GVU-trojaner
hallo wie den überschrieft ist der gvu trojaner
bedanke mich schon mals
otl txt: und extra: und Malwarebytes txt: Code:
OTL logfile created on: 05.09.2012 16:48:04 - Run 1
OTL by OldTimer - Version 3.2.61.0 Folder = C:\Users\lini\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,32 Gb Available Physical Memory | 65,94% Memory free
4,00 Gb Paging File | 3,37 Gb Available in Paging File | 84,22% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74,43 Gb Total Space | 52,35 Gb Free Space | 70,34% Space Free | Partition Type: NTFS
Computer Name: LINI-PC | User Name: lini | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\lini\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe (Adobe Systems, Inc.)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
========== Modules (No Company Name) ==========
MOD - C:\Programme\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\System32\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
MOD - C:\Programme\WinRAR\RarExt.dll ()
MOD - C:\Programme\ThinkPad\Utilities\GR\PWMRT32V.DLL ()
========== Services (SafeList) ==========
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (Bandoo Coordinator) -- C:\Programme\Bandoo\Bandoo.exe (Bandoo Media Inc.)
SRV - (DozeSvc) -- C:\Programme\ThinkPad\Utilities\DOZESVC.EXE (Lenovo.)
SRV - (PwmEWSvc) -- C:\Programme\ThinkPad\Utilities\PWMEWSVC.exe (Lenovo Group Limited)
SRV - (Power Manager DBC Service) -- C:\Programme\ThinkPad\Utilities\PWMDBSVC.exe (Lenovo)
SRV - (EvtEng) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV - (RegSrvc) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV - (SUService) -- C:\Programme\Lenovo\System Update\SUService.exe (Lenovo Group Limited)
SRV - (Lenovo.VIRTSCRLSVC) -- C:\Programme\Lenovo\VIRTSCRL\lvvsst.exe (Lenovo Group Limited)
SRV - (TPHKLOAD) -- C:\Programme\Lenovo\HOTKEY\tphkload.exe (Lenovo Group Limited)
SRV - (LENOVO.MICMUTE) -- C:\Programme\Lenovo\HOTKEY\micmute.exe (Lenovo Group Limited)
SRV - (TPHKSVC) -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV - (VGPU) -- System32\drivers\rdvgkmd.sys File not found
DRV - (tsusbhub) -- system32\drivers\tsusbhub.sys File not found
DRV - (Synth3dVsc) -- System32\drivers\synth3dvsc.sys File not found
DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (DozeHDD) -- C:\Windows\System32\drivers\DOZEHDD.SYS (Lenovo.)
DRV - (TPPWRIF) -- C:\Windows\System32\drivers\TPPWR32V.SYS (Lenovo Group Limited)
DRV - (smihlp) -- C:\Programme\ThinkVantage Fingerprint Software\smihlp.sys (Authentec Inc.)
DRV - (Shockprf) -- C:\Windows\System32\drivers\ApsX86.sys (Lenovo.)
DRV - (TPDIGIMN) -- C:\Windows\System32\drivers\ApsHM86.sys (Lenovo.)
DRV - (X6XSEx) -- C:\Programme\Free Ride Games\X6XSEx.sys (Exent Technologies Ltd.)
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (lenovo.smi) -- C:\Windows\System32\drivers\smiif32.sys (Lenovo Group Limited)
DRV - (TPM) -- C:\Windows\System32\drivers\tpm.sys (Microsoft Corporation)
DRV - (netw5v32) -- C:\Windows\System32\drivers\netw5v32.sys (Intel Corporation)
DRV - (psadd) -- C:\Windows\System32\drivers\psadd.sys (Lenovo (United States) Inc.)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=119&systemid=406&sr=0&q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 91 83 DE BB D9 B1 CC 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {9205C1C7-1C65-4C3A-BF0C-03A26FA982B7}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{9205C1C7-1C65-4C3A-BF0C-03A26FA982B7}: "URL" = hxxp://start.funmoods.com/results.php?f=4&a=wbst&q={searchTerms}
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=119&systemid=406&sr=0&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Search Results"
FF - prefs.js..browser.search.order.1: "Search Results"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de"
FF - prefs.js..extensions.enabledAddons: DivXWebPlayer@divx.com:2.0.2.039
FF - prefs.js..extensions.enabledAddons: fblayouts@hotlayouts2u.com:3.2.0
FF - prefs.js..extensions.enabledAddons: personas@christopher.beard:1.6.2
FF - prefs.js..keyword.URL: "hxxp://dts.search-results.com/sr?src=ffb&appid=119&systemid=406&sr=0&q="
FF - prefs.js..network.proxy.type: 4
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@exent.com/npExentCtl,version=7.0.0.0: C:\Program Files\Free Ride Games\npExentCtl.dll (Exent Technologies Ltd.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\lini\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.08.29 20:41:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\ffox@bandoo.com: C:\Users\lini\AppData\Roaming\Mozilla\Firefox\Profiles\qtbrly7d.default\extensions\ffox@bandoo.com [2012.01.26 22:27:53 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.08.29 20:41:35 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
[2012.06.27 21:44:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\lini\AppData\Roaming\mozilla\Extensions
[2012.07.25 09:26:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\lini\AppData\Roaming\mozilla\Firefox\Profiles\qtbrly7d.default\extensions
[2011.12.31 20:23:36 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\lini\AppData\Roaming\mozilla\Firefox\Profiles\qtbrly7d.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.01.26 22:27:53 | 000,000,000 | ---D | M] (Bandoo for Firefox) -- C:\Users\lini\AppData\Roaming\mozilla\Firefox\Profiles\qtbrly7d.default\extensions\ffox@bandoo.com
[2012.03.05 23:00:08 | 000,000,000 | ---D | M] (Funmoods.com) -- C:\Users\lini\AppData\Roaming\mozilla\Firefox\Profiles\qtbrly7d.default\extensions\ffxtlbr@funmoods.com
[2012.02.20 18:40:35 | 000,550,833 | ---- | M] () (No name found) -- C:\Users\lini\AppData\Roaming\mozilla\firefox\profiles\qtbrly7d.default\extensions\DivXWebPlayer@divx.com.xpi
[2011.12.17 13:23:14 | 000,010,560 | ---- | M] () (No name found) -- C:\Users\lini\AppData\Roaming\mozilla\firefox\profiles\qtbrly7d.default\extensions\fblayouts@hotlayouts2u.com.xpi
[2011.12.21 17:11:00 | 000,330,316 | ---- | M] () (No name found) -- C:\Users\lini\AppData\Roaming\mozilla\firefox\profiles\qtbrly7d.default\extensions\personas@christopher.beard.xpi
[2012.07.25 09:26:09 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\lini\AppData\Roaming\mozilla\firefox\profiles\qtbrly7d.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.03.13 20:19:17 | 000,002,045 | ---- | M] () -- C:\Users\lini\AppData\Roaming\mozilla\firefox\profiles\qtbrly7d.default\searchplugins\benefind.xml
[2012.03.05 22:59:28 | 000,001,798 | ---- | M] () -- C:\Users\lini\AppData\Roaming\mozilla\firefox\profiles\qtbrly7d.default\searchplugins\funmoods.xml
[2012.01.26 22:29:10 | 000,002,519 | ---- | M] () -- C:\Users\lini\AppData\Roaming\mozilla\firefox\profiles\qtbrly7d.default\searchplugins\Search_Results.xml
[2012.06.27 21:44:21 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.08.29 20:41:35 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.06.19 13:08:20 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.29 20:41:34 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.06.19 13:08:20 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.19 13:08:20 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.01.26 22:29:10 | 000,002,519 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml
[2012.06.19 13:08:20 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.19 13:08:20 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
========== Chrome ==========
CHR - homepage: hxxp://start.funmoods.com/?f=1&a=wbst
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://start.funmoods.com/?f=1&a=wbst
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.52\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.52\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.52\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\lini\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Bandoo (Enabled) = C:\Users\lini\AppData\Local\Google\Chrome\User Data\Default\Extensions\dloejdefkancmfajekobpfoacecnhpgp\1.0.0.0_0\ChromePlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Exent\u00AE AOD Gecko Plugin (Enabled) = C:\Program Files\Free Ride Games\npExentCtl.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 6 U32 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 6.0.320.5 (Enabled) = C:\Windows\system32\npdeployJava1.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\lini\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - Extension: Bandoo = C:\Users\lini\AppData\Local\Google\Chrome\User Data\Default\Extensions\dloejdefkancmfajekobpfoacecnhpgp\1.0.0.0_0\
CHR - Extension: Funmoods = C:\Users\lini\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdloijijlkoblmigdofommgnheckmaki\1.6.0_0\
CHR - Extension: Funmoods = C:\Users\lini\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdloijijlkoblmigdofommgnheckmaki\1.6.0_0\funmoods\
CHR - Extension: Fieldrunners = C:\Users\lini\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkpikhjbfbffdblahfidklcohlaeabak\1.0.0.5_0\
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (BandooIEPlugin Class) - {EB5CEE80-030A-4ED8-8E20-454E9C68380F} - C:\Programme\Bandoo\Plugins\IE\ieplugin.dll (Bandoo Media Inc.)
O2 - BHO: (Social Extras Plugin) - {FF4E1D1D-705B-4379-AB33-22D98C1ABF55} - C:\Programme\SocialExtras\socialx.dll (FBSkins.com)
O3 - HKLM\..\Toolbar: (no name) - !{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {99079a25-328f-4bd4-be04-00955acaa0a7} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [PSQLLauncher] C:\Program Files\ThinkVantage Fingerprint Software\launcher.exe (Authentec Inc.)
O4 - HKLM..\Run: [PWMTRV] C:\Programme\ThinkPad\Utilities\PWMTR32V.DLL (Lenovo Group Limited)
O4 - HKCU..\Run: [Facebook Update] C:\Users\lini\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [fectgmtutyhgsam] C:\ProgramData\fectgmtu.exe (Novatech)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\lini\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O13 - gopher Prefix: missing
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3BDDA0CA-AA8A-43F3-9C29-1BE71F3D290C}: DhcpNameServer = 192.168.178.1
O20 - AppInit_DLLs: (c:\progra~1\bandoo\bndhook.dll) - c:\Programme\Bandoo\BndHook.dll (Discordia Limited)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\psfus: DllName - (C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll) - C:\Programme\ThinkVantage Fingerprint Software\psqlpwd.dll (Authentec Inc.)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{1dffbd87-2ef2-11e1-a3ea-0016d32dba2e}\Shell - "" = AutoRun
O33 - MountPoints2\{1dffbd87-2ef2-11e1-a3ea-0016d32dba2e}\Shell\AutoRun\command - "" = E:\.\Autorun.exe AUTORUN=1
O33 - MountPoints2\{43e7a0ba-ae44-11e1-85ef-0016d32dba2e}\Shell - "" = AutoRun
O33 - MountPoints2\{43e7a0ba-ae44-11e1-85ef-0016d32dba2e}\Shell\AutoRun\command - "" = E:\USBAutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2012.09.05 16:44:59 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012.09.05 16:44:59 | 000,000,000 | ---D | C] -- C:\Users\lini\AppData\Roaming\Malwarebytes
[2012.09.05 16:44:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.09.05 16:44:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.09.05 16:44:46 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.09.05 16:44:46 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.09.05 16:41:01 | 000,599,040 | ---- | C] (OldTimer Tools) -- C:\Users\lini\Desktop\OTL.exe
[2012.09.05 16:29:27 | 000,000,000 | ---D | C] -- C:\ProgramData\arcbujbatfmzlyz
[2012.09.05 16:29:26 | 000,146,432 | ---- | C] (Novatech) -- C:\ProgramData\fectgmtu.exe
[2012.09.03 08:06:32 | 000,000,000 | ---D | C] -- C:\Users\lini\AppData\Roaming\PhotoScape
[2012.09.03 08:06:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotoScape
[2012.09.03 08:06:15 | 000,000,000 | ---D | C] -- C:\Program Files\PhotoScape
[2012.09.01 14:34:01 | 000,000,000 | ---D | C] -- C:\Users\lini\Desktop\Gotye-Making_Mirrors-2011-OZM - Kopie
[2012.08.19 14:28:09 | 000,000,000 | ---D | C] -- C:\Users\lini\Desktop\Neuer Ordner
[2012.08.17 12:56:15 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.08.16 13:29:01 | 000,627,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012.08.16 13:29:00 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.08.16 13:29:00 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.08.16 13:29:00 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.08.16 13:28:59 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.08.16 13:28:58 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012.08.16 13:28:56 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browcli.dll
========== Files - Modified Within 30 Days ==========
[2012.09.05 16:45:13 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012.09.05 16:44:48 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.09.05 16:42:31 | 000,643,628 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.09.05 16:42:31 | 000,606,992 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.09.05 16:42:31 | 000,126,188 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.09.05 16:42:31 | 000,103,370 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.09.05 16:41:03 | 000,599,040 | ---- | M] (OldTimer Tools) -- C:\Users\lini\Desktop\OTL.exe
[2012.09.05 16:37:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.09.05 16:37:57 | 1609,375,744 | -HS- | M] () -- C:\hiberfil.sys
[2012.09.05 16:29:27 | 000,076,346 | ---- | M] () -- C:\ProgramData\fjashyznlwteutv
[2012.09.05 16:28:54 | 000,146,432 | ---- | M] (Novatech) -- C:\ProgramData\fectgmtu.exe
[2012.09.05 16:09:00 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.09.05 15:53:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.09.05 13:52:16 | 000,001,134 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2337877463-2995840925-1545946237-1001UA.job
[2012.09.05 10:52:00 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2337877463-2995840925-1545946237-1001Core.job
[2012.09.05 10:38:44 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.09.05 10:38:44 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.09.05 10:33:40 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.09.03 08:15:07 | 000,003,072 | -H-- | M] () -- C:\Users\lini\Desktop\photothumb.db
[2012.09.03 08:06:26 | 000,000,993 | ---- | M] () -- C:\Users\lini\Desktop\PhotoScape.lnk
[2012.08.30 10:14:01 | 000,292,696 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.08.15 20:42:05 | 000,003,754 | ---- | M] () -- C:\Users\lini\Desktop\Unbenannt 1.odt
[2012.08.15 13:53:11 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.08.15 13:53:11 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
========== Files Created - No Company Name ==========
[2012.09.05 16:44:48 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.09.05 16:28:54 | 000,076,346 | ---- | C] () -- C:\ProgramData\fjashyznlwteutv
[2012.09.03 08:15:07 | 000,003,072 | -H-- | C] () -- C:\Users\lini\Desktop\photothumb.db
[2012.09.03 08:06:26 | 000,000,993 | ---- | C] () -- C:\Users\lini\Desktop\PhotoScape.lnk
[2012.08.30 10:13:31 | 000,292,696 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.01.12 13:56:32 | 000,000,036 | ---- | C] () -- C:\Users\lini\AppData\Local\housecall.guid.cache
[2012.01.01 21:30:29 | 000,000,064 | ---- | C] () -- C:\Windows\GPlrLanc.dat
[2011.12.04 15:56:34 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011.12.04 15:55:04 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011.12.03 19:21:08 | 001,048,576 | ---- | C] () -- C:\Windows\System32\syndata.bin
< End of report >
extra: Code:
OTL Extras logfile created on: 05.09.2012 16:48:04 - Run 1
OTL by OldTimer - Version 3.2.61.0 Folder = C:\Users\lini\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,32 Gb Available Physical Memory | 65,94% Memory free
4,00 Gb Paging File | 3,37 Gb Available in Paging File | 84,22% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74,43 Gb Total Space | 52,35 Gb Free Space | 70,34% Space Free | Partition Type: NTFS
Computer Name: LINI-PC | User Name: lini | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{091BFF09-DAC7-4445-B781-81A8F6871EF5}" = rport=138 | protocol=17 | dir=out | app=system |
"{0D849BD3-EC90-4E2D-989B-93A911CD4F72}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{18549716-986A-455A-BC0B-0CDAE13937BD}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{22142436-8F50-4DFB-A257-A13CC68A5E06}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3108F826-7FE5-4D10-98A2-CE63BCCE85CB}" = rport=10243 | protocol=6 | dir=out | app=system |
"{461BAC66-A9DC-4093-92B9-B30FCC3E7B9A}" = rport=137 | protocol=17 | dir=out | app=system |
"{5D274EF5-35D9-4D55-84FA-BAA1FE2A9194}" = lport=138 | protocol=17 | dir=in | app=system |
"{6BF209B6-9A76-44D6-ACC8-FF327A5ED6E6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6D066805-C356-4AC0-BFBE-B3C4FCB155C4}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6FBB588C-A652-4455-B146-A857F7B49095}" = lport=10243 | protocol=6 | dir=in | app=system |
"{74809A4F-A74D-4343-8995-85B45AAB316F}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{74A26A7D-60CC-4B16-B155-383BD304FD35}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{87D36963-90FD-4980-B817-D207DA9FE581}" = rport=445 | protocol=6 | dir=out | app=system |
"{95C888E2-5442-450D-9856-29A313FADD1F}" = lport=2869 | protocol=6 | dir=in | app=system |
"{97D6B3D9-21D4-4126-AF26-797610E6D8D1}" = lport=445 | protocol=6 | dir=in | app=system |
"{A85244FF-3AA3-47A2-BF32-F2005EA6505E}" = rport=139 | protocol=6 | dir=out | app=system |
"{B515091D-81D6-4638-9D31-19B7C6296949}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{D11FA9C6-3463-4F65-9FFC-C9E45362EC3C}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D706F7F1-6A10-47B8-8E6A-4B30B9328F28}" = lport=137 | protocol=17 | dir=in | app=system |
"{DE25FBA9-FDAF-46F5-ABBB-B6BF1A37263B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{E6F18CEF-945E-4A00-A935-6E8D3FEB9D46}" = lport=139 | protocol=6 | dir=in | app=system |
"{F2786091-A885-48A3-AD7E-26563E72D54A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F799B905-E265-46BD-96A8-E1160821753B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{056A0934-80D3-4FDF-9361-E1072F163AF1}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{130586D6-338C-4A3F-8A6C-34D7644450E6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{19C9F701-4021-4509-A549-164B836A96F7}" = protocol=6 | dir=in | app=c:\program files\lenovo\system update\uncserver.exe |
"{21442CD9-E368-4B8B-BD6C-012782375F75}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{28D0381C-47D0-4BFA-B055-82BF67F66E51}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2A5547D8-255D-4CC5-AB57-B6F63B06F1D7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{475419C7-A457-4528-80C8-AFC0A44FD039}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{559D97AF-21AA-4D1C-92E5-2DFA38C3D22D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{578CBCD8-DC07-40B5-85BA-D560F0D4128E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{5FFA4A73-9B81-4788-B7FF-22D774632C6B}" = dir=in | app=c:\users\lini\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{77D830F4-F307-4620-B171-903F3E901BD4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{86D1C9D3-AF1A-4566-B3E6-1057DC3BB38C}" = protocol=6 | dir=out | app=system |
"{8EBA6881-B45E-469E-89D4-5B089945C608}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{AEEC2EA8-DD21-4F88-8706-E12D203CB30B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{B052E846-D20E-480E-818A-994279E8B436}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{BBE7C8AD-4E47-4FCE-AF8F-647FF3D07BFA}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E1050445-CF6E-4CB7-9492-0138A3FEBB7C}" = protocol=17 | dir=in | app=c:\program files\lenovo\system update\uncserver.exe |
"{F460844D-D9B3-47D7-AD96-EE1018B978E7}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{F66F46D0-1FA8-4C1D-B50F-738BC4657C6F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{17CBC505-D1AE-459D-B445-3D2000A85842}" = Dienstprogramm "ThinkPad UltraNav"
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{24E92E7A-6848-4747-A3EA-3AAC0576BE52}" = Lenovo Patch Utility
"{25C64847-B900-48AD-A164-1B4F9B774650}" = System Update
"{25FBDA9A-E868-4B3B-B9FF-D923818511A1}" = Intel(R) PROSet/Wireless WiFi-Software
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{2B7BDADB-EC8C-4C54-B5DD-CE45A016D3A7}" = Free Ride Games Player
"{40034B11-149E-4310-AE89-BB575B02525B}" = LG Internet Kit
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage System für aktiven Festplattenschutz
"{47FDEFC7-BFE6-FD75-41D1-28DD572BD2D9}" = ATI Catalyst Install Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159
"{8D15E1B2-D2B7-4A17-B44B-D2DDE5981406}" = iLivid
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{C2938C94-239C-4156-B245-C5406A4F3E93}" = ThinkVantage Fingerprint Software
"{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}" = ThinkPad Energie-Manager
"{FA02ACAC-9E14-4878-A257-92A22A647C2C}" = LG USB Modem Drivers
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Bandoo" = Bandoo
"CCleaner" = CCleaner
"Google Chrome" = Google Chrome
"iLivid" = iLivid
"LENOVO.SMIIF" = Lenovo System Interface Driver
"LenovoAutoScrollUtility" = Lenovo Auto Scroll Utility
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Mozilla Firefox 15.0 (x86 de)" = Mozilla Firefox 15.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"OnScreenDisplay" = Anzeige am Bildschirm
"PhotoScape" = PhotoScape
"Power Management Driver" = ThinkPad Power Management Driver
"ProInst" = Intel PROSet Wireless
"SynTPDeinstKey" = ThinkPad UltraNav Driver
"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier
"WinRAR archiver" = WinRAR 4.10 (32-Bit)
"Zylom Games Player Plugin" = Zylom Games Player Plugin
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 23.08.2012 06:24:09 | Computer Name = lini-PC | Source = Windows Search Service | ID = 9002
Description =
Error - 23.08.2012 06:24:09 | Computer Name = lini-PC | Source = Windows Search Service | ID = 3029
Description =
Error - 23.08.2012 06:24:10 | Computer Name = lini-PC | Source = Windows Search Service | ID = 3029
Description =
Error - 23.08.2012 06:24:10 | Computer Name = lini-PC | Source = Windows Search Service | ID = 3028
Description =
Error - 23.08.2012 06:24:10 | Computer Name = lini-PC | Source = Windows Search Service | ID = 3058
Description =
Error - 23.08.2012 06:24:10 | Computer Name = lini-PC | Source = Windows Search Service | ID = 7010
Description =
Error - 24.08.2012 08:31:31 | Computer Name = lini-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: FlashPlayerPlugin_11_3_300_271.exe,
Version: 11.3.300.271, Zeitstempel: 0x5026ffac Name des fehlerhaften Moduls: unknown,
Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset:
0x106f48a0 ID des fehlerhaften Prozesses: 0x15e4 Startzeit der fehlerhaften Anwendung:
0x01cd81f1d39f0f8f Pfad der fehlerhaften Anwendung: C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe
Pfad
des fehlerhaften Moduls: unknown Berichtskennung: a18a9f6f-ede7-11e1-ba53-0016d32dba2e
Error - 24.08.2012 14:38:07 | Computer Name = lini-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: FlashPlayerPlugin_11_3_300_271.exe,
Version: 11.3.300.271, Zeitstempel: 0x5026ffac Name des fehlerhaften Moduls: unknown,
Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset:
0x06c4b960 ID des fehlerhaften Prozesses: 0x9b8 Startzeit der fehlerhaften Anwendung:
0x01cd8226ac3fcc30 Pfad der fehlerhaften Anwendung: C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe
Pfad
des fehlerhaften Moduls: unknown Berichtskennung: d83de71c-ee1a-11e1-ba53-0016d32dba2e
Error - 24.08.2012 14:43:31 | Computer Name = lini-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: FlashPlayerPlugin_11_3_300_271.exe,
Version: 11.3.300.271, Zeitstempel: 0x5026ffac Name des fehlerhaften Moduls: NPSWF32_11_3_300_271.dll,
Version: 11.3.300.271, Zeitstempel: 0x502701bf Ausnahmecode: 0xc0000005 Fehleroffset:
0x003159e3 ID des fehlerhaften Prozesses: 0x16e0 Startzeit der fehlerhaften Anwendung:
0x01cd82279e885f2f Pfad der fehlerhaften Anwendung: C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe
Pfad
des fehlerhaften Moduls: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll
Berichtskennung:
995dd576-ee1b-11e1-ba53-0016d32dba2e
Error - 03.09.2012 15:18:32 | Computer Name = lini-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 15.0.0.4619 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 534 Startzeit:
01cd8998ce9af780 Endzeit: 304 Anwendungspfad: C:\Program Files\Mozilla Firefox\firefox.exe
Berichts-ID:
2174a0c4-f5fc-11e1-bf48-0016d32dba2e
[ System Events ]
Error - 06.05.2012 09:44:04 | Computer Name = lini-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 06.05.2012 09:44:04 | Computer Name = lini-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 06.05.2012 09:44:04 | Computer Name = lini-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 06.05.2012 09:44:04 | Computer Name = lini-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 09.05.2012 11:20:13 | Computer Name = lini-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst Netman erreicht.
Error - 12.05.2012 06:50:41 | Computer Name = lini-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst lmhosts erreicht.
Error - 25.05.2012 10:59:24 | Computer Name = lini-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst ShellHWDetection erreicht.
Error - 25.05.2012 10:59:26 | Computer Name = lini-PC | Source = DCOM | ID = 10010
Description =
Error - 30.05.2012 18:25:09 | Computer Name = lini-PC | Source = Service Control Manager | ID = 7043
Description = Der Dienst Windows Update konnte nach dem Empfang eines Preshutdown-Steuerelements
nicht richtig heruntergefahren werden.
Error - 02.06.2012 22:30:42 | Computer Name = lini-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Windows-Zeitgeber" wurde mit folgendem Fehler beendet:
%%1115
< End of report >
male.: Code:
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org
Datenbank Version: v2012.09.09.01
Windows 7 Service Pack 1 x86 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 8.0.7601.17514
lini :: LINI-PC [Administrator]
09.09.2012 11:54:21
mbam-log-2012-09-09 (11-54-21).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 253007
Laufzeit: 26 Minute(n), 57 Sekunde(n)
Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Dateien: 2
C:\Users\lini\AppData\Local\Temp\wgsdgsdgdsgsd.exe (Exploit.Drop.GS) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\lini\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk (Trojan.Ransom.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.
(Ende)
|
