Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Dtcontx.F und CI.A (Panda) hartnäckig auf Win7 Starter (Asus eee PC)

Dtcontx.F und CI.A (Panda) hartnäckig auf Win7 Starter (Asus eee PC)


Log-Analyse und Auswertung: Dtcontx.F und CI.A (Panda) hartnäckig auf Win7 Starter (Asus eee PC)

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 19.07.2013, 16:40   #1
fchen
 
Dtcontx.F und CI.A (Panda) hartnäckig auf Win7 Starter (Asus eee PC) - Standard

Dtcontx.F und CI.A (Panda) hartnäckig auf Win7 Starter (Asus eee PC)


Hallo!

Rechner: Win7 Starter auf Asus Eee PC Seashell
Problem:
Panda Cloud hat vor 2 Tagen den Trojaner "Dtcontx.F" gemeldet. Darauf habe ich den Rechner erstmal runtergefahren.
Heute wollte ich das Problem angehen und fahre den Rechner hoch. Panda meldet, der Trojaner sei gelöscht, meldet aber bereits erneut denselben Trojaner. Um den Trojaner zu löschen, meldet Panda, muss der Rechner neu gestartet werden.

Zwischenzeitlich war ich hier auf dem Board gelandet und habe die OLT- und Gmer-Scans gestartet, mit den geforderten Neustarts des Rechners. Direkt nach den Neustarts wurden von Panda der Dcontx.F und dann auch noch der CI.A gemeldet.
Dies ist der Staus quo.
Die beschriebene Historie ist im angehängten Panda-Report ersichtlich.
Was ir darin auffällt: Die betroffenen Dateien sind immer im Verzeichnis C:\Users\<user> wobei <user> länge als 8 Zeichen ist. Beim Eintrag 19.07.2013 12:53:11 wurde der Username jedoch auf 8 Zeichen, bzw. auf 6 Zeich mit angehängtem "~1" gekürzt. Diesen Pfad gibt es jedoch nicht auf dem Rechner.

Hier die geforderten Scans:
Ich habe überall den Usernamen durch <user> ersetzt.

OLT.txt
Code:
ATTFilter
OTL logfile created on: 19.07.2013 13:44:19 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\<user>\Desktop
 Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,99 Gb Total Physical Memory | 0,83 Gb Available Physical Memory | 41,46% Memory free
3,98 Gb Paging File | 2,86 Gb Available in Paging File | 71,83% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 100,00 Gb Total Space | 63,32 Gb Free Space | 63,32% Space Free | Partition Type: NTFS
Drive D: | 183,07 Gb Total Space | 182,96 Gb Free Space | 99,94% Space Free | Partition Type: NTFS
Drive E: | 30,83 Mb Total Space | 13,12 Mb Free Space | 42,55% Space Free | Partition Type: FAT
Drive W: | 5,00 Gb Total Space | 3,93 Gb Free Space | 78,55% Space Free | Partition Type: FAT32
 
Computer Name: PORTABLE-IK | User Name: <user> | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.07.19 12:59:22 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\<user>\Desktop\OTL.exe
PRC - [2012.11.30 04:55:25 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2012.11.23 04:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012.09.05 12:23:49 | 000,453,552 | ---- | M] (LaCie) -- C:\Users\<user>\AppData\Roaming\Wuala\Wuala.exe
PRC - [2012.07.13 07:15:56 | 000,037,152 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe
PRC - [2012.07.13 07:15:56 | 000,036,640 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAService.exe
PRC - [2012.07.13 06:57:41 | 000,140,064 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe
PRC - [2012.03.19 10:51:36 | 000,217,256 | ---- | M] (Panda Security) -- C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filtering.exe
PRC - [2012.01.03 17:31:34 | 001,391,272 | ---- | M] (Ask) -- C:\Program Files\Ask.com\Updater\Updater.exe
PRC - [2011.10.01 08:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011.10.01 08:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011.03.23 21:33:00 | 000,045,448 | ---- | M] () -- C:\ExpressGateUtil\VAWinAgent.exe
PRC - [2011.03.11 03:05:54 | 001,095,080 | ---- | M] (AsusTek Computer Inc.) -- C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe
PRC - [2011.03.04 01:33:20 | 000,101,288 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\ASUS\HotkeyService\HotKeyMon.exe
PRC - [2011.03.04 01:33:14 | 000,224,680 | ---- | M] () -- C:\Windows\System32\AsusService.exe
PRC - [2011.03.04 01:33:12 | 001,252,272 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\ASUS\HotkeyService\HotkeyService.exe
PRC - [2011.02.25 19:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011.01.12 17:22:26 | 000,091,464 | ---- | M] () -- C:\ExpressGateUtil\VAWinService.exe
PRC - [2010.11.15 21:27:22 | 000,445,344 | ---- | M] (ASUS) -- C:\Program Files\ASUS\CapsHook\CapsHook.exe
PRC - [2010.11.15 21:25:36 | 000,412,600 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\ASUS\SHE\SuperHybridEngine.exe
PRC - [2010.07.19 21:26:00 | 000,370,480 | ---- | M] (syncables, LLC) -- C:\Program Files\syncables\syncables desktop\syncables.exe
PRC - [2010.07.19 21:26:00 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\syncables\syncables desktop\jre\bin\javaw.exe
PRC - [2010.05.21 22:42:48 | 002,839,840 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
PRC - [2010.05.21 22:42:48 | 000,828,704 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2010.05.21 22:42:48 | 000,652,576 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
PRC - [2010.04.13 09:32:40 | 000,548,744 | ---- | M] (ELAN Microelectronic Corp.) -- C:\Program Files\Elantech\ETDCtrl.exe
PRC - [2010.04.07 07:16:52 | 001,599,880 | ---- | M] (ELAN Microelectronic Corp.) -- C:\Program Files\Elantech\ETDCtrlHelper.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.07.16 23:12:38 | 001,670,144 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\46e5c98ee0b6840ffbc7875ec30e6b38\Microsoft.VisualBasic.ni.dll
MOD - [2013.07.16 19:04:32 | 012,436,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\178644ab40108f3becd8b91049a254c3\System.Windows.Forms.ni.dll
MOD - [2013.07.16 19:03:52 | 001,593,344 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\bfa7a95284aec941f4b03bae0debe07c\System.Drawing.ni.dll
MOD - [2013.07.16 19:02:14 | 005,464,064 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\32066405eb9ab14056b2af3115d2a6de\System.Xml.ni.dll
MOD - [2013.07.16 19:01:58 | 000,978,432 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\9e24b9ffd816c0c90efc4d3fc9fd745f\System.Configuration.ni.dll
MOD - [2013.07.16 19:01:55 | 007,989,760 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\187c13e8967097d2ed1e5f123e7d890a\System.ni.dll
MOD - [2013.07.16 19:01:26 | 011,499,520 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll
MOD - [2013.07.16 09:13:55 | 000,043,520 | ---- | M] () -- C:\Users\<user>\AppData\Local\Wuala\Program0\lib.443\proxy_util_w32.dll
MOD - [2013.07.16 08:34:47 | 000,949,426 | ---- | M] () -- C:\Users\<user>\AppData\Local\Wuala\Program0\lib.443\jnotify.dll
MOD - [2013.07.16 08:33:54 | 000,165,376 | ---- | M] () -- C:\Users\<user>\AppData\Local\Wuala\Program0\lib.443\orangevolt-4n-1.1.2.dll
MOD - [2013.07.16 08:33:49 | 000,370,688 | ---- | M] () -- C:\Users\<user>\AppData\Local\Wuala\Program0\lib.443\jcbfs3.dll
MOD - [2012.09.05 09:59:24 | 000,043,520 | ---- | M] () -- C:\Users\<user>\AppData\Local\Temp\proxy_util_w32.dll
MOD - [2011.03.23 21:33:00 | 000,045,448 | ---- | M] () -- C:\ExpressGateUtil\VAWinAgent.exe
MOD - [2010.09.02 13:08:00 | 000,118,784 | ---- | M] () -- C:\PROGRA~1\ASUS\ASUSWE~1\30108~1.222\ASUSWS~1.DLL
MOD - [2010.05.21 22:42:58 | 000,132,384 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2013.06.12 15:13:27 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.05.27 06:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2012.07.14 02:13:54 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.07.13 07:15:56 | 000,036,640 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAService.exe -- (PSUAService)
SRV - [2012.07.13 06:57:41 | 000,140,064 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe -- (NanoServiceMain)
SRV - [2011.10.01 08:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011.10.01 08:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011.03.04 01:33:14 | 000,224,680 | ---- | M] () [Auto | Running] -- C:\Windows\System32\AsusService.exe -- (AsusService)
SRV - [2011.03.02 06:23:36 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011.02.25 19:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2011.01.12 17:22:26 | 000,091,464 | ---- | M] () [Auto | Running] -- C:\ExpressGateUtil\VAWinService.exe -- (VideAceWindowsService)
SRV - [2010.05.21 22:42:48 | 000,652,576 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [File_System | Disabled | Running] -- system32\Drivers\PsBoot.sys -- (PsBoot)
DRV - [2012.07.13 07:02:16 | 000,174,632 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\PSINKNC.sys -- (PSINKNC)
DRV - [2012.07.13 07:02:16 | 000,120,872 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\PSINProt.sys -- (PSINProt)
DRV - [2012.07.13 07:02:16 | 000,114,216 | ---- | M] (Panda Security, S.L.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\PSINProc.sys -- (PSINProc)
DRV - [2012.07.13 07:02:15 | 000,148,520 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\PSINAflt.sys -- (PSINAflt)
DRV - [2012.07.13 07:02:15 | 000,103,464 | ---- | M] (Panda Security, S.L.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\PSINFile.sys -- (PSINFile)
DRV - [2012.07.12 11:18:32 | 000,206,632 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\NNSStrm.sys -- (NNSSTRM)
DRV - [2012.06.27 15:51:07 | 000,092,840 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\NNStlsc.sys -- (NNSTLSC)
DRV - [2012.06.27 15:51:06 | 000,286,376 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\NNSProt.sys -- (NNSPROT)
DRV - [2012.06.27 15:51:06 | 000,153,000 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\NNSPrv.sys -- (NNSPRV)
DRV - [2012.06.27 15:51:06 | 000,106,536 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\NNSSmtp.sys -- (NNSSMTP)
DRV - [2012.06.27 15:51:05 | 000,104,104 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\NNSPop3.sys -- (NNSPOP3)
DRV - [2012.06.27 15:51:05 | 000,060,968 | ---- | M] (Panda Security, S.L.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\NNSPihsw.sys -- (NNSPIHSW)
DRV - [2012.06.27 15:51:04 | 000,122,664 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\NNSIds.sys -- (NNSIDS)
DRV - [2012.06.27 15:51:04 | 000,093,992 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\NNSpicc.sys -- (NNSPICC)
DRV - [2012.06.27 15:51:04 | 000,028,712 | ---- | M] (Panda Security, S.L.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\NNSNAHSL.sys -- (NNSNAHSL)
DRV - [2012.06.27 15:51:03 | 000,120,744 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\NNSHttp.sys -- (NNSHTTP)
DRV - [2012.06.27 15:51:03 | 000,082,472 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\NNSAlpc.sys -- (NNSALPC)
DRV - [2012.04.09 16:27:34 | 000,299,024 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\cbfs3.sys -- (cbfs3)
DRV - [2011.10.01 08:30:42 | 000,019,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol)
DRV - [2011.10.01 08:30:40 | 000,021,864 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir)
DRV - [2011.10.01 08:30:38 | 000,194,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay)
DRV - [2011.10.01 08:30:36 | 000,579,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs)
DRV - [2011.03.10 18:04:57 | 000,046,280 | ---- | M] (Panda Security) [Kernel | On_Demand | Unknown] -- C:\Windows\System32\drivers\PSKMAD.sys -- (PSKMAD)
DRV - [2010.11.20 12:24:42 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 12:24:42 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2010.09.27 09:23:58 | 000,068,208 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C)
DRV - [2010.08.03 07:20:56 | 000,011,832 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\AsUpIO.sys -- (AsUpIO)
DRV - [2010.06.28 07:24:00 | 000,011,456 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\AsIO.sys -- (AsIO)
DRV - [2009.07.22 06:14:58 | 000,081,704 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wsvd.sys -- (wsvd)
DRV - [2009.07.20 11:29:40 | 000,013,880 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\kbfiltr.sys -- (kbfiltr)
DRV - [2009.07.14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009.07.14 00:02:46 | 001,096,704 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athr.sys -- (athr)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP07&src=IE-SearchBox
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://eeepc.asus.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP07&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = hxxp://www.google.com/search?ie=utf-8&oe=utf-8&rlz=1V4IPYX&q={searchTerms}
IE - HKCU\..\SearchScopes\{BB4AD99B-51CA-46A7-9BB3-AD5F7680E89D}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=4EB513DA-586A-4A91-AAA6-031BE75693A8&apn_sauid=4374B2D2-D1D9-43DB-9668-01F1287A8AD6
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "google.de"
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.23 23:10:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2012.07.23 23:10:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\<user>\AppData\Roaming\mozilla\Extensions
[2013.05.22 21:23:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\<user>\AppData\Roaming\mozilla\Firefox\Profiles\tmpnzboc.default\extensions
[2012.10.28 12:15:46 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Users\<user>\AppData\Roaming\mozilla\Firefox\Profiles\tmpnzboc.default\extensions\toolbar@ask.com
[2013.03.18 08:32:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2012.08.02 23:18:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012.10.28 12:04:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2012.07.14 02:15:45 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.07.14 03:02:55 | 000,001,525 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2012.07.14 03:02:55 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.07.14 03:02:55 | 000,000,935 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2012.07.14 03:02:55 | 000,001,166 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2012.07.14 03:02:55 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
[2012.07.14 03:02:55 | 000,001,121 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Panda Security Toolbar) - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll ()
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Panda Security Toolbar) - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll ()
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [ASUSPRP] C:\Program Files\ASUS\APRP\APRP.EXE (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [ASUSWebStorage] C:\Program Files\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe (ecareme)
O4 - HKLM..\Run: [CapsHook] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [Eee Docking] C:\Program Files\ASUS\Eee Docking\Eee Docking.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.)
O4 - HKLM..\Run: [HotkeyMon] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [HotkeyService] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [LiveUpdate] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [Panda Security URL Filtering] C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filtering.exe (Panda Security)
O4 - HKLM..\Run: [PSUAMain] C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe (Panda Security, S.L.)
O4 - HKLM..\Run: [SuperHybridEngine] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [VAWinAgent] C:\ExpressGateUtil\VAWinAgent.exe ()
O4 - HKCU..\Run: [Syncables] C:\Program Files\syncables\syncables desktop\Syncables.exe (syncables, LLC)
O4 - Startup: C:\Users\<user>\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Wuala.lnk = C:\Users\<user>\AppData\Roaming\Wuala\Wuala.exe (LaCie)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{51C5442E-A9A4-4DD4-AB72-FA16DDCC1BB9}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{89D62A12-4BBE-4A3F-BC9A-CAC796B28273}: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\System32\CbFsMntNtf3.dll (EldoS Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O22 - SharedTaskScheduler: {5FF49FE8-B332-4CB9-B102-FB6951629E55} - Virtual Storage Mount Notification - C:\Windows\System32\CbFsMntNtf3.dll (EldoS Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2030.01.01 13:50:16 | 000,000,000 | -HSD | C] -- C:\Boot
[2013.07.19 13:34:52 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\<user>\Desktop\OTL.exe
[2013.07.19 13:05:39 | 000,046,280 | ---- | C] (Panda Security) -- C:\windows\System32\drivers\PSKMAD.sys
[2013.07.16 19:11:05 | 000,000,000 | ---D | C] -- C:\Users\<user>\AppData\Roaming\Xafezye
[2013.07.16 19:11:05 | 000,000,000 | ---D | C] -- C:\Users\<user>\AppData\Roaming\Pywe
[2013.07.16 19:10:57 | 000,000,000 | ---D | C] -- C:\Users\<user>\AppData\Roaming\Viyh
[2013.07.16 19:10:57 | 000,000,000 | ---D | C] -- C:\Users\<user>\AppData\Roaming\Ifu
[2013.07.16 15:38:09 | 002,706,432 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mshtml.tlb
[2013.07.16 15:38:05 | 002,877,440 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jscript9.dll
[2013.07.16 15:38:04 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jsproxy.dll
[2013.07.16 15:38:03 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iesetup.dll
[2013.07.16 15:38:02 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieui.dll
[2013.07.16 15:38:00 | 000,493,056 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeeds.dll
[2013.07.16 15:38:00 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ie4uinit.exe
[2013.07.16 15:37:59 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iesysprep.dll
[2013.07.16 15:37:59 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\RegisterIEPKEYs.exe
[2013.07.16 15:37:59 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iernonce.dll
[2013.07.16 08:44:21 | 001,247,744 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\DWrite.dll
[2013.07.16 08:44:15 | 001,620,480 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WMVDECOD.DLL
[2013.07.16 08:44:11 | 000,509,440 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\qedit.dll
[2013.07.16 08:44:04 | 002,347,520 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\win32k.sys
 
========== Files - Modified Within 30 Days ==========
 
[2013.07.19 13:34:11 | 000,092,249 | ---- | M] () -- C:\Users\<user>\Desktop\Panda-Report.jpg
[2013.07.19 13:23:39 | 000,666,022 | ---- | M] () -- C:\windows\System32\perfh007.dat
[2013.07.19 13:23:39 | 000,627,864 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2013.07.19 13:23:39 | 000,133,944 | ---- | M] () -- C:\windows\System32\perfc007.dat
[2013.07.19 13:23:39 | 000,110,326 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2013.07.19 13:13:14 | 000,009,696 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.07.19 13:13:14 | 000,009,696 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.07.19 13:13:00 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2013.07.19 13:05:19 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013.07.19 13:05:12 | 1602,838,528 | -HS- | M] () -- C:\hiberfil.sys
[2013.07.19 13:00:16 | 000,377,856 | ---- | M] () -- C:\Users\<user>\Desktop\gmer_2.1.19163.exe
[2013.07.19 12:59:22 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\<user>\Desktop\OTL.exe
[2013.07.16 18:59:18 | 000,315,344 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
 
========== Files Created - No Company Name ==========
 
[2030.01.01 13:50:16 | 000,383,786 | RHS- | C] () -- C:\bootmgr
[2013.07.19 13:34:57 | 000,377,856 | ---- | C] () -- C:\Users\<user>\Desktop\gmer_2.1.19163.exe
[2013.07.19 13:34:09 | 000,092,249 | ---- | C] () -- C:\Users\<user>\Desktop\Panda-Report.jpg
[2012.11.05 10:16:47 | 000,434,176 | ---- | C] () -- C:\windows\System32\ZSHP1020.EXE
[2012.09.05 12:24:11 | 000,000,000 | ---- | C] () -- C:\ProgramData\0x0304A000.sfl
[2012.03.17 12:47:49 | 000,005,576 | ---- | C] () -- C:\windows\Language.ini
[2012.03.17 12:45:40 | 000,000,520 | ---- | C] () -- C:\windows\System32\drivers\RTEQEX0.dat
[2011.04.21 02:56:11 | 000,131,984 | ---- | C] () -- C:\ProgramData\FullRemove.exe
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >
Extras.txt:
Code:
ATTFilter
OTL Extras logfile created on: 19.07.2013 13:44:19 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\<user>\Desktop
 Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,99 Gb Total Physical Memory | 0,83 Gb Available Physical Memory | 41,46% Memory free
3,98 Gb Paging File | 2,86 Gb Available in Paging File | 71,83% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 100,00 Gb Total Space | 63,32 Gb Free Space | 63,32% Space Free | Partition Type: NTFS
Drive D: | 183,07 Gb Total Space | 182,96 Gb Free Space | 99,94% Space Free | Partition Type: NTFS
Drive E: | 30,83 Mb Total Space | 13,12 Mb Free Space | 42,55% Space Free | Partition Type: FAT
Drive W: | 5,00 Gb Total Space | 3,93 Gb Free Space | 78,55% Space Free | Partition Type: FAT32
 
Computer Name: PORTABLE-IK | User Name: <user> | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{A58E7306-2B16-433F-B710-E19B85524A0A}" = lport=8182 | protocol=6 | dir=in | name=java(tm) platform se binary | 
"{BA6DF6ED-66E8-4241-8E9E-991536B4990C}" = lport=5353 | protocol=17 | dir=in | name=java(tm) platform se binary | 
"{C5E3C9ED-BB47-432C-9821-0D3D264CF425}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{CA3E3652-B45B-4453-854C-8560416431CA}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{9DF15337-4E25-42D6-AFE8-E4F24E383B81}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{BAF7435B-578D-471D-BF62-6ECDEE6629E1}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | 
"{CA2F4121-A03B-4CCD-860D-E8B1FA42BFAF}" = dir=in | app=c:\program files\windows live\mesh\moe.exe | 
"{E575682C-AA9D-4F46-9E9C-1230B55CC593}" = protocol=17 | dir=in | app=c:\program files\panda security\panda security toolbar\dtuser.exe | 
"{F8849DB1-9DE1-4DE3-A193-853ED518DACF}" = protocol=6 | dir=in | app=c:\program files\panda security\panda security toolbar\dtuser.exe | 
"TCP Query User{14DD44EA-7689-4D13-9DE6-DC21D05612B9}C:\users\<user>\appdata\roaming\wuala\wuala.exe" = protocol=6 | dir=in | app=c:\users\<user>\appdata\roaming\wuala\wuala.exe | 
"TCP Query User{35DC0C5B-19E8-4793-BD48-F6298FD56D0A}C:\users\<user>\appdata\roaming\wuala\wuala.exe" = protocol=6 | dir=in | app=c:\users\<user>\appdata\roaming\wuala\wuala.exe | 
"TCP Query User{3F306CDF-929E-406A-AFFD-31C3D50AED00}C:\windows\system32\taskhost.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskhost.exe | 
"TCP Query User{847ECC4B-9EAE-4323-B299-D534D8BB3D52}C:\program files\syncables\syncables desktop\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\syncables\syncables desktop\jre\bin\javaw.exe | 
"TCP Query User{B461BADE-4366-44D1-9D63-955D30C4479F}C:\program files\syncables\syncables desktop\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\syncables\syncables desktop\jre\bin\javaw.exe | 
"TCP Query User{FFBD621D-3D73-4222-B97D-5F80A26324BE}C:\windows\system32\taskhost.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskhost.exe | 
"UDP Query User{0D4E388F-A537-4F69-BDED-29765BAA7D6B}C:\users\<user>\appdata\roaming\wuala\wuala.exe" = protocol=17 | dir=in | app=c:\users\<user>\appdata\roaming\wuala\wuala.exe | 
"UDP Query User{2439E76D-3AD4-498F-B4D2-6A88EA240817}C:\program files\syncables\syncables desktop\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\syncables\syncables desktop\jre\bin\javaw.exe | 
"UDP Query User{6F303378-AEF3-463E-85D8-340E99FDF9E6}C:\program files\syncables\syncables desktop\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\syncables\syncables desktop\jre\bin\javaw.exe | 
"UDP Query User{81D0E884-F0D2-4887-9CD0-14EC564D786F}C:\users\<user>\appdata\roaming\wuala\wuala.exe" = protocol=17 | dir=in | app=c:\users\<user>\appdata\roaming\wuala\wuala.exe | 
"UDP Query User{938E5072-52B7-436E-A6CF-D78182044B1C}C:\windows\system32\taskhost.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskhost.exe | 
"UDP Query User{BC4F4047-36C5-4D51-AC7B-223B5F8449E2}C:\windows\system32\taskhost.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskhost.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02602409-9189-4567-BC07-562605243B69}" = Windows Live Remote Client Resources
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0F1A2E4E-E2EE-4806-B7CE-356D83A3CDEB}" = Windows Live Family Safety
"{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources
"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
"{17780F99-A9DF-450B-81B3-6781B20A17A8}" = FontResizer
"{185AFA7A-F63E-450B-94AA-011CAC18090E}" = E-Cam
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}" = Bing Bar
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 21
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{294BF709-D758-4363-8D75-01479AD20927}" = Windows Live Family Safety
"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
"{2B4E24A0-A06F-488D-87D8-16738E5E1104}" = Windows Live Family Safety
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{341697D8-9923-445E-B42A-529E5A99CB7A}" = syncables desktop SE
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{36B0DC39-3282-40EB-8587-B875CE46C3A7}" = ExpressGateCloud
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{38E5A3B1-ADF1-47E0-8024-76310A30EB36}" = LiveUpdate
"{3A65A74A-5B6E-451A-92D8-50F1182BBE9A}" = Windows Live Remote Service Resources
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D0C22FA-96D7-4789-BC5B-991A5A99BFFA}" = Windows Live Messenger
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh
"{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack
"{41D6CED7-65E8-4EBB-BB1A-B45E2D8CF6D7}" = Windows Live Family Safety
"{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = WIDCOMM Bluetooth Software
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = CyberLink PowerRecover
"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
"{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B1EDAFC-B0EB-465F-886C-24FAC1BED2AC}" = Windows Live Remote Client Resources
"{4B5092B6-F231-4D18-83BC-2618B729CA45}" = CapsHook
"{4FCBCF89-1823-4D97-A6F2-0E8DD66E273A}" = Broadcom Wireless Network Adapter
"{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate for Eee PC
"{5CE74A57-75E8-43A9-9BAA-CB97A1A23043}" = Panda Cloud Antivirus
"{6057E21C-ABE9-4059-AE3E-3BEB9925E660}" = Windows Live Messenger
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A563426-3474-41C6-B847-42B39F1485B2}" = Windows Live Messenger
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71C0E38E-09F2-4386-9977-404D4F6640CD}" = Hotkey Service
"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common
"{749F674B-2674-47E8-879C-5626A06B2A91}" = InstantOn
"{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110209593}" = Chicken Invaders 2
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{845E0BCB-8C8D-4FAB-8588-AD5FFD156C95}" = Windows Live Remote Service Resources
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{88F08F98-12BC-4613-81A2-8F9B88CFC73E}" = Super Hybrid Engine
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}" = Ralink RT2860 Wireless LAN Card
"{90140000-006D-0407-0000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{99E77016-BCF2-48C8-9119-43ECF5815F65}" = AsusScreensaver
"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB93C51F-71F9-4A28-8134-FE1B5B9373E9}" = Windows Live Remote Service Resources
"{AC0628FF-532F-4800-91EC-40903B04682F}" = Windows Live Remote Service Resources
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.1 MUI
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C32CE55C-12BA-4951-8797-0967FDEF556F}" = Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}" = Windows Live Mesh ActiveX Control for Remote Connections
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D44AA979-47C2-4BC0-A860-09A54224EA44}_is1" = Game Park Console
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail
"{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials
"{DFDBE1F9-04CE-4645-BB6C-4590EABC7A9C}" = Windows Live Remote Client Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0CCBE54-9132-44E9-82DF-CD364AD5C22D}" = Windows Live Remote Client Resources
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety
"{F58C1D44-4AC9-48E8-9049-7A6CDFCB415C}" = LocaleMe
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FCFBA290-CB48-4AF1-A241-2685AEDEDD66}" = Windows Live Family Safety
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ASUS WebStorage" = ASUS WebStorage
"Eee Docking_is1" = Eee Docking 3.8.3
"Elantech" = ETDWare PS/2-x86 7.0.5.11_WHQL
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"InstallShield_{17780F99-A9DF-450B-81B3-6781B20A17A8}" = FontResizer
"InstallShield_{36B0DC39-3282-40EB-8587-B875CE46C3A7}" = ExpressGateCloud
"InstallShield_{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = CyberLink PowerRecover
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 14.0.1 (x86 en-GB)" = Mozilla Firefox 14.0.1 (x86 en-GB)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"Panda Security URL Filtering" = Panda Security URL Filtering
"Panda Universal Agent Endpoint" = Panda Cloud Antivirus
"pandasecuritytb" = Panda Security Toolbar
"Toolbar Cleaner" = Toolbar Cleaner 1.0
"WinLiveSuite" = Windows Live Essentials
"Wuala CBFS" = Wuala CBFS
"Wuala OverlayIcons" = Wuala OverlayIcons
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater
"Wuala" = Wuala
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 24.04.2013 13:27:45 | Computer Name = portable-IK | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: WINWORDC.EXE, Version: 14.0.6129.5000,
 Zeitstempel: 0x5082ffdf  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00690073  ID des fehlerhaften
 Prozesses: 0xe1c  Startzeit der fehlerhaften Anwendung: 0x01ce4110c7ceca3b  Pfad der
 fehlerhaften Anwendung: Q:\140066.deu\Office14\WINWORDC.EXE  Pfad des fehlerhaften
 Moduls: unknown  Berichtskennung: 46135fa4-ad04-11e2-8de2-742f68cef929
 
Error - 24.04.2013 14:25:40 | Computer Name = portable-IK | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe_LanmanServer, Version:
 6.1.7600.16385, Zeitstempel: 0x4a5bc100  Name des fehlerhaften Moduls: unknown, Version:
 0.0.0.0, Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00000000
ID
 des fehlerhaften Prozesses: 0x6ec  Startzeit der fehlerhaften Anwendung: 0x01ce411913675de9
Pfad
 der fehlerhaften Anwendung: C:\windows\system32\svchost.exe  Pfad des fehlerhaften
 Moduls: unknown  Berichtskennung: 5db053c6-ad0c-11e2-bf03-742f68cef929
 
Error - 05.05.2013 06:35:51 | Computer Name = portable-IK | Source = CVHSVC | ID = 100
Description = Nur zur Information.  (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
 DownloadLatest Failed: 
 
Error - 05.05.2013 14:23:18 | Computer Name = portable-IK | Source = CVHSVC | ID = 100
Description = Nur zur Information.  (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
 DownloadLatest Failed: 
 
Error - 05.05.2013 14:36:32 | Computer Name = portable-IK | Source = CVHSVC | ID = 100
Description = Nur zur Information.  (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
 DownloadLatest Failed: 
 
Error - 05.05.2013 14:49:38 | Computer Name = portable-IK | Source = CVHSVC | ID = 100
Description = Nur zur Information.  (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
 DownloadLatest Failed: 
 
Error - 15.05.2013 18:21:51 | Computer Name = portable-IK | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Panda_URL_Filtering.exe, Version:
 1.0.1.34, Zeitstempel: 0x4f58eb32  Name des fehlerhaften Moduls: ole32.dll, Version:
 6.1.7601.17514, Zeitstempel: 0x4ce7b96f  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00039342
ID
 des fehlerhaften Prozesses: 0x9a8  Startzeit der fehlerhaften Anwendung: 0x01ce51b9474ebd79
Pfad
 der fehlerhaften Anwendung: C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filtering.exe
Pfad
 des fehlerhaften Moduls: C:\windows\system32\ole32.dll  Berichtskennung: d6dc246a-bdad-11e2-9a2c-742f68cef929
 
Error - 09.06.2013 14:36:38 | Computer Name = portable-IK | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Panda_URL_Filtering.exe, Version:
 1.0.1.34, Zeitstempel: 0x4f58eb32  Name des fehlerhaften Moduls: ole32.dll, Version:
 6.1.7601.17514, Zeitstempel: 0x4ce7b96f  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00039342
ID
 des fehlerhaften Prozesses: 0xf3c  Startzeit der fehlerhaften Anwendung: 0x01ce653d4c36c5b8
Pfad
 der fehlerhaften Anwendung: C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filtering.exe
Pfad
 des fehlerhaften Moduls: C:\windows\system32\ole32.dll  Berichtskennung: 84d87a03-d133-11e2-b5bd-742f68cef929
 
Error - 18.06.2013 12:23:09 | Computer Name = portable-IK | Source = Application Hang | ID = 1002
Description = Programm WINWORDC.EXE, Version 0.0.0.0 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 2fc    Startzeit: 
01ce6c3d83ddff3a    Endzeit: 32    Anwendungspfad: Q:\140066.deu\Office14\WINWORDC.EXE    Berichts-ID:
 514d78e5-d833-11e2-bf2c-742f68cef929  
 
Error - 24.06.2013 02:16:00 | Computer Name = portable-IK | Source = CVHSVC | ID = 100
Description = Nur zur Information.  (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
 DownloadLatest Failed: 
 
[ System Events ]
Error - 10.02.2013 10:09:44 | Computer Name = portable-IK | Source = DCOM | ID = 10010
Description = 
 
Error - 14.02.2013 15:10:41 | Computer Name = portable-IK | Source = DCOM | ID = 10010
Description = 
 
Error - 15.02.2013 10:38:21 | Computer Name = portable-IK | Source = WMPNetworkSvc | ID = 866300
Description = 
 
Error - 16.02.2013 16:58:05 | Computer Name = portable-IK | Source = WMPNetworkSvc | ID = 866300
Description = 
 
Error - 18.02.2013 18:06:12 | Computer Name = portable-IK | Source = DCOM | ID = 10010
Description = 
 
Error - 18.02.2013 18:06:08 | Computer Name = portable-IK | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst btwdins erreicht.
 
Error - 21.02.2013 17:19:58 | Computer Name = portable-IK | Source = WMPNetworkSvc | ID = 866300
Description = 
 
Error - 22.02.2013 02:29:49 | Computer Name = portable-IK | Source = WMPNetworkSvc | ID = 866300
Description = 
 
Error - 27.02.2013 14:56:53 | Computer Name = portable-IK | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst Wlansvc erreicht.
 
Error - 27.02.2013 14:56:54 | Computer Name = portable-IK | Source = DCOM | ID = 10010
Description = 
 
 
< End of report >

Extras.txt:
Code:
ATTFilter
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-07-19 17:08:38
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 ST932032 rev.0003 298,09GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\<user>\AppData\Local\Temp\uwlyapow.sys


---- Kernel code sections - GMER 2.1 ----

.text           ntkrnlpa.exe!ZwRollbackEnlistment + 140D                                                                                                    820489F5 1 Byte  [06]
.text           ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                                                                      820821F2 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}

---- Devices - GMER 2.1 ----

Device                                                                                                                                                      Ntfs.sys

AttachedDevice                                                                                                                                              cbfs3.sys

Device                                                                                                                                                      fastfat.SYS
Device                                                                                                                                                      Sftfslh.sys
Device          \Driver\BTHUSB \Device\00000081                                                                                                             bthport.sys
Device          \Driver\BTHUSB \Device\00000083                                                                                                             bthport.sys

AttachedDevice  \FileSystem\fastfat \Fat                                                                                                                    fltmgr.sys
AttachedDevice  \FileSystem\fastfat \Fat                                                                                                                    cbfs3.sys

---- Registry - GMER 2.1 ----

Reg             HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{6B683E0E-1505-488C-8053-3C1301924246}\Linkage@Bind    \Device\{9D801AB8-362A-4915-AD1B-84C0AC6A3A91}?\Device\{CA81891F-7045-4EAE-8188-8A06668503F6}?\Device\{B3D35547-86CE-4B06-847B-4926F53EBD43}?\Device\{99D75C0B-9599-4D87-87A6-EC5FD64938B4}?
Reg             HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{6B683E0E-1505-488C-8053-3C1301924246}\Linkage@Route   "{9D801AB8-362A-4915-AD1B-84C0AC6A3A91}"?"{CA81891F-7045-4EAE-8188-8A06668503F6}"?"{B3D35547-86CE-4B06-847B-4926F53EBD43}"?"{99D75C0B-9599-4D87-87A6-EC5FD64938B4}"?
Reg             HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{6B683E0E-1505-488C-8053-3C1301924246}\Linkage@Export  \Device\TCPIP6TUNNEL_{9D801AB8-362A-4915-AD1B-84C0AC6A3A91}?\Device\TCPIP6TUNNEL_{CA81891F-7045-4EAE-8188-8A06668503F6}?\Device\TCPIP6TUNNEL_{B3D35547-86CE-4B06-847B-4926F53EBD43}?\Device\TCPIP6TUNNEL_{99D75C0B-9599-4D87-87A6-EC5FD64938B4}?
Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0025d3b2962e                                                                 
Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\742f68cef929                                                                 
Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\74f06da17155                                                                 
Reg             HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{CA81891F-7045-4EAE-8188-8A06668503F6}@InterfaceName                      isatap.{BEA210D1-39F4-4172-AA53-5BB79BEC0CF2}
Reg             HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{CA81891F-7045-4EAE-8188-8A06668503F6}@ReusableType                       0
Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0025d3b2962e (not active ControlSet)                                             
Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\742f68cef929 (not active ControlSet)                                             
Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\74f06da17155 (not active ControlSet)                                             
Reg             HKLM\SOFTWARE\Microsoft\Windows Search\UsnNotifier\Windows\Catalogs\SystemIndex@{346F58E0-7095-11E1-B959-806E6F6E6963}                      1957051552

---- EOF - GMER 2.1 ----

Schon mal vorab: DANKE!
Miniaturansicht angehängter Grafiken
Klicken Sie auf die Grafik für eine größere Ansicht Name: Panda-Report.jpg Hits: 211 Größe: 90,1 KB ID: 58041  

 

Themen zu Dtcontx.F und CI.A (Panda) hartnäckig auf Win7 Starter (Asus eee PC)
adobe, antivirus, bho, bingbar, defender, dtcontx.f, error, explorer, failed, firefox, flash player, format, install.exe, installation, logfile, microsoft office starter 2010, mozilla, plug-in, programm, proxy, realtek, registry, rundll, security, software, svchost.exe, temp, trojaner, tunnel, udp, windows, wlansvc


« "gesellschaft zur Verfügung von Urheberrechtsverletzungen" kein abgesicherter modus möglich | Stimmenvirus, BKA-Virus teilgelöscht?, Rechner friert ein »


Ähnliche Themen: Dtcontx.F und CI.A (Panda) hartnäckig auf Win7 Starter (Asus eee PC)


  1. Win7-Laptop von ASUS reagiert stark verzögert und hängt immer wieder
    Plagegeister aller Art und deren Bekämpfung - 14.04.2015 (11)
  2. Asus EeePC Netbook mit Windows 7 Starter, SP1, 32Bit startet nur noch im abgesicherten Modus
    Plagegeister aller Art und deren Bekämpfung - 03.04.2014 (7)
  3. Windows 7 Starter: SoftwareUpdater.Ui.exe
    Plagegeister aller Art und deren Bekämpfung - 11.01.2014 (13)
  4. GVU Virus auf Asus Netbook mit Win 7 starter / USB Start nicht möglich
    Log-Analyse und Auswertung - 22.09.2013 (5)
  5. GVU Trojaner auf Asus EEE PC Windows 7 Starter - FRST Scan
    Log-Analyse und Auswertung - 06.08.2013 (13)
  6. Trojan.zbot.FV und Spyware.zbot.-ED auf Netbook Asus Eee PC /Win7
    Plagegeister aller Art und deren Bekämpfung - 21.07.2013 (23)
  7. GVU Trojaner WIN7 HomePremium ASUS X53S
    Log-Analyse und Auswertung - 29.06.2013 (11)
  8. BKA-Trojaner auf Windows7 Starter
    Plagegeister aller Art und deren Bekämpfung - 16.04.2013 (4)
  9. Asus X64J (i5, Win7...) lahmt trotz Wiederherstellung
    Plagegeister aller Art und deren Bekämpfung - 06.04.2013 (9)
  10. Trj/Dtcontx.A - cgm.exe bzw. uninx84.exe
    Plagegeister aller Art und deren Bekämpfung - 13.03.2013 (10)
  11. BKA Trojaner 1.13 Windows 7 Starter
    Plagegeister aller Art und deren Bekämpfung - 27.09.2012 (7)
  12. Black screen of Death ASUS g53jw BIOS 211 win7 64bit
    Alles rund um Windows - 05.09.2012 (9)
  13. Neuaufsetzen von Netbook Asus - ohne CD Laufwerk - Windows 7 Starter
    Alles rund um Windows - 24.07.2012 (2)
  14. Win7 Starter Netbook durch GEMA Virus gesperrt.
    Plagegeister aller Art und deren Bekämpfung - 21.02.2012 (3)
  15. Ist Win7 Starter genau so sicher wie das normale Win7?
    Alles rund um Windows - 28.07.2011 (2)
  16. BKA Trojaner auf Netbook mit Win7 Starter
    Log-Analyse und Auswertung - 15.05.2011 (9)
  17. TR/Starter.E
    Plagegeister aller Art und deren Bekämpfung - 01.03.2006 (3)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Dtcontx.F und CI.A (Panda) hartnäckig auf Win7 Starter (Asus eee PC) - Hallo! Rechner: Win7 Starter auf Asus Eee PC Seashell Problem: Panda Cloud hat vor 2 Tagen den Trojaner "Dtcontx.F" gemeldet. Darauf habe ich den Rechner erstmal runtergefahren. Heute wollte ich - Dtcontx.F und CI.A (Panda) hartnäckig auf Win7 Starter (Asus eee PC)...
Archiv
Du betrachtest: Dtcontx.F und CI.A (Panda) hartnäckig auf Win7 Starter (Asus eee PC) auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130