| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Polizei Trojaner Österreich eingefangenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
28.08.2012, 14:54
| #1 |
 |  Polizei Trojaner Österreich eingefangen Hallo, hab mir den Trojaner auch eingefangen, bitte um Hilfe. Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 15:44 on 28/08/2012 (Leo)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Code:
ATTFilter OTL logfile created on: 28.08.2012 14:46:44 - Run 1 OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\Leo\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 2,87 Gb Total Physical Memory | 2,41 Gb Available Physical Memory | 84,18% Memory free 5,94 Gb Paging File | 5,68 Gb Available in Paging File | 95,66% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 92,21 Gb Total Space | 10,81 Gb Free Space | 11,72% Space Free | Partition Type: NTFS Drive D: | 131,89 Gb Total Space | 5,80 Gb Free Space | 4,40% Space Free | Partition Type: NTFS Computer Name: LEO-PC | User Name: Leo | Logged in as Administrator. Boot Mode: SafeMode | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.08.28 14:40:32 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Leo\Desktop\OTL.exe PRC - [2009.10.02 23:34:42 | 000,015,216 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32Info.exe PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2008.01.21 04:24:02 | 000,498,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\HelpPane.exe ========== Modules (No Company Name) ========== MOD - [2009.10.03 03:18:02 | 007,569,408 | ---- | M] () -- c:\Program Files\Adobe\Reader 9.0\Reader\RdLang32.DEU MOD - [2009.02.27 13:56:34 | 000,016,768 | ---- | M] () -- C:\Program Files\Adobe\Reader 9.0\Reader\ViewerPS.dll MOD - [2009.02.27 13:52:56 | 000,258,048 | ---- | M] () -- C:\Program Files\Adobe\Reader 9.0\Reader\sqlite.dll MOD - [2007.11.16 16:02:18 | 000,479,232 | R--- | M] () -- C:\Program Files\Adobe\Reader 9.0\Reader\ccme_base.dll MOD - [2007.11.16 16:02:18 | 000,401,408 | R--- | M] () -- C:\Program Files\Adobe\Reader 9.0\Reader\cryptocme2.dll ========== Win32 Services (SafeList) ========== SRV - File not found [On_Demand | Stopped] -- winhttp.dll -- (WinHttpAutoProxySvc) SRV - [2011.03.23 18:32:20 | 001,740,696 | ---- | M] () [Auto | Stopped] -- C:\Program Files\3 Mobile Broadband\3Connect\BecHelperService.exe -- (BecHelperService) SRV - [2010.07.08 14:18:29 | 000,333,264 | ---- | M] () [Auto | Stopped] -- C:\Program Files\3DataManager\WTGService.exe -- (WTGService) SRV - [2008.04.25 14:23:36 | 000,303,104 | ---- | M] (Fujitsu Siemens Computers) [Auto | Stopped] -- C:\Program Files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe -- (TestHandler) SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbfake.sys -- (hwusbfake) DRV - [2011.08.02 19:38:44 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netaapl.sys -- (Netaapl) DRV - [2011.03.23 17:15:48 | 000,235,392 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbnet.sys -- (ewusbnet) DRV - [2011.03.23 17:15:48 | 000,193,792 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard) DRV - [2011.03.23 17:15:48 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev) DRV - [2011.03.23 17:15:48 | 000,073,216 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ew_jubusenum.sys -- (huawei_enumerator) DRV - [2011.03.23 17:15:48 | 000,011,136 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_usbenumfilter.sys -- (ew_usbenumfilter) DRV - [2011.01.11 18:04:19 | 000,105,856 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k) DRV - [2011.01.11 18:04:19 | 000,105,856 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea) DRV - [2011.01.11 18:04:19 | 000,105,856 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k) DRV - [2011.01.11 18:04:19 | 000,010,240 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter.sys -- (massfilter) DRV - [2008.06.30 19:56:12 | 000,917,504 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2008.06.26 06:25:58 | 000,337,920 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTL8187B.sys -- (RTL8187B) DRV - [2008.05.27 13:55:54 | 000,173,576 | ---- | M] (AMD Technologies Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ahcix86s.sys -- (ahcix86s) DRV - [2008.05.02 13:59:40 | 000,122,368 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) DRV - [2008.04.03 14:58:46 | 000,076,688 | ---- | M] (JMicron Technology Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\jraid.sys -- (JRAID) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=FUJD&bmod=FUJD IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4 IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7FUJC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.at/ig?hl=de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7FUJE_deAT350 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_257.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.11.13 00:07:55 | 000,000,000 | ---D | M] [2011.08.06 14:36:34 | 000,002,048 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrch.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms} CHR - homepage: hxxp://www.google.com CHR - Extension: Facemoods = C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihflimipbcaljfnojhhknppphnnciiif\1.2.1_0\ O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.) O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found. O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [FSC OSD Utility] c:\Program Files\FSC OSD Utility\OSDUtility.exe (Quanta Computer Inc.) O4 - HKLM..\Run: [FSCRecovery] c:\Program Files\Fujitsu Siemens Computers\Fujitsu Siemens Computers Recovery\FSCRecoveryReminder.exe (Fujitsu Siemens Computers GmbH) O4 - HKLM..\Run: [Garmin Lifetime Updater] C:\Program Files\Garmin\Lifetime Updater\GarminLifetime.exe (Garmin) O4 - HKLM..\Run: [Google EULA Launcher] c:\Program Files\Google\Google EULA\GoogleEULALauncher.exe ( ) O4 - HKLM..\Run: [NPCTray] C:\Program Files\Norman\npc\bin\npc_tray.exe /LOAD File not found O4 - HKLM..\Run: [RtHDVCpl] RtHDVCpl.exe File not found O4 - HKLM..\Run: [Skytel] Skytel.exe File not found O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [{C39E165D-2069-83E7-1A77-212AD65B3865}] C:\Users\Leo\AppData\Roaming\Ytycd\awhyovo.exe () O4 - HKCU..\Run: [HW_OPENEYE_OUC_Smart Bro] C:\Program Files\Smart Bro\UpdateDog\ouc.exe (Huawei Technologies Co., Ltd.) O4 - HKCU..\Run: [iDevice Manager Launcher] C:\Program Files\Software4u\iDevice Manager\Software4u.IPELauncher.exe (Marx Softwareentwicklung - www.software4u.de) O4 - HKCU..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (Google Inc.) O4 - Startup: C:\Users\Leo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Leo\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Leo\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0CCCCA6E-8C5F-4A8B-8AFE-A409BD6C6DB4}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1CBCFD11-E818-43B0-B559-B1218B3299E8}: DhcpNameServer = 213.153.32.129 213.153.32.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2D30E058-D62F-4673-A3AE-A4B6688936E1}: DhcpNameServer = 121.1.3.172 121.1.3.89 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7EFD1C39-1B92-4583-A662-92B754A1ECCE}: DhcpNameServer = 121.1.3.172 121.1.3.89 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C592BB26-E35E-4BB2-BD4A-0A0A78C130B3}: DhcpNameServer = 121.1.3.172 121.1.3.89 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - File not found O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - File not found O20 - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - File not found O24 - Desktop WallPaper: C:\Users\Leo\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Leo\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O29 - HKLM SecurityProviders - (credssp.dll) - File not found O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{10692cb1-de66-11de-9b14-00225f51bca3}\Shell - "" = AutoRun O33 - MountPoints2\{10692cb1-de66-11de-9b14-00225f51bca3}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{4084f77a-2274-11e1-80a5-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{4084f77a-2274-11e1-80a5-806e6f6e6963}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{4084f8d4-2274-11e1-80a5-001e101f36d9}\Shell - "" = AutoRun O33 - MountPoints2\{4084f8d4-2274-11e1-80a5-001e101f36d9}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{6704a98a-9ff5-11e1-b860-001e101f36d9}\Shell - "" = AutoRun O33 - MountPoints2\{6704a98a-9ff5-11e1-b860-001e101f36d9}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{698f0547-ee01-11de-a08a-00225f51bca3}\Shell - "" = AutoRun O33 - MountPoints2\{698f0547-ee01-11de-a08a-00225f51bca3}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{6c1f0cd1-a996-11e1-b4f7-001e101f1838}\Shell - "" = AutoRun O33 - MountPoints2\{6c1f0cd1-a996-11e1-b4f7-001e101f1838}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{77f545e6-13d6-11df-b09b-00225f51bca3}\Shell - "" = AutoRun O33 - MountPoints2\{77f545e6-13d6-11df-b09b-00225f51bca3}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a O33 - MountPoints2\{7d0b806f-0030-11df-8179-00225f51bca3}\Shell - "" = AutoRun O33 - MountPoints2\{7d0b806f-0030-11df-8179-00225f51bca3}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{7e396649-53bc-11df-b92b-00225f51bca3}\Shell\AutoRun\command - "" = F:\mh.exe O33 - MountPoints2\{7e396649-53bc-11df-b92b-00225f51bca3}\Shell\open\Command - "" = F:\mh.exe O33 - MountPoints2\{7e39664f-53bc-11df-b92b-00225f51bca3}\Shell\AutoRun\command - "" = F:\mh.exe O33 - MountPoints2\{7e39664f-53bc-11df-b92b-00225f51bca3}\Shell\open\Command - "" = F:\mh.exe O33 - MountPoints2\{86f6f8ad-d98a-11de-aeab-00225f51bca3}\Shell - "" = AutoRun O33 - MountPoints2\{86f6f8ad-d98a-11de-aeab-00225f51bca3}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{b2982313-9293-11e1-b41a-001e101f2c0e}\Shell - "" = AutoRun O33 - MountPoints2\{b2982313-9293-11e1-b41a-001e101f2c0e}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{bfdf9f00-d983-11de-80e5-00225f51bca3}\Shell - "" = AutoRun O33 - MountPoints2\{bfdf9f00-d983-11de-80e5-00225f51bca3}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{c4366030-dfc3-11de-9ea2-00225f51bca3}\Shell - "" = AutoRun O33 - MountPoints2\{c4366030-dfc3-11de-9ea2-00225f51bca3}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{eac475a5-daa5-11de-8d69-00238b40a0e1}\Shell - "" = AutoRun O33 - MountPoints2\{eac475a5-daa5-11de-8d69-00238b40a0e1}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{eac475a7-daa5-11de-8d69-00238b40a0e1}\Shell - "" = AutoRun O33 - MountPoints2\{eac475a7-daa5-11de-8d69-00238b40a0e1}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{f0f80561-1b37-11e0-9f02-00225f51bca3}\Shell - "" = AutoRun O33 - MountPoints2\{f0f80561-1b37-11e0-9f02-00225f51bca3}\Shell\AutoRun\command - "" = F:\.\Autorun.exe AUTORUN=1 O33 - MountPoints2\G\Shell - "" = AutoRun O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.08.28 14:49:53 | 000,000,000 | ---D | C] -- C:\Users\Leo\AppData\Roaming\Malwarebytes [2012.08.28 14:49:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.08.28 14:49:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.08.28 14:49:43 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.08.28 14:46:22 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Leo\Desktop\OTL.exe [2012.08.28 14:46:18 | 010,652,120 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Leo\Desktop\mbam-setup-1.62.0.1300.exe [2012.08.25 13:14:19 | 000,000,000 | ---D | C] -- C:\Users\Leo\Desktop\mixed 2010 [2012.08.25 13:07:16 | 000,000,000 | ---D | C] -- C:\Users\Leo\Desktop\phils 10 [2012.08.25 13:06:39 | 000,000,000 | ---D | C] -- C:\Users\Leo\Desktop\ams [2012.08.25 13:06:21 | 000,000,000 | ---D | C] -- C:\Users\Leo\Desktop\honda cbr [2012.08.24 13:09:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iDevice Manager [2012.08.24 13:08:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System.Data.SQLite [2012.08.24 13:08:46 | 000,000,000 | ---D | C] -- C:\Program Files\System.Data.SQLite [2012.08.24 12:58:14 | 000,000,000 | ---D | C] -- C:\Users\Leo\Desktop\Amsterdam 12 [2012.08.23 19:46:13 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2012.08.23 19:46:11 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2012.08.23 19:46:11 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2012.08.23 19:46:10 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2012.08.23 19:46:10 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2012.08.23 19:46:07 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2012.08.23 19:46:06 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2012.08.23 19:45:56 | 002,047,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys ========== Files - Modified Within 30 Days ========== [2012.08.28 14:50:13 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2012.08.28 14:49:46 | 000,000,872 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.08.28 14:49:08 | 000,670,448 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.08.28 14:49:08 | 000,631,514 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.08.28 14:49:08 | 000,143,986 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.08.28 14:49:08 | 000,118,140 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.08.28 14:45:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.08.28 14:40:32 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Leo\Desktop\OTL.exe [2012.08.28 14:39:58 | 004,503,728 | ---- | M] () -- C:\ProgramData\ism_0_llatsni.pad [2012.08.28 14:39:28 | 010,652,120 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Leo\Desktop\mbam-setup-1.62.0.1300.exe [2012.08.28 14:32:45 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.08.28 14:32:38 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.08.28 14:32:38 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.08.28 14:25:26 | 000,001,732 | ---- | M] () -- C:\Users\Leo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk [2012.08.28 14:08:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.08.28 12:59:05 | 000,128,399 | ---- | M] () -- C:\Users\Leo\Desktop\557979_3207025189555_787797496_n.jpg [2012.08.27 23:09:39 | 000,245,248 | ---- | M] () -- C:\Users\Leo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.08.24 13:09:19 | 000,001,981 | ---- | M] () -- C:\Users\Leo\Desktop\iDevice Manager.lnk [2012.08.24 12:34:33 | 000,312,992 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT ========== Files Created - No Company Name ========== [2012.08.28 14:49:46 | 000,000,872 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.08.28 14:25:26 | 004,503,728 | ---- | C] () -- C:\ProgramData\ism_0_llatsni.pad [2012.08.28 14:25:26 | 000,001,732 | ---- | C] () -- C:\Users\Leo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk [2012.08.28 13:02:22 | 000,128,399 | ---- | C] () -- C:\Users\Leo\Desktop\557979_3207025189555_787797496_n.jpg [2012.08.24 13:09:19 | 000,001,981 | ---- | C] () -- C:\Users\Leo\Desktop\iDevice Manager.lnk [2011.12.09 16:49:59 | 000,067,156 | ---- | C] () -- C:\Windows\Huawei ModemsUninstall.exe [2011.03.09 22:39:21 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll [2011.02.05 13:08:48 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI [2010.11.21 23:27:11 | 000,217,088 | ---- | C] () -- C:\Windows\System32\MafiaSetup.exe [2009.11.14 11:19:20 | 000,000,000 | ---- | C] () -- C:\Users\Leo\AppData\Roaming\wklnhst.dat [2009.10.19 19:30:09 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2009.10.19 13:43:12 | 000,245,248 | ---- | C] () -- C:\Users\Leo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2002.08.13 17:04:12 | 000,217,088 | R--- | C] () -- C:\Users\Leo\AppData\Roaming\MafiaSetup.exe < End of report > Code:
ATTFilter OTL Extras logfile created on: 28.08.2012 14:46:44 - Run 1
OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\Leo\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
2,87 Gb Total Physical Memory | 2,41 Gb Available Physical Memory | 84,18% Memory free
5,94 Gb Paging File | 5,68 Gb Available in Paging File | 95,66% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 92,21 Gb Total Space | 10,81 Gb Free Space | 11,72% Space Free | Partition Type: NTFS
Drive D: | 131,89 Gb Total Space | 5,80 Gb Free Space | 4,40% Space Free | Partition Type: NTFS
Computer Name: LEO-PC | User Name: Leo | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.reg [@ = regfile] -- regedit.exe "%1"
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [open] -- regedit.exe "%1"
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\vlc media player\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V"
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\vlc media player\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0503F403-518E-4F1B-8D4D-F6752AA9A337}" = rport=445 | protocol=6 | dir=out | app=system |
"{0F8ED13A-78BB-4F9B-BF4E-06C3F86FEC13}" = rport=137 | protocol=17 | dir=out | app=system |
"{12E14DF2-F297-4FD9-873F-049D39C53AC7}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{2A7BC351-8720-49B5-B73E-854BF0ABBABB}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{40AD3A3B-5B39-45C8-8C51-FBBDB440AE10}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{4F6DAB9A-7744-446D-BD0C-260CC9A4B1BE}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{4FC7789D-5E42-46FE-BB4C-E0745FBB1051}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{646533BF-7C90-4F96-B8F1-E84C548532B7}" = lport=138 | protocol=17 | dir=in | app=system |
"{65F65932-AE79-45B0-B10F-207CD69C11A4}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6725A18D-655B-4180-BE32-19003AC47823}" = lport=445 | protocol=6 | dir=in | app=system |
"{848F2B96-44BA-465C-A414-9F04B12FCD91}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9E986BA9-A66C-4ED0-8C7D-EB8B3911FEB3}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{A196FE10-2844-44B6-B735-DB0B606D4E56}" = lport=137 | protocol=17 | dir=in | app=system |
"{B6889676-8D30-4715-A436-A904FB20FFB5}" = lport=139 | protocol=6 | dir=in | app=system |
"{B9F9E2EF-0C52-4C2E-AB6E-7CFF88F3639A}" = rport=139 | protocol=6 | dir=out | app=system |
"{BA313532-68D4-40C8-ADD5-5589A9D384FE}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{D87A32EC-11A2-4821-A078-0E30C124718A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{DC6447D4-3067-44BE-80FC-F73803D5FC6B}" = rport=138 | protocol=17 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1B5EBD74-89B3-4A69-AF69-D31C175BE007}" = protocol=17 | dir=in | app=c:\program files\software4u\idevice manager\software4u.idevicemanager.exe |
"{28AB4D81-CF8D-455D-86C2-11BBD5D2E357}" = protocol=6 | dir=in | app=c:\users\leo\appdata\roaming\dropbox\bin\dropbox.exe |
"{29E6CB61-8153-4F92-BF35-6973FAA2AA2F}" = protocol=17 | dir=in | app=c:\users\leo\appdata\roaming\dropbox\bin\dropbox.exe |
"{2C98EE29-8B00-45D8-BBDE-7A5D8C6CB85D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{2E97C170-1800-4B13-A67A-8454DCCDF542}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{31814022-A987-45F4-9094-A75473988B00}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{43165548-6168-4AE5-9D19-CF6D1732F5F9}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{4676CDE3-5256-4255-A26F-72FE367D6911}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{46B964FD-31BF-40BC-B35A-037295E6DFC0}" = protocol=6 | dir=in | app=c:\program files\software4u\iphone explorer\software4u.iphoneexplorer.exe |
"{6FD2D384-AB41-4DA4-9667-A70D9EA6372B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{7C28D5C9-E59F-4802-A754-4803CF31F9F0}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{7FB25F23-DF21-4EC1-81F7-71876A55F280}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{92F75C83-9C41-4DCF-BDE1-E41AD3AEAD10}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{9EEC65AB-AAAB-43AE-A29A-D3BC210F14B2}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{ADC162A5-37AD-4BB6-84D4-2CA6A4937837}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{B51F04EE-A9F5-4F26-9F60-120E59182CB5}" = protocol=17 | dir=in | app=c:\program files\software4u\iphone explorer\software4u.iphoneexplorer.exe |
"{B7773AC4-331F-4D2F-B5ED-02C83A41E5AA}" = protocol=6 | dir=in | app=c:\program files\software4u\idevice manager\software4u.idevicemanager.exe |
"{C9466E0F-65B5-4195-81B9-667533D3E83D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{07F2C7E5-7A81-4410-8902-4173C381637C}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{280289DC-22BF-4CFB-83F4-F6E9B5EC03FD}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{2F417F3F-CB6A-4F1A-AEF6-D326B0C162EF}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe |
"TCP Query User{710F744E-09AC-44D9-A254-69F67CA78280}C:\users\leo\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\leo\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{7A7D7F6E-C286-4E12-A009-BF72964E35B9}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe |
"TCP Query User{90B22E20-DEC1-4437-B93D-3FDCA92BCFD3}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{2B08BD65-CBDA-43A2-B595-2A4AB99719E4}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{2B1C7B00-FA4B-40E7-9FE5-4BF76F8A07BB}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{7962EB8C-4474-453D-A674-DDBF3AE0EC3F}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{7C3F76E8-81CF-479F-B2CD-5EFB3FC1D1B9}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe |
"UDP Query User{89680D8C-E933-4781-B050-ADBDEA48CFFA}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe |
"UDP Query User{8D6053A8-A9E9-4FE5-A980-6A074210FE72}C:\users\leo\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\leo\appdata\roaming\dropbox\bin\dropbox.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{02E43EC2-6B1C-45B5-9E48-941C3E1B204A}_is1" = System.Data.SQLite v1.0.81.0
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP280_series" = Canon MP280 series MP Drivers
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23B8A91D-680B-462B-87AD-3D70F7341731}" = iTunes
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 26
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{2F926AE7-9FB7-4B34-906F-9C29A6D146A7}" = SystemDiagnostics
"{373C3C97-2FA9-4E18-85A2-255060C21031}" = Nero 8 Essentials
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{46CEB912-82BB-416B-8328-1A32CFD1754C}" = Garmin Lifetime Updater
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6B9B0C6F-E5FA-4633-A640-AB98A272ECCA}" = Safari
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A71D5E81-B967-43DB-93D7-FD31BFB95748}" = MobileMe Control Panel
"{A899DA1F-D626-401C-8651-F2921E3B4CB3}" = 3Connect
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A92000000001}" = Adobe Reader 9.2 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AFC454ED-A26F-4816-826B-C35129D82E1F}" = Fujitsu Siemens Computers Recovery
"{BAF227A2-E214-49E3-9137-94A300EA85BA}" = iPhone-Konfigurationsprogramm
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D765F1CE-5AE5-4C47-B134-AE58AC474740}" = OpenOffice.org 3.1
"{E6B28CE4-9D73-4B7D-9329-A0ED4855D686}" = FSC OSD Utility
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"1489-3350-5074-6281" = JDownloader 0.9
"3DataManager" = 3DataManager
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Canon MP280 series Benutzerregistrierung" = Canon MP280 series Benutzerregistrierung
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenuEX" = Canon Solution Menu EX
"DivX Setup" = DivX-Setup
"Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"FE5AE7DC-7B01-4263-A94C-B4526C276549_is1" = iPhone Explorer
"FE5AE7DC-7B01-4263-A94C-B4526C276550_is1" = iDevice Manager
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free RAR Extract Frog" = Free RAR Extract Frog
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.32
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Huawei Modems" = Huawei modem
"InstallShield_{E6B28CE4-9D73-4B7D-9329-A0ED4855D686}" = FSC OSD Utility
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"MP Navigator EX 4.0" = Canon MP Navigator EX 4.0
"Picasa2" = Picasa 2
"Shockwave" = Shockwave
"Smart Bro" = Smart Bro
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.0.2
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 22.02.2012 13:28:18 | Computer Name = Leo-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 22.02.2012 13:28:18 | Computer Name = Leo-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1450
Error - 22.02.2012 13:28:18 | Computer Name = Leo-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1450
Error - 22.02.2012 13:28:19 | Computer Name = Leo-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 22.02.2012 13:28:19 | Computer Name = Leo-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2464
Error - 22.02.2012 13:28:19 | Computer Name = Leo-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2464
Error - 22.02.2012 13:28:20 | Computer Name = Leo-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 22.02.2012 13:28:20 | Computer Name = Leo-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 3619
Error - 22.02.2012 13:28:20 | Computer Name = Leo-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3619
Error - 29.02.2012 13:12:55 | Computer Name = Leo-PC | Source = WinMgmt | ID = 10
Description =
Error - 02.03.2012 04:17:59 | Computer Name = Leo-PC | Source = WinMgmt | ID = 10
Description =
[ OSession Events ]
Error - 05.02.2011 07:02:20 | Computer Name = Leo-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.6425.1000. This session lasted 488
seconds with 480 seconds of active time. This session ended with a crash.
Error - 09.01.2012 12:41:11 | Computer Name = Leo-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1374
seconds with 960 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 28.08.2012 08:46:38 | Computer Name = Leo-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 28.08.2012 08:46:38 | Computer Name = Leo-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 28.08.2012 08:46:38 | Computer Name = Leo-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 28.08.2012 08:46:38 | Computer Name = Leo-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 28.08.2012 08:46:38 | Computer Name = Leo-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 28.08.2012 08:46:38 | Computer Name = Leo-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 28.08.2012 08:46:38 | Computer Name = Leo-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 28.08.2012 08:46:38 | Computer Name = Leo-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 28.08.2012 08:46:38 | Computer Name = Leo-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 28.08.2012 08:46:54 | Computer Name = Leo-PC | Source = Service Control Manager | ID = 7001
Description =
< End of report >
Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit quick scan 2012-08-28 15:49:43
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST9250827AS rev.3.AAA
Running: m3qcmr2n.exe; Driver: C:\Users\Leo\AppData\Local\Temp\ufldapow.sys
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)
---- EOF - GMER 1.0.15 ----
Ich hoffe ich hab alles richtig gemacht soweit. Vielen Dank im voraus. mfg Leo |
| Themen zu Polizei Trojaner Österreich eingefangen |
| adobe, bho, bonjour, browser, converter, defender, error, excel, firefox, flash player, format, google earth, home, homepage, jdownloader, logfile, mp3, norman, office 2007, picasa, realtek, registry, rundll, scan, software, svchost.exe, trojaner, udp, vista |
Baum-Darstellung