel Corporation) MD5=80C633722DA72E97F3F5B3B11325696D -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_8e717be2\iaStor.sys < MD5 for: IASTORV.SYS > [2008/01/21 04:32:49 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys [2008/01/21 04:32:49 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys [2008/01/21 04:32:49 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys [2006/11/02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009/04/11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll [2009/04/11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll [2008/01/21 04:33:41 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll < MD5 for: NVSTOR.SYS > [2006/11/02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys [2008/01/21 04:32:47 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys [2008/01/21 04:32:47 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys [2008/01/21 04:32:47 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys < MD5 for: SCECLI.DLL > [2008/01/21 04:34:39 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll [2009/04/11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll [2009/04/11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll < MD5 for: USER32.DLL > [2008/01/21 04:34:02 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll [2009/04/11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll [2009/04/11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll < MD5 for: USERINIT.EXE > [2008/01/21 04:34:37 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe [2008/01/21 04:34:37 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe < MD5 for: WINLOGON.EXE > [2009/04/11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe [2009/04/11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2008/01/21 04:34:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < MD5 for: WS2IFSL.SYS > [2008/01/21 04:34:35 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys [2008/01/21 04:34:35 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > [2008/01/21 05:31:11 | 015,716,352 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV [2008/01/21 05:31:01 | 000,102,400 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV [2008/01/21 05:31:12 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV [2006/11/02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV [2006/11/02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV < %systemroot%\system32\*.dll /lockedfiles > < %USERPROFILE%\*.* > [2010/01/14 17:17:46 | 000,000,863 | ---- | M] () -- C:\Users\FUJITSU\.recently-used.xbel [2013/06/08 17:08:24 | 004,718,592 | -HS- | M] () -- C:\Users\FUJITSU\ntuser.dat [2013/06/08 17:08:24 | 000,262,144 | -H-- | M] () -- C:\Users\FUJITSU\ntuser.dat.LOG1 [2009/08/18 05:57:59 | 000,000,000 | -H-- | M] () -- C:\Users\FUJITSU\ntuser.dat.LOG2 [2013/06/08 12:12:22 | 000,065,536 | -HS- | M] () -- C:\Users\FUJITSU\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TM.blf [2013/06/08 12:12:22 | 000,524,288 | -HS- | M] () -- C:\Users\FUJITSU\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TMContainer00000000000000000001.regtrans-ms [2013/06/03 23:30:08 | 000,524,288 | -HS- | M] () -- C:\Users\FUJITSU\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TMContainer00000000000000000002.regtrans-ms [2009/08/18 05:58:00 | 000,000,020 | -HS- | M] () -- C:\Users\FUJITSU\ntuser.ini < %USERPROFILE%\Local Settings\Temp\*.exe > < %USERPROFILE%\Local Settings\Temp\*.dll > < %USERPROFILE%\Application Data\*.exe > < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16 < > ========== Files - Unicode (All) ========== [2010/05/31 12:00:40 | 000,001,868 | ---- | M] ()(C:\Users\Public\Desktop\Acronis?True?Image 10.0.lnk) -- C:\Users\Public\Desktop\Acronis*True*Image 10.0.lnk [2009/08/21 01:25:39 | 000,001,868 | ---- | C] ()(C:\Users\Public\Desktop\Acronis?True?Image 10.0.lnk) -- C:\Users\Public\Desktop\Acronis*True*Image 10.0.lnk < End of report > Code:
ATTFilter OTL Extras logfile created on: 8/6/2013 17:08:22 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\FUJITSU\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000C04 | Country: Hong Kong S.A.R. | Language: ZHH | Date Format: d/M/yyyy
2.95 Gb Total Physical Memory | 1.59 Gb Available Physical Memory | 53.97% Memory free
6.13 Gb Paging File | 4.98 Gb Available in Paging File | 81.32% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144.61 Gb Total Space | 62.37 Gb Free Space | 43.13% Space Free | Partition Type: NTFS
Drive D: | 144.61 Gb Total Space | 144.15 Gb Free Space | 99.68% Space Free | Partition Type: NTFS
Computer Name: FUJITSU-PC | User Name: FUJITSU | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{053D97C5-20AB-4DED-97A8-3A56880F9BD1}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{1D0AE348-D159-4EB2-98F8-935F15894D98}" = rport=139 | protocol=6 | dir=out | app=system |
"{236C824B-4381-43FC-9ADE-EEB49D832E70}" = rport=137 | protocol=17 | dir=out | app=system |
"{26701E76-834D-4644-8E3C-7403AF233AB6}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{34D40155-9151-4C00-9CD0-4A3FDFD65C1A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{4E2F6EB3-416B-43D8-BCF6-9B0D0CE277D2}" = rport=138 | protocol=17 | dir=out | app=system |
"{54425BA3-7777-420B-9D0F-E1B744B06A67}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{6D5020C0-7E2C-4C77-A865-5B4670599F6F}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{81F65CEF-CC28-4705-AA6C-EA6A4298C364}" = rport=445 | protocol=6 | dir=out | app=system |
"{8CCB002F-909D-4CB3-B06B-8F7C005E8EBD}" = lport=137 | protocol=17 | dir=in | app=system |
"{92B44FC0-B1D2-4BA4-A620-3286AB7B35CC}" = lport=138 | protocol=17 | dir=in | app=system |
"{95B96235-2506-48D8-832C-21744D3147B3}" = lport=445 | protocol=6 | dir=in | app=system |
"{B87604E6-11D8-4CE6-9871-C64BF3D00356}" = lport=2869 | protocol=6 | dir=in | app=system |
"{CDA01FCA-F1E0-4EBC-A69F-CCA520DE3F00}" = lport=139 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0218B80C-3C43-4E39-B557-C3D303CE7BE3}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{06C4DC83-DF06-42B8-A03D-F8F31BAFAFF1}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{0B916ED9-F308-49E1-8ECD-48BE917F19CD}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{0F3B2D11-AE45-4134-978C-9C9C1C547738}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version5\teamviewer.exe |
"{142A1289-2AB0-485F-B3FC-021B36EA1E5D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1D4B666B-87E5-41BE-8E43-061DC10EDFE9}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{2519B653-20D9-49E9-BE9E-5537403AA88B}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{302B48CB-1567-45A0-91BF-57066380521E}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe |
"{3B46DC47-9059-467C-B8F2-FAD6A20E023E}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{448EBA91-AE52-4AB5-94C7-ACF93BCA7452}" = dir=in | app=d:\pps.tv\ppstream\ppskernel.exe |
"{46C4D847-E5F4-42CA-BD23-3404C2863914}" = protocol=6 | dir=in | app=d:\pps.tv\ppstream\ppstream.exe |
"{4E823FC3-AB44-471B-A582-3078C874ABCF}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{540CD45C-94D4-4811-A79F-612E2A421C6C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{58C00E80-5810-4F4C-AF94-665DF312B6E8}" = protocol=17 | dir=in | app=d:\pps.tv\ppsgame\ppsgame.exe |
"{5D51562D-B313-4994-AE85-8E2A947731BC}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{7754A5F4-3522-4AF7-8305-813407EFB2EE}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{86D9D94C-FA14-4205-83CF-832CFD215E4C}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{87FCFE2D-5AB2-494F-9F80-11C43A0790E0}" = dir=in | app=c:\users\fujitsu\appdata\roaming\ppstream\ppsupdate.exe |
"{923F94D4-6214-448F-B2EA-745BE83D1163}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{A1AE0129-3247-41EF-915F-7696009B4238}" = dir=in | app=c:\users\fujitsu\appdata\roaming\ppstream\ppsupdate.exe |
"{A21C68E8-F3F0-4023-B1CF-779C4E872764}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe |
"{A76213D1-585D-4C33-A709-80EBD50F8149}" = dir=in | app=d:\pps.tv\ppstream\ppstream.exe |
"{AF7727A1-8BC5-4497-B062-A0E08A20E514}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{CBD41076-18A4-4B93-9C54-19253ECFAB83}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{D7AD0269-E0A0-4992-9E38-CC2BEC5D71F6}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{D8A1E1E2-CD55-4BDC-A47F-EC832846B016}" = dir=in | app=d:\pps.tv\ppstream\ppstream.exe |
"{DD77B95E-8AD1-427D-8C0D-7A6ACB424CE4}" = protocol=17 | dir=in | app=d:\pps.tv\ppstream\ppstream.exe |
"{E5CB18FC-0F9C-4CB3-A793-CC0651FBC78C}" = protocol=6 | dir=in | app=d:\pps.tv\ppsgame\ppsgame.exe |
"{E6EEB1FC-BCFF-4524-AB7D-B50BF9E9C2CC}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version5\teamviewer.exe |
"{FC3321F7-CA1E-4BB8-82F6-FDF1A1482990}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"TCP Query User{00CDC05F-7F9E-4CEC-B8A3-677139E6C634}D:\pps.tv\ppstream\ppstream.exe" = protocol=6 | dir=in | app=d:\pps.tv\ppstream\ppstream.exe |
"TCP Query User{09B83806-E60A-4153-B29D-B404DE8D78F8}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{24F52197-EA18-4BB7-8AE7-6289C54F0141}C:\program files\njstar communicator\minismtp.exe" = protocol=6 | dir=in | app=c:\program files\njstar communicator\minismtp.exe |
"TCP Query User{C9DC28F6-19EB-439A-BE60-6B70439FAE76}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{CBE83BD6-18E9-46E8-9D93-B60975D2EA9A}D:\pps.tv\ppstream\ppskernel.exe" = protocol=6 | dir=in | app=d:\pps.tv\ppstream\ppskernel.exe |
"TCP Query User{CF1E5B9B-B069-4A91-BDB7-6645E9F42273}C:\program files\littlefighter2\lf2_v2.0a\lf2.exe" = protocol=6 | dir=in | app=c:\program files\littlefighter2\lf2_v2.0a\lf2.exe |
"TCP Query User{DA171835-00AB-4254-8F13-464ACDBA571B}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{15BB43DD-6647-47F6-B98C-04DE00AC23E5}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{4322DEEA-C1DE-42DF-842B-E0C6E63DBE38}C:\program files\littlefighter2\lf2_v2.0a\lf2.exe" = protocol=17 | dir=in | app=c:\program files\littlefighter2\lf2_v2.0a\lf2.exe |
"UDP Query User{6D446112-B1B2-4D7A-84B2-5F9594D68FC0}D:\pps.tv\ppstream\ppstream.exe" = protocol=17 | dir=in | app=d:\pps.tv\ppstream\ppstream.exe |
"UDP Query User{70B216F5-2BBE-43BB-811D-2B8F9EFA4BD6}D:\pps.tv\ppstream\ppskernel.exe" = protocol=17 | dir=in | app=d:\pps.tv\ppstream\ppskernel.exe |
"UDP Query User{A8AB2B0B-EE9C-4DE2-862A-E19BEA6ADFE9}C:\program files\njstar communicator\minismtp.exe" = protocol=17 | dir=in | app=c:\program files\njstar communicator\minismtp.exe |
"UDP Query User{E8626919-DE98-4BC2-9DDD-99A8218D85B5}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{F7AACD66-0895-47A1-A483-D283A8C2CAB1}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0125D081-30D0-4A97-82A8-C28D444B6256}" = Microsoft SQL Server Compact 3.5 SP2 DEU
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{11E568E0-3244-4BCB-875E-F334269DFDCB}" = iTunes
"{191C41F6-4BA8-4D3D-BBC5-AAC8F3077E3F}" = Fujitsu MobilityCenter Extension Utility
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1D328E11-3B0C-388C-835D-C9C20E8C7734}" = Microsoft Help Viewer 1.0 Language Pack - DEU
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java(TM) 6 Update 6
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{47BC37A3-35C8-484A-8CBD-851914EB095E}" = Update Navi
"{47C39E4A-28F2-33B1-B9B7-97F24E52D917}" = Microsoft Help Viewer 1.0
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{50AD75E8-547E-4998-8C06-BF5CEEF30813}" = Acronis*True*Image
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{5A08C9D1-37AD-4A8D-90D3-33F92C578AA5}" = Microsoft SQL Server System CLR Types
"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple 應用程式支援
"{5D2C8A12-C5DD-4AE4-9EA7-DA2BE97CF97D}" = Fujitsu Display Manager
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{616C6F39-4CE1-3434-A665-2F6A04C09A7F}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
"{6226477E-444F-4DFE-BA19-9F4F7D4565BC}" = LifeBook Application Panel
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8AFCE4BA-2F84-4ED4-8C7E-80B7DC868E81}" = ArcSoft WebCam Companion 2
"{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C98989A-3A15-42DA-A3B9-D20331437D67}}_is1" = Gameforge Live 1.0 "Legend"
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A106D33E-6B43-42C0-9BFC-D03303261FA7}" = Microsoft SQL Server 2008 R2 Management Objects
"{A33E457B-5369-481F-8B53-71108AE2EB5B}" = Roxio Creator LJ
"{A7FA30B4-5E93-4222-97B0-089C46C8D3FD}" = Power Saving Utility
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.7) - Deutsch
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D0332}" = USB2.0 Digital Camera
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{BA0CC975-682B-4678-A35C-05E607F36387}" = Fujitsu Hotkey Utility
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{CFCB8616-A5D1-4281-80E8-389F685BFAE2}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 DEU
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D81641E8-ABF1-3D07-803B-60E8FC619368}" = Microsoft Visual C# 2010 Express - DEU
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E14ADE0E-75F3-4A46-87E5-26692DD626EC}" = Apple Mobile Device Support
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E8A5B78F-4456-4511-AB3D-E7BFFB974A7A}" = Fujitsu System Extension Utility
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FA02ACAC-9E14-4878-A257-92A22A647C2C}" = LG USB Modem Drivers
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Avira AntiVir Desktop" = Avira Free Antivirus
"CCleaner" = CCleaner
"ffdshow_is1" = ffdshow [rev 1723] [2007-12-24]
"Free Audio Dub_is1" = Free Audio Dub version 1.7.9.908
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.37.1212
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"InstallShield_{191C41F6-4BA8-4D3D-BBC5-AAC8F3077E3F}" = Fujitsu MobilityCenter Extension Utility
"InstallShield_{5D2C8A12-C5DD-4AE4-9EA7-DA2BE97CF97D}" = Fujitsu Display Manager
"InstallShield_{6226477E-444F-4DFE-BA19-9F4F7D4565BC}" = LifeBook Application Panel
"InstallShield_{A7FA30B4-5E93-4222-97B0-089C46C8D3FD}" = Power Saving Utility
"InstallShield_{BA0CC975-682B-4678-A35C-05E607F36387}" = Fujitsu Hotkey Utility
"InstallShield_{E8A5B78F-4456-4511-AB3D-E7BFFB974A7A}" = Fujitsu System Extension Utility
"Little Fighter 2 version 2.0a" = Little Fighter 2 version 2.0a
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Messenger Plus!" = Messenger Plus!
"Messenger Plus! for Skype" = Messenger Plus! for Skype
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"Microsoft Help Viewer 1.0 Language Pack - DEU" = Microsoft Help Viewer 1.0 Language Pack - DEU
"Microsoft Visual C# 2010 Express - DEU" = Microsoft Visual C# 2010 Express - DEU
"Mozilla Firefox 21.0 (x86 de)" = Mozilla Firefox 21.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NJStar Communicator" = NJStar Communicator
"NosTale(DE)_is1" = Nostale(DE)
"NosTale(UK)_is1" = Nostale(UK)
"PC-Doctor for Windows" = Fujitsu Hardware Diagnostics Tool
"PPSGame" = PPS蚔牁 V1.0.1.238
"PPStream" = PPStream V3.1.0.1044 Final
"RarZilla Free Unrar" = RarZilla Free Unrar
"TeamViewer 5" = TeamViewer 5
"VLC media player" = VLC media player 1.0.3
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.10 (32-Bit)
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"FileZilla Client" = FileZilla Client 3.5.3
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 7/6/2013 8:55:33 | Computer Name = FUJITSU-PC | Source = MsgPlusService | ID = 0
Description =
Error - 7/6/2013 13:02:59 | Computer Name = FUJITSU-PC | Source = WinMgmt | ID = 10
Description =
Error - 7/6/2013 17:52:31 | Computer Name = FUJITSU-PC | Source = MsgPlusService | ID = 0
Description =
Error - 7/6/2013 17:52:31 | Computer Name = FUJITSU-PC | Source = MsgPlusService | ID = 0
Description =
Error - 8/6/2013 5:01:14 | Computer Name = FUJITSU-PC | Source = WinMgmt | ID = 10
Description =
Error - 8/6/2013 5:05:26 | Computer Name = FUJITSU-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 8/6/2013 6:12:18 | Computer Name = FUJITSU-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung firefox.exe, Version 21.0.0.4879, Zeitstempel
0x518ec3cc, fehlerhaftes Modul xul.dll, Version 21.0.0.4879, Zeitstempel 0x518ec306,
Ausnahmecode 0xc0000005, Fehleroffset 0x001c9789, Prozess-ID 0x1614, Anwendungsstartzeit
01ce64276066256a.
Error - 8/6/2013 6:13:30 | Computer Name = FUJITSU-PC | Source = MsgPlusService | ID = 0
Description =
Error - 8/6/2013 6:13:30 | Computer Name = FUJITSU-PC | Source = MsgPlusService | ID = 0
Description =
Error - 8/6/2013 9:05:12 | Computer Name = FUJITSU-PC | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 7/6/2013 8:34:02 | Computer Name = FUJITSU-PC | Source = netbt | ID = 4321
Description = Der Name "WORKGROUP :1d" konnte nicht auf der Schnittstelle mit
IP-Adresse 192.168.2.101 registriert werden. Der Computer mit IP-Adresse 192.168.2.106
hat nicht zugelassen, dass dieser Computer diesen Namen verwendet.
Error - 7/6/2013 8:39:12 | Computer Name = FUJITSU-PC | Source = netbt | ID = 4321
Description = Der Name "WORKGROUP :1d" konnte nicht auf der Schnittstelle mit
IP-Adresse 192.168.2.101 registriert werden. Der Computer mit IP-Adresse 192.168.2.106
hat nicht zugelassen, dass dieser Computer diesen Namen verwendet.
Error - 7/6/2013 8:44:22 | Computer Name = FUJITSU-PC | Source = netbt | ID = 4321
Description = Der Name "WORKGROUP :1d" konnte nicht auf der Schnittstelle mit
IP-Adresse 192.168.2.101 registriert werden. Der Computer mit IP-Adresse 192.168.2.106
hat nicht zugelassen, dass dieser Computer diesen Namen verwendet.
Error - 7/6/2013 8:49:32 | Computer Name = FUJITSU-PC | Source = netbt | ID = 4321
Description = Der Name "WORKGROUP :1d" konnte nicht auf der Schnittstelle mit
IP-Adresse 192.168.2.101 registriert werden. Der Computer mit IP-Adresse 192.168.2.106
hat nicht zugelassen, dass dieser Computer diesen Namen verwendet.
Error - 7/6/2013 8:54:54 | Computer Name = FUJITSU-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 7/6/2013 13:02:59 | Computer Name = FUJITSU-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 7/6/2013 17:52:28 | Computer Name = FUJITSU-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =
Error - 8/6/2013 5:01:15 | Computer Name = FUJITSU-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 8/6/2013 6:13:29 | Computer Name = FUJITSU-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =
Error - 8/6/2013 9:05:12 | Computer Name = FUJITSU-PC | Source = Service Control Manager | ID = 7000
Description =
< End of report >
LG Treengo |
|
08.06.2013, 16:56
| #5 |
| /// Malware-holic | Telekom Brief; Verdacht auf Trojaner Hi, otl fix Fixen mit OTL
Code:
ATTFilter :OTL
O4 - HKCU..\Run: [Ehycex] C:\Users\Mui\AppData\Roaming\Azgiqy\ulofa.exe (Sysinternals - www.sysinternals.com)
[2013.05.18 10:03:21 | 000,000,000 | ---D | M] -- C:\Users\Mui\AppData\Roaming\Avygz
[2013.04.29 18:11:05 | 000,000,000 | ---D | M] -- C:\Users\Mui\AppData\Roaming\Azgiqy
:files
:Commands
[emptytemp]
Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang in den Thread posten! Drücke bitte die  + E Taste.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
08.06.2013, 17:24
| #6 |
| | Telekom Brief; Verdacht auf Trojaner Danke für die Antwort Hier ist der Inhalt der besagten Datei: PC: Code:
ATTFilter All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Ehycex deleted successfully.
C:\Users\Mui\AppData\Roaming\Azgiqy\ulofa.exe moved successfully.
C:\Users\Mui\AppData\Roaming\Avygz folder moved successfully.
C:\Users\Mui\AppData\Roaming\Azgiqy folder moved successfully.
========== FILES ==========
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Mui
->Temp folder emptied: 495838556 bytes
->Temporary Internet Files folder emptied: 5158558211 bytes
->Java cache emptied: 343546 bytes
->Google Chrome cache emptied: 284339185 bytes
->Flash cache emptied: 5 bytes
User: Public
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 312622125 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 5.962,00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 06082013_180552
Files\Folders moved on Reboot...
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
Code:
ATTFilter All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Ehycex not found.
File C:\Users\Mui\AppData\Roaming\Azgiqy\ulofa.exe not found.
Folder C:\Users\Mui\AppData\Roaming\Avygz\ not found.
Folder C:\Users\Mui\AppData\Roaming\Azgiqy\ not found.
========== FILES ==========
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: FUJITSU
->Temp folder emptied: 1718 bytes
->Temporary Internet Files folder emptied: 5579081 bytes
->Java cache emptied: 19995565 bytes
->FireFox cache emptied: 387156658 bytes
->Flash cache emptied: 3215 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 4600145 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 398.00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 06082013_180320
Files\Folders moved on Reboot...
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
|
|
08.06.2013, 17:27
| #7 |
| /// Malware-holic | Telekom Brief; Verdacht auf Trojaner danke nutzt ihr den PC fürs onlinebanking, zum einkaufen, für sonstige Zahlungsabwicklungen, oder ähnlich wichtigem, wie beruflichem?
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
08.06.2013, 17:31
| #8 |
| | Telekom Brief; Verdacht auf Trojaner bitte Also beim Laptop ist alles dabei, also von Ebay über Beruflichen Sachen bis hin zum Online-Banking. Bei dem PC beschränkt es sich auf Amazon. LG |
|
08.06.2013, 17:35
| #9 |
| /// Malware-holic | Telekom Brief; Verdacht auf Trojaner Hi, du hast eine Malware, die sensible Daten stiehlt. Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und der sicherste Weg, zumal du deinen PC fürs einkaufen, verwendest Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist. wir könnten ihn also einmal neu machen, und dann vernünftig absichern, Anleitungen kann ich dir geben, egal wofür du dich entscheidest
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
08.06.2013, 17:42
| #10 |
| | Telekom Brief; Verdacht auf Trojaner Also betrifft das jetzt beide Rechner oder nur den PC? Ich wäre für das Formatieren, aber ich habe die CD, die mitgeliefert wird, nicht mehr. Geht das dann trotzdem noch ? Beim Formatieren muss ich "nur" darauf achten, dass ich alle meine Daten sichere oder geht das auch nicht mehr, weil sie von der Malware befallen sind? LG |
|
08.06.2013, 17:43
| #11 |
| /// Malware-holic | Telekom Brief; Verdacht auf Trojaner nur den PC. daten sichern geht. kannst du dir ne Vista cd (home) leihen? 1. Datenrettung:
ich werde außerdem noch weitere punkte dazu posten. 4. alle Passwörter ändern! 5. nach PC Absicherung, die gesicherten Daten prüfen und falls sauber: zurückspielen. 6. werde ich dann noch was zum absichern von Onlinebanking mit Chip Card Reader + Star Money sagen.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
08.06.2013, 17:57
| #12 |
| | Telekom Brief; Verdacht auf Trojaner Kann ich auch eine neuere Version von Windows installieren oder muss es Windows Vista(Home) sein? Es ist ein Fertig PC. Hersteller:Microstar Typ:Intel Core 2 Squad CPU Q9300 2.50Ghz So wie ich es richtig verstanden habe auf der Seite mit dem Neuaufsetzen ohne Windows CD...kann ich in meiner Situation nur Windows Vista installieren, weil ich nur die Windows Vista Lizenz habe? Ich stehe ehrlich gesagt gerade etwas unter Druck, weil ich nicht rund um die Uhr die folgenden Anweisungen ausführen kann wegen der Arbeit. Dabei muss das ja so schnell wie möglich gemacht werden, sowohl das Bereinigen als auch das Neuaufsetzen oder? LG |
|
08.06.2013, 18:00
| #13 |
| /// Malware-holic | Telekom Brief; Verdacht auf Trojaner na, wenn du nich grad von dem pc aus einkaufst, können wir das schon in Ruhe angehen. Du kannst mit deiner Vista lizenz nur vista instalieren, win7 müsste aber gehen. Windows*7 Upgrade Advisor - Download - Microsoft Windows einfach mal dieses Tool laufen lassenb
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
08.06.2013, 18:04
| #14 |
| | Telekom Brief; Verdacht auf Trojaner Das beruhigt mein ein wenig, aber ich habe noch einige Fragen. Ich hoffe es kommt nicht zu aufdringlich oder ähnliches. 1.Nur nochmal zur kompletten Sicherheit, den Laptop kann ich weiterhin nutzen ohne befürchten zu müssen, dass irgendeine Malware meine Daten stiehlt oder? 2.Da der PC jz infiziert ist, kann der Hacker auch auf die Daten auf dem Laptop zugreifen? Da der PC und der Laptop ja dieselbe Internetverbindung benutzen. LG Edit: In meiner Aufregung habe ich vergessen mich für das Tool zu bedanken, Danke! LG |
|
08.06.2013, 18:19
| #15 |
| /// Malware-holic | Telekom Brief; Verdacht auf Trojaner Hi, 1. ja, wir können den Laptop ja noch weiter prüfen, aber lass uns erst mal mit dem PC weiter machen. 2. nein
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
| Themen zu Telekom Brief; Verdacht auf Trojaner |
| administrator, anti-malware, autostart, computer, gelöscht, malwarebytes, problem, pup.blabbers, pup.fakeflash.domaiq, quarantäne, recycle.bin, service pack 2, speicher, telekom, trojan.spyeyes, trojaner, version, zugang |
