![]() |
|
Plagegeister aller Art und deren Bekämpfung: Cyber Crime Investigation Department VirusWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
![]() | #1 |
| ![]() Cyber Crime Investigation Department Virus Hallo! Mein PC (Win 7) hat sich heute den hier schon in einigen Themen angesprochenen Virus mit der Meldung "Cyber Crime Investigation Department" in der österreichischen Version eingefangen. Die erschienene Meldung sperrt meinen PC und fordert zur Zahlung von 100 Euro mittels Paypal auf. ![]() ![]() ![]() Bevor ich auf dieses Forum hier gestoßen bin, habe ich schon entsprechend einer anderen Anleitung aus dem Web im geschützten Modus einen Scan mit Malwarebytes Anti-Malware durchgeführt. Dabei wurden zwei infizierte Dateien gefunden und in Quarantäne verschoben. Anschließend ließ sich der Rechner wieder problemlos starten, es gibt keine offensichtlichen Fehlfunktionen mehr Nun bin ich mir nicht ganz sicher ob schon alles wieder in Ordung ist oder doch noch zusätzlich etwas zu tun ist. Hier die Logs in der Reihenfolge wie ich die Scans durchgeführt habe: Malwarebytes Anti-Malware : Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.08.31.09 Windows 7 Service Pack 1 x86 NTFS (Abgesichertenmodus/Netzwerkfähig) Internet Explorer 9.0.8112.16421 User :: PABLO [Administrator] Schutz: Deaktiviert 31.08.2012 18:54:04 mbam-log-2012-08-31 (18-54-04).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 565643 Laufzeit: 1 Stunde(n), 24 Minute(n), 48 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 2 C:\Users\User\AppData\Local\Temp\roper0dun.exe (Exploit.Drop.GS) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk (Trojan.Ransom.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Code:
ATTFilter OTL logfile created on: 31.08.2012 20:39:05 - Run 1 OTL by OldTimer - Version 3.2.59.1 Folder = C:\Users\User\Desktop Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 1,87 Gb Total Physical Memory | 1,13 Gb Available Physical Memory | 60,41% Memory free 3,75 Gb Paging File | 2,67 Gb Available in Paging File | 71,15% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 156,63 Gb Total Space | 65,10 Gb Free Space | 41,57% Space Free | Partition Type: NTFS Drive D: | 309,11 Gb Total Space | 28,75 Gb Free Space | 9,30% Space Free | Partition Type: NTFS Computer Name: PABLO | User Name: User | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.08.31 20:36:53 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe PRC - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.07.03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2011.06.24 06:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2011.04.14 12:23:18 | 003,133,704 | ---- | M] (Evgeny Lachinov) -- C:\Program Files\Wild Media Server\wmssvc.exe PRC - [2010.11.20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010.06.03 02:50:58 | 001,144,104 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe PRC - [2010.05.16 16:58:21 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2010.05.10 09:23:08 | 000,958,464 | ---- | M] () -- C:\Programme\BirdieSync\BirdieSync.exe PRC - [2010.04.15 12:51:02 | 000,261,256 | ---- | M] (NovaStor) -- C:\Program Files\NovaStor\NovaStor NovaBACKUP\nsService.exe PRC - [2010.03.04 23:38:00 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe PRC - [2010.03.02 10:28:23 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2010.02.24 09:28:01 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2010.02.03 13:57:56 | 000,389,120 | R--- | M] (Teleca) -- C:\Program Files\HTC\HTC Sync\ClientInitiatedStarter\ClientInitiatedStarter.exe PRC - [2010.01.14 21:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2009.12.11 14:50:34 | 000,557,056 | R--- | M] (Teleca AB) -- C:\Program Files\Common Files\Teleca Shared\Generic.exe PRC - [2009.11.19 16:19:48 | 000,598,016 | R--- | M] (Teleca Sweden AB) -- C:\Program Files\HTC\HTC Sync\Application Launcher\Application Launcher.exe PRC - [2009.11.11 15:17:02 | 000,771,360 | ---- | M] (Apple Inc.) -- C:\Programme\AirPort\APAgent.exe PRC - [2009.10.14 13:36:56 | 002,793,304 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe PRC - [2009.10.14 13:34:18 | 000,560,472 | ---- | M] () -- C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe PRC - [2009.10.07 01:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe PRC - [2009.09.29 12:29:00 | 000,356,352 | R--- | M] (Teleca Sweden AB) -- C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\DbgOut.exe PRC - [2009.09.29 12:28:26 | 001,011,712 | R--- | M] (Teleca Sweden AB) -- C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\epmworker.exe PRC - [2009.09.29 12:03:26 | 000,253,952 | R--- | M] (TODO: <Company name>) -- C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\FsynSrvStarter.exe PRC - [2009.09.29 12:03:02 | 000,462,848 | R--- | M] (Teleca AB) -- C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\HTCVBTServer.exe PRC - [2009.06.03 09:25:16 | 000,106,496 | R--- | M] (Popwire AB) -- C:\Program Files\Common Files\Teleca Shared\logger.exe PRC - [2009.05.15 12:36:50 | 000,251,184 | R--- | M] (BUFFALO INC.) -- C:\Program Files\BUFFALO\NASNAVI\nassvc.exe PRC - [2009.05.15 12:36:48 | 000,206,128 | R--- | M] (BUFFALO INC.) -- C:\Program Files\BUFFALO\NASNAVI\nassche.exe PRC - [2009.04.14 12:14:26 | 000,139,264 | ---- | M] (Teleca Sweden AB) -- C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe PRC - [2008.11.09 22:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Programme\Yahoo!\SoftwareUpdate\YahooAUService.exe PRC - [2006.11.03 09:56:28 | 000,920,576 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe ========== Modules (No Company Name) ========== MOD - [2011.06.24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011.06.24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2010.06.03 02:51:08 | 000,095,528 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll MOD - [2010.06.03 02:50:58 | 001,144,104 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe MOD - [2010.05.10 09:23:08 | 000,958,464 | ---- | M] () -- C:\Programme\BirdieSync\BirdieSync.exe MOD - [2010.02.10 18:08:38 | 000,237,361 | R--- | M] () -- C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\fsync.dll MOD - [2010.02.10 18:08:38 | 000,237,361 | R--- | M] () -- C:\Program Files\HTC\HTC Sync\ClientInitiatedStarter\fsync.dll MOD - [2010.02.04 12:15:22 | 000,209,920 | ---- | M] () -- C:\Programme\BirdieSync\BirdieSync.Lib\QtSqlBirdie4.dll MOD - [2010.02.04 12:15:10 | 007,810,560 | ---- | M] () -- C:\Programme\BirdieSync\BirdieSync.Lib\QtGuiBirdie4.dll MOD - [2010.02.04 12:02:16 | 000,673,792 | ---- | M] () -- C:\Programme\BirdieSync\BirdieSync.Lib\QtNetworkBirdie4.dll MOD - [2010.02.04 12:01:02 | 002,097,152 | ---- | M] () -- C:\Programme\BirdieSync\BirdieSync.Lib\QtCoreBirdie4.dll MOD - [2010.01.20 17:57:38 | 000,030,208 | ---- | M] () -- C:\Programme\BirdieSync\BirdieSync.Lib\QtSolutions_SingleApplication-2.6.dll MOD - [2009.10.14 13:36:56 | 002,793,304 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe MOD - [2009.10.14 13:34:18 | 000,560,472 | ---- | M] () -- C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe MOD - [2009.09.29 12:24:24 | 000,139,264 | R--- | M] () -- C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\tcpsock_object.dll MOD - [2009.09.12 15:47:34 | 000,544,768 | ---- | M] () -- C:\Programme\BirdieSync\BirdieSync.Lib\sqlite3.dll MOD - [2007.01.11 17:33:20 | 000,106,496 | R--- | M] () -- C:\Program Files\Common Files\Teleca Shared\boost_log-vc80-mt-1_33.dll ========== Services (SafeList) ========== SRV - [2012.08.31 08:29:12 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.08.22 00:41:25 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.07.03 13:19:28 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2011.04.14 12:23:18 | 003,133,704 | ---- | M] (Evgeny Lachinov) [Auto | Running] -- C:\Program Files\Wild Media Server\wmssvc.exe -- (WmsService) SRV - [2010.06.15 19:55:43 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc) SRV - [2010.05.16 16:58:21 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2010.04.15 12:51:02 | 000,261,256 | ---- | M] (NovaStor) [Auto | Running] -- C:\Program Files\NovaStor\NovaStor NovaBACKUP\nsService.exe -- (nsService) SRV - [2010.03.04 23:38:00 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccess) SRV - [2010.02.24 09:28:01 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2009.10.07 01:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv) SRV - [2009.07.14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc) SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV - [2009.05.15 12:36:50 | 000,251,184 | R--- | M] (BUFFALO INC.) [Auto | Running] -- C:\Program Files\BUFFALO\NASNAVI\nassvc.exe -- (NasPmService) SRV - [2008.11.09 22:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Programme\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService) SRV - [2007.05.31 16:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2007.05.31 16:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) SRV - [2006.11.03 09:56:28 | 000,920,576 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) ========== Driver Services (SafeList) ========== DRV - [2012.07.30 11:24:30 | 000,132,608 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ser2pl.sys -- (Ser2plx86) DRV - [2012.07.30 11:24:30 | 000,132,608 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ser2pl.sys -- (Ser2pl) DRV - [2012.07.03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2012.05.08 20:03:17 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2012.05.08 20:03:17 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2012.05.02 01:35:17 | 000,121,208 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AnyDVD.sys -- (AnyDVD) DRV - [2011.09.16 17:08:07 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2011.08.10 16:39:48 | 000,045,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d) DRV - [2011.07.20 02:54:06 | 000,047,104 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\iBtFltCoex.sys -- (iBtFltCoex) DRV - [2011.07.19 23:12:22 | 000,225,280 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btmhsf.sys -- (btmhsf) DRV - [2010.11.20 14:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus) DRV - [2010.11.20 14:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt) DRV - [2010.11.20 14:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc) DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WINUSB) DRV - [2010.11.20 11:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID) DRV - [2010.11.20 11:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap) DRV - [2010.10.22 18:37:42 | 000,081,728 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\k750mgmt.sys -- (k750mgmt) DRV - [2010.10.22 18:37:42 | 000,079,488 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\k750obex.sys -- (k750obex) DRV - [2010.10.22 18:37:41 | 000,089,872 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\k750mdm.sys -- (k750mdm) DRV - [2010.10.22 18:37:41 | 000,006,576 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\k750mdfl.sys -- (k750mdfl) DRV - [2010.06.13 19:56:17 | 000,223,440 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\System32\drivers\truecrypt.sys -- (truecrypt) DRV - [2009.11.12 14:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen) DRV - [2009.10.26 16:54:24 | 000,025,088 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ANDROIDUSB.sys -- (HTCAND32) DRV - [2009.10.08 17:55:33 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.10.07 01:46:36 | 000,025,752 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon) DRV - [2009.07.14 00:09:17 | 004,194,816 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2008.07.26 15:26:22 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta) DRV - [2008.07.26 15:25:48 | 000,627,864 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS) DRV - [2008.07.26 15:22:34 | 002,570,520 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LV302V32.SYS -- (PID_PEPI) DRV - [2008.07.26 15:22:22 | 000,013,848 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lv302af.sys -- (pepifilter) DRV - [2007.09.25 16:59:46 | 000,015,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\MediaCoder\SysInfo.sys -- (CrystalSysInfo) DRV - [2005.02.11 11:19:20 | 000,055,216 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\k750bus.sys -- (k750bus) DRV - [2004.08.13 09:56:20 | 000,005,810 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/?AF=109992&babsrc=HP_ss&mntrId=853668800000000000000009dd5084cf IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://at.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-AT IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F9 59 19 18 41 BF CC 01 [binary data] IE - HKCU\..\URLSearchHook: {66bd2442-241b-44cd-8c7a-b51037053cdb} - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKCU\..\SearchScopes\{033D0AAE-1F9D-4141-AA17-8965E3B86015}: "URL" = hxxp://at.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=302398&p={searchTerms} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&AF=109992&babsrc=SP_ss&mntrId=853668800000000000000009dd5084cf IE - HKCU\..\SearchScopes\{ABB50930-30DE-43A4-9CF5-2FEA0BF812BA}: "URL" = hxxp://www.google.de/search?q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\User\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( ) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.05.30 03:54:44 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.06.03 20:41:07 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010.05.18 19:21:03 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010.06.03 20:41:07 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Sunbird\Extensions\\{A69F5EC7-88F0-4902-A15C-E569DFA33C3A}: C:\Program Files\BirdieSync\Sunbird Service [2010.05.29 15:37:17 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{A69F5EC7-88F0-4902-A15C-E569DFA33C3A}: C:\Program Files\BirdieSync\Thunderbird Service [2010.05.29 15:37:16 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.05.30 03:54:44 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.06.03 20:41:07 | 000,000,000 | ---D | M] [2011.12.22 21:54:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Extensions [2010.06.12 23:17:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2010.06.13 14:13:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Extensions\MediaCoder [2010.06.13 22:23:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Extensions\MediaCoder-MCEX [2010.06.13 14:14:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Extensions\MediaCoder-Setup-Wizard [2011.12.22 21:54:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Extensions\songbird@songbirdnest.com [2012.08.30 11:43:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\fl8p56oj.default\extensions [2010.06.12 23:10:22 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\fl8p56oj.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2012.08.30 11:43:51 | 000,000,000 | ---D | M] (Flash and Video Download) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\fl8p56oj.default\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a} [2011.01.28 14:00:10 | 000,000,000 | ---D | M] (FireTorrent) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\fl8p56oj.default\extensions\firetorrent@radicalsoft.com [2012.03.17 14:23:00 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.08.31 08:29:13 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2010.06.13 19:28:17 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files\mozilla firefox\plugins\npFoxitReaderPlugin.dll [2012.06.26 22:45:29 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.02.28 19:50:46 | 000,002,310 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml [2012.08.31 08:29:12 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.06.26 22:45:29 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.06.26 22:45:29 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.26 22:45:29 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.26 22:45:29 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.) O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (no name) - {D6E0063B-7B09-45C9-A51D-1FB51840EBE0} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.) O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {66BD2442-241B-44CD-8C7A-B51037053CDB} - No CLSID value found. O4 - HKLM..\Run: [AirPort Base Station Agent] C:\Program Files\AirPort\APAgent.exe (Apple Inc.) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [BirdieSync] C:\Program Files\BirdieSync\BirdieSync.exe () O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe () O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [Mobile Connectivity Suite] C:\Program Files\HTC\HTC Sync\Application Launcher\Application Launcher.exe (Teleca Sweden AB) O4 - HKLM..\Run: [NeroFilterCheck] C:\Windows\System32\NeroCheck.exe (Nero AG) O4 - HKCU..\Run: [AnyDVD] C:\Programme\SlySoft\AnyDVD\AnyDVDtray.exe (SlySoft, Inc.) O4 - HKCU..\Run: [Nero MediaHome 4] "C:\Program Files\Nero\Nero MediaHome 4\NeroMediaHome.exe" /AUTORUN File not found O4 - HKCU..\Run: [Wild Media Server (UPnP, DLNA, HTTP)] C:\Program Files\Wild Media Server\wms.exe (Evgeny Lachinov) O4 - Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BUFFALO NAS Navigator2.lnk = C:\Program Files\BUFFALO\NASNAVI\NasNavi.exe (BUFFALO INC.) O4 - Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NAS Scheduler.lnk = C:\Program Files\BUFFALO\NASNAVI\nassche.exe (BUFFALO INC.) O4 - Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: Add to Playlist - res://C:\Program Files\PacketVideo\TwonkyBeam\Internet Explorer\TwonkyIEPlugin.dll/314 File not found O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: //@surf.mar@/ ([]money in Local intranet) O15 - HKCU\..Trusted Domains: cleverreach.com ([novastor] http in Trusted sites) O15 - HKCU\..Trusted Domains: google-analytics.com ([]http in Trusted sites) O15 - HKCU\..Trusted Domains: novastor.com ([]http in Trusted sites) O15 - HKCU\..Trusted Domains: novastor.com ([]https in Trusted sites) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.7.2) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B23B6D48-271C-43AA-AEDB-F49E63BDCE79}: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.08.31 20:36:50 | 000,598,528 | ---- | C] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe [2012.08.31 20:34:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2012.08.31 18:52:21 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Malwarebytes [2012.08.31 18:51:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.08.31 18:51:55 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.08.31 18:51:55 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.08.31 18:51:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.08.31 18:50:46 | 010,652,120 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\User\Desktop\mbam-setup-1.62.0.1300.exe [2012.08.29 18:33:30 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{726BFC50-6E04-43FC-8EF4-AC04F172C1AB} [2012.08.27 19:41:07 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{3A67FCD4-39AD-41B2-9170-52DCB6928241} [2012.08.23 00:28:53 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{BEB32763-825B-41F6-9FDB-60C2C8A64684} [2012.08.22 10:59:46 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{DDBA9F3C-2037-40B1-82E2-F57AF3097E11} [2012.08.22 00:41:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo! Companion [2012.08.22 00:40:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Yahoo! Messenger [2012.08.21 16:47:00 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{40D3583C-2FA4-486E-9C82-165BC339FE89} [2012.08.21 14:04:45 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Alpen 3D Online [2012.08.20 01:44:32 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle [2012.08.20 01:33:46 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{F11543B5-59CB-4DB6-93A8-3B280E8562A6} [2012.08.18 02:26:20 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{F57C37CB-0CF2-47FF-AB26-111C539AB080} [2012.08.15 18:15:25 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{3F7DC36E-1BBC-47DB-B748-8710655A8393} [2012.08.15 18:15:02 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{974E162D-CAC3-4A5D-9707-36002E4547DD} [2012.08.11 17:53:51 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{EB041BD3-EF57-43B6-BC09-5255D9C05D91} [2012.08.11 17:53:28 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{3E574AA1-B3D2-474E-A9D8-D02C13E1E279} [2012.08.08 22:22:38 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{F23488B4-4A23-481E-88C0-0F0CB7455479} [2012.08.08 22:22:16 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{7133A287-EE6E-4CF6-B750-1888C140A9B1} [2012.08.03 22:22:56 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{16FF14EF-FF29-44FC-8C8C-11E563129080} [2012.08.03 22:22:38 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{2C99307C-D624-4F0A-9E39-B6C617BB895A} ========== Files - Modified Within 30 Days ========== [2012.08.31 20:36:53 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe [2012.08.31 20:36:07 | 000,000,000 | ---- | M] () -- C:\Users\User\defogger_reenable [2012.08.31 20:35:06 | 000,000,514 | ---- | M] () -- C:\Users\User\Desktop\Defogger - Verknüpfung.lnk [2012.08.31 20:34:00 | 000,050,477 | ---- | M] () -- C:\Users\User\Desktop\Defogger.exe [2012.08.31 20:29:09 | 000,013,472 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.08.31 20:29:09 | 000,013,472 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.08.31 20:21:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.08.31 20:21:40 | 1508,761,600 | -HS- | M] () -- C:\hiberfil.sys [2012.08.31 18:51:56 | 000,001,073 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.08.31 18:50:46 | 010,652,120 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\User\Desktop\mbam-setup-1.62.0.1300.exe [2012.08.31 18:45:03 | 001,008,141 | ---- | M] () -- C:\Users\User\Desktop\rkill.com [2012.08.31 18:37:32 | 004,503,728 | ---- | M] () -- C:\ProgramData\nud0repor.pad [2012.08.31 17:51:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.08.31 10:42:28 | 000,004,197 | ---- | M] () -- C:\Users\User\.recently-used.xbel [2012.08.22 01:07:59 | 000,001,065 | ---- | M] () -- C:\Users\Public\Desktop\AnyDVD.lnk [2012.08.22 00:40:54 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Yahoo! Messenger.lnk [2012.08.18 02:16:13 | 000,294,112 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT ========== Files Created - No Company Name ========== [2012.08.31 20:36:07 | 000,000,000 | ---- | C] () -- C:\Users\User\defogger_reenable [2012.08.31 20:35:29 | 000,050,477 | ---- | C] () -- C:\Users\User\Desktop\Defogger.exe [2012.08.31 20:35:06 | 000,000,514 | ---- | C] () -- C:\Users\User\Desktop\Defogger - Verknüpfung.lnk [2012.08.31 18:51:56 | 000,001,073 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.08.31 18:45:03 | 001,008,141 | ---- | C] () -- C:\Users\User\Desktop\rkill.com [2012.08.31 17:47:36 | 004,503,728 | ---- | C] () -- C:\ProgramData\nud0repor.pad [2012.08.31 10:42:28 | 000,004,197 | ---- | C] () -- C:\Users\User\.recently-used.xbel [2012.08.22 00:41:29 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.08.22 00:40:54 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\Yahoo! Messenger.lnk [2012.03.07 22:31:05 | 000,000,087 | ---- | C] () -- C:\Users\User\.iccbutton_history [2011.04.30 09:19:29 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2010.12.13 21:07:17 | 000,000,011 | ---- | C] () -- C:\ProgramData\.tv6 [2010.12.12 16:50:23 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2010.12.12 16:20:02 | 000,000,842 | ---- | C] () -- C:\Windows\wms.ini [2010.12.12 16:19:56 | 000,000,134 | ---- | C] () -- C:\Windows\wmssetup.ini [2010.12.11 22:54:20 | 000,003,584 | ---- | C] () -- C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.09.12 02:00:23 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll [2010.06.13 19:38:22 | 000,000,125 | -HS- | C] () -- C:\ProgramData\.zreglib [2010.06.13 12:38:16 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat ========== LOP Check ========== [2012.08.21 14:04:45 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Alpen 3D Online [2011.12.31 12:47:35 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Amazon [2012.02.28 19:50:44 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Babylon [2011.02.26 23:26:22 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\BirdieSync [2010.06.13 22:43:59 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Broad Intelligence [2010.06.13 13:46:29 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Canneverbe Limited [2010.06.13 17:53:40 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Canon [2012.03.25 23:07:46 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\DVDVideoSoft [2010.11.16 20:07:30 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Engelmann Media [2010.06.21 20:46:42 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Facebook [2011.04.02 12:11:18 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Foxit Software [2012.08.31 10:42:28 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\gtk-2.0 [2010.06.12 22:36:33 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Leadertech [2010.11.20 13:36:52 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\MyPhoneExplorer [2011.01.05 20:27:54 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\NASNaviator2 [2010.06.18 16:28:57 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\OpenOffice.org [2011.12.22 21:54:03 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Songbird2 [2012.08.08 21:08:05 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Spotify [2010.10.30 16:05:53 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Teleca [2010.06.12 23:17:49 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Thunderbird [2010.06.13 12:46:40 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Trillian [2010.06.13 19:57:41 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\TrueCrypt [2010.12.13 21:53:43 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\TwonkyMedia [2012.08.22 17:10:37 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 31.08.2012 20:39:05 - Run 1 OTL by OldTimer - Version 3.2.59.1 Folder = C:\Users\User\Desktop Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 1,87 Gb Total Physical Memory | 1,13 Gb Available Physical Memory | 60,41% Memory free 3,75 Gb Paging File | 2,67 Gb Available in Paging File | 71,15% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 156,63 Gb Total Space | 65,10 Gb Free Space | 41,57% Space Free | Partition Type: NTFS Drive D: | 309,11 Gb Total Space | 28,75 Gb Free Space | 9,30% Space Free | Partition Type: NTFS Computer Name: PABLO | User Name: User | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{04E97173-A0BC-4893-A0DB-C110BDB51D38}" = lport=2869 | protocol=6 | dir=in | app=system | "{0A088FA1-F0FE-4D70-AA61-014240EDEB4D}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{0DBA54ED-FE1C-4867-BCD1-3156E8150E40}" = rport=10243 | protocol=6 | dir=out | app=system | "{0FF0908D-4DB0-4D9A-BCE7-CAF015890B7D}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{16A66A85-3450-493B-8909-10D22950B748}" = lport=137 | protocol=17 | dir=in | app=system | "{1A3A8578-246B-4F27-9EFE-20DC065A475E}" = rport=138 | protocol=17 | dir=out | app=system | "{23EC4ACC-2940-417F-9F33-57B4F8C27600}" = rport=445 | protocol=6 | dir=out | app=system | "{2FCC5A55-3E4B-4F94-9E06-DA77F87558D4}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=c:\windows\system32\svchost.exe | "{39BEE632-19CC-4F4B-93F0-1B493356CDF7}" = lport=138 | protocol=17 | dir=in | app=system | "{4808CC69-5DC1-4A16-B653-0FD794C643EA}" = lport=1900 | protocol=17 | dir=in | name=medienmanager upnp broadcast | "{4AD18B6F-1067-423E-8022-334D555E9C04}" = lport=58927 | protocol=6 | dir=in | app=c:\program files\birdiesync\birdiesync.exe | "{4FE7DE1A-6DC5-4262-B643-A396C26A8D63}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{541C7346-08B1-49BB-A6F1-FD28F0876D3C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=datei- und druckerfreigabe (spoolerdienst - rpc-epmap) | "{55920470-DCAD-461A-939F-636553C05079}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{5863C073-4C14-4856-8B89-6167B8BD1FDD}" = lport=10243 | protocol=6 | dir=in | app=system | "{6DE6AD38-A096-45F2-80C7-899E7C4945FB}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=c:\windows\system32\spoolsv.exe | "{725BE2D3-7800-4778-9034-FC05B7EFC725}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=c:\windows\system32\svchost.exe | "{751F0AAC-7F2E-446B-9E05-F7B837BBB01C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{7C34436A-FBE8-49AF-A36C-6E7350FC35F0}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{9F484EED-8D71-41D7-BC11-F5DA51E9E04E}" = lport=445 | protocol=6 | dir=in | app=system | "{9FD68BDB-BFBA-473E-BBEF-5039029D3089}" = lport=2869 | protocol=6 | dir=in | app=system | "{A5306BFF-AECE-4244-A8E6-1EC79FC2655A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{C264E6A4-0E5C-4711-B29F-FD6683553B59}" = lport=4004 | protocol=6 | dir=in | name=medienmanager tcp port | "{D0164924-42B1-47DE-A3BA-B03D7E826B66}" = rport=137 | protocol=17 | dir=out | app=system | "{E1B70C69-A1C5-456C-B908-52B3A940E139}" = rport=139 | protocol=6 | dir=out | app=system | "{E6972866-550E-4B4B-A7BF-7C71ECFC900C}" = lport=139 | protocol=6 | dir=in | app=system | "{EE25348B-697B-4557-BB94-5D63350597C7}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{FA06F76E-E3DA-4BE7-89A5-FA08E530204F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{07EE6E46-043F-41AC-A1DD-0361921B7B4A}" = protocol=6 | dir=out | app=system | "{08B2D366-AB6A-4694-B1D9-0E09F4512C27}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{0FE44533-C1D8-4ECB-AC72-CCD73F713E45}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{11F3DE02-29F0-4E03-8600-280C03368687}" = protocol=1 | dir=out | name=datei- und druckerfreigabe (echoanforderung - icmpv4 ausgehend) | "{123BBCF1-35E3-448E-9C84-C3320ABE98A7}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{1C32A79E-4039-4EC5-8A1A-297C2D56AF72}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{1E939EFA-DE42-4D74-BDD7-6236A072F662}" = protocol=17 | dir=in | app=c:\program files\telekom-austria\medienmanager\medienmanager.exe | "{1F67EFFF-3D1E-4B6D-BE3F-C62B95EF8A19}" = protocol=1 | dir=in | name=datei- und druckerfreigabe (echoanforderung - icmpv4 eingehend) | "{204A7597-3107-4F1C-8841-EA2A0A06B762}" = protocol=58 | dir=out | name=datei- und druckerfreigabe (echoanforderung - icmpv6 ausgehend) | "{25C50158-D696-4F60-AAD5-89CE22418F30}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{27A30CE0-F3E0-4F95-B8EF-9FB193915DBA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{29B6C4D4-B771-45BE-A2A9-B2996BE0D060}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{3143D394-31AA-420E-81B1-14A4F62EEE48}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{33A5156F-5261-449D-A49A-0F215EA398D7}" = dir=in | app=c:\program files\itunes\itunes.exe | "{435A6677-FFB0-4CC0-94CD-874C6F66416F}" = protocol=6 | dir=in | app=c:\program files\wild media server\wmssvc.exe | "{4F5773C4-0BF9-4CC9-BDD9-BB1E9634BA88}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{50BA8279-408C-47AB-A4D5-D7B2DA99A29F}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | "{58E099CC-E703-4DFF-98F8-D92DB704708E}" = dir=in | app=c:\program files\airport\apagent.exe | "{617C3544-87CD-4E3F-BD86-2D8EC6627930}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | "{739EFF8E-D4A9-4D58-99C0-A32CAA2EBBA8}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{75FB098D-AA7D-4308-B73E-E13614CF509C}" = protocol=17 | dir=in | app=c:\program files\buffalo\nasnavi\nasnavi.exe | "{768C0B8E-9284-47B5-A7A1-1870CBC2DF61}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{7DCEE14A-85B4-4C3B-90B4-7F05EDF60127}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{8366AD53-D196-42DB-923B-7AD3FCEC9C6C}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{8658057C-F31E-40A7-A3AB-0C7579C15567}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{8B7E1013-FC08-4D0B-89FC-77A2E7B14B33}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{8F2B1193-C67B-4D23-A523-10573DA83E45}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 | "{A0A58A49-1BE4-4853-B749-79DA70C52197}" = protocol=17 | dir=in | app=c:\program files\wild media server\wmssvc.exe | "{AAC66BD4-ABCF-4B84-AFAC-3BC13569ADF0}" = protocol=58 | dir=in | name=datei- und druckerfreigabe (echoanforderung - icmpv6 eingehend) | "{AF2C48CF-AE84-42E4-800A-99A9B7652A51}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{B8021C6F-91FC-4F0C-BAAE-49E3803523D2}" = protocol=6 | dir=in | app=c:\program files\buffalo\nasnavi\nasnavi.exe | "{C13C5AAC-B39C-44A0-8087-2826EDA66E6C}" = protocol=6 | dir=in | app=c:\program files\telekom-austria\medienmanager\medienmanager.exe | "{C6019447-6887-4829-9DC9-BA1456E263FC}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{CCB9C2F2-C1C4-4663-B417-B07C7EB72F88}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{D0186CE2-AB20-4F89-9ECF-7F457D853BCE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{D3C86B5E-BE8D-4134-837C-26E44B8B5C56}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{D428B849-D3E9-41C8-860D-A34374ED52A9}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{E47106F0-B0A0-46D6-BA11-F64E2CBCC9EC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{E5479991-440E-4256-B248-5D9E89407593}" = protocol=58 | dir=in | app=system | "{E78647F8-A558-4DA6-A737-236CDFDD559E}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | "{EF180C8B-C4EA-4E41-9CF7-37C0A4A4D202}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{F31D5BBD-6D02-487B-AB0D-A21F0D0868A6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{F3B6C378-9D54-4A61-9280-C5F6972909C2}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | "{FDA6B45B-5D38-45E8-99EB-61A998510BC9}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "TCP Query User{01B122F7-FA93-4FB7-B770-0D7F768E1788}C:\program files\mozilla thunderbird\thunderbird.exe" = protocol=6 | dir=in | app=c:\program files\mozilla thunderbird\thunderbird.exe | "TCP Query User{4E27FA99-29DA-4B81-A556-87C12FBBCE4D}C:\program files\buffalo\nasnavi\nasnavi.exe" = protocol=6 | dir=in | app=c:\program files\buffalo\nasnavi\nasnavi.exe | "TCP Query User{5A96CF40-0017-4DD9-B141-1BDA5564A163}C:\program files\twonkymedia\mediamanager\twonkymediamanager.exe" = protocol=6 | dir=in | app=c:\program files\twonkymedia\mediamanager\twonkymediamanager.exe | "TCP Query User{6A32E334-9D30-4866-9D19-DEBB9B890F02}C:\program files\wild media server\wms.exe" = protocol=6 | dir=in | app=c:\program files\wild media server\wms.exe | "TCP Query User{6D2D5BB7-38FE-4F2B-BFEA-46CC7A8B1D5B}C:\users\user\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\user\appdata\roaming\spotify\spotify.exe | "TCP Query User{7AEDABDC-96CC-4B7C-8A85-A17B3EC72DAB}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "TCP Query User{7F8D8539-2290-47FE-A238-449474628ED3}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | "TCP Query User{96600BB4-338F-4B0A-A7EC-0E7097C48AD5}C:\program files\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe | "TCP Query User{BB6446DC-F8BF-4D13-8C14-2D4392C8D64F}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "TCP Query User{CE36C443-E082-4010-8E26-392545F198ED}C:\program files\trillian\trillian.exe" = protocol=6 | dir=in | app=c:\program files\trillian\trillian.exe | "TCP Query User{D862314A-7E33-4211-923A-49FBA224094D}C:\program files\myphoneexplorer\myphoneexplorer.exe" = protocol=6 | dir=in | app=c:\program files\myphoneexplorer\myphoneexplorer.exe | "TCP Query User{E90DE87D-05CE-412C-A009-51B79B0660BE}C:\program files\airport\aputil.exe" = protocol=6 | dir=in | app=c:\program files\airport\aputil.exe | "TCP Query User{EDCCA20D-3076-485C-8547-6FCF5FD89103}C:\program files\mozilla thunderbird\thunderbird.exe" = protocol=6 | dir=in | app=c:\program files\mozilla thunderbird\thunderbird.exe | "TCP Query User{EFF4E918-191B-4B03-88BE-D5B8AE41405B}C:\users\user\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\user\appdata\roaming\spotify\spotify.exe | "TCP Query User{F97E0D76-106C-46A9-8FA0-F6E6FE3D18C2}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | "UDP Query User{21F73122-5E64-4B84-8FF6-D0E68D3E2ED9}C:\program files\trillian\trillian.exe" = protocol=17 | dir=in | app=c:\program files\trillian\trillian.exe | "UDP Query User{294C7104-D66C-467B-9606-0C816BFE6A3D}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | "UDP Query User{2ACD5E1E-601B-4836-B54F-F93DEEFD6ED5}C:\program files\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe | "UDP Query User{5C8B3D5C-D938-49FC-97A9-3419E8B36A7D}C:\users\user\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\user\appdata\roaming\spotify\spotify.exe | "UDP Query User{7E39F8A6-2197-49B4-B715-26431147C0B0}C:\program files\airport\aputil.exe" = protocol=17 | dir=in | app=c:\program files\airport\aputil.exe | "UDP Query User{8D02706B-96F3-45F8-9AEF-4CC39AF4F98D}C:\program files\wild media server\wms.exe" = protocol=17 | dir=in | app=c:\program files\wild media server\wms.exe | "UDP Query User{933CFB2B-00F6-4963-A667-4A4FE06AE524}C:\program files\mozilla thunderbird\thunderbird.exe" = protocol=17 | dir=in | app=c:\program files\mozilla thunderbird\thunderbird.exe | "UDP Query User{970F7085-441E-4A61-AAD7-32F40BBF0C5E}C:\program files\buffalo\nasnavi\nasnavi.exe" = protocol=17 | dir=in | app=c:\program files\buffalo\nasnavi\nasnavi.exe | "UDP Query User{9AFC37C1-F4A5-4574-998A-F1B29778BBB5}C:\program files\myphoneexplorer\myphoneexplorer.exe" = protocol=17 | dir=in | app=c:\program files\myphoneexplorer\myphoneexplorer.exe | "UDP Query User{B67F9D20-4D04-47EC-A3ED-F532A62A7442}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | "UDP Query User{C2186A56-A50E-4E5F-895C-72C9CF2706DD}C:\program files\mozilla thunderbird\thunderbird.exe" = protocol=17 | dir=in | app=c:\program files\mozilla thunderbird\thunderbird.exe | "UDP Query User{C466B5AD-4011-445C-B041-37C31DAC98DE}C:\program files\twonkymedia\mediamanager\twonkymediamanager.exe" = protocol=17 | dir=in | app=c:\program files\twonkymedia\mediamanager\twonkymediamanager.exe | "UDP Query User{E8FDE45D-15F5-4CF4-8ECA-BC02C6B80CC6}C:\users\user\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\user\appdata\roaming\spotify\spotify.exe | "UDP Query User{E9733189-7062-479C-94C2-88308DE1A3A6}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "UDP Query User{F17CE722-BD29-4CAE-B598-0F255C2D0B9F}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0F547B3D-8347-4262-AB2C-2F49BB716DA8}" = NovaBACKUP "{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1 "{18A5DFF2-8A95-49F3-873F-743CB5549F3D}" = Canon ScanGear Starter "{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{23B8A91D-680B-462B-87AD-3D70F7341731}" = iTunes "{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31 "{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7 "{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{40184457-4514-4B18-84A8-6BB8A3AB6A81}" = AirPort "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{5E1375CB-6792-4464-8715-CC3EC83D48FA}" = VirtualDJ Home FREE "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour "{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime "{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile-Gerätecenter "{942E5031-2BD6-4C1B-918C-C8A1CBAE7B8C}" = Microsoft IntelliPoint 8.2 "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{98B8052E-1E55-41D4-9A03-E2F718825D38}" = HTC Sync "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BD2DD45-8763-4F12-BDC6-958FCFEF0FCB}" = Microsoft IntelliType Pro 8.2 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D210D79-AEC5-453B-960C-4DD2C73931E1}" = Bonjour-Druckdienste "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{C27BC2A2-30DD-4014-B22E-63EB0DB572F9}" = Logitech Webcam Software "{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common "{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant "{CA9BCD4D-B782-4637-8F1F-F9A328D3C244}" = CanoScan Toolbox Ver4.9 "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{DFFC0648-BC4B-47D1-93D2-6CA6B9457641}" = OpenOffice.org 3.2 "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger "{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support "{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10 "{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials "7-Zip" = 7-Zip 4.65 "8781-9705-0578-2960" = MedienManager 1.2.1 "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9 "AnyDVD" = AnyDVD "Avira AntiVir Desktop" = Avira Free Antivirus "BabylonToolbar" = Babylon toolbar on IE "BirdieSync" = BirdieSync 2.2.0.1 "CloneDVD2" = CloneDVD2 "DivX Setup.divx.com" = DivX-Setup "ffdshow_is1" = ffdshow [rev 3154] [2009-12-09] "Foxit Reader" = Foxit Reader "Free Video Dub_is1" = Free Video Dub version 2.0.3.1206 "GPS Photo Tagger" = GPS Photo Tagger V1.2.4 "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300 "MediaCoder" = MediaCoder 0.7.3.4677 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2 "Microsoft IntelliType Pro 8.2" = Microsoft IntelliType Pro 8.2 "Mozilla Firefox 15.0 (x86 de)" = Mozilla Firefox 15.0 (x86 de) "Mozilla Thunderbird 15.0 (x86 de)" = Mozilla Thunderbird 15.0 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "MPE" = MyPhoneExplorer "NovaBACKUP" = NovaBACKUP "Songbird-release-2160" = Songbird 1.10.1 (Build 2160) "Trillian" = Trillian "TrueCrypt" = TrueCrypt "UN060501" = BUFFALO NAS Navigator2 "UN070209" = Uninstall of File Security Tool "VLC media player" = VLC media player 1.0.5 "WinGimp-2.0_is1" = GIMP 2.6.11 "WinLiveSuite" = Windows Live Essentials "WMS" = Wild Media Server (UPnP, DLNA, HTTP) "Yahoo! Companion" = Yahoo! Toolbar "Yahoo! Messenger" = Yahoo! Messenger "Yahoo! Software Update" = Yahoo! Software Update ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Facebook Plug-In" = Facebook Plug-In "Spotify" = Spotify ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 09.05.2012 13:41:15 | Computer Name = Pablo | Source = wmssvc.exe | ID = 0 Description = Error - 09.05.2012 13:41:15 | Computer Name = Pablo | Source = wmssvc.exe | ID = 0 Description = Error - 09.05.2012 13:43:12 | Computer Name = Pablo | Source = wmssvc.exe | ID = 0 Description = Error - 09.05.2012 13:43:24 | Computer Name = Pablo | Source = wmssvc.exe | ID = 0 Description = Error - 10.05.2012 11:32:34 | Computer Name = Pablo | Source = wmssvc.exe | ID = 0 Description = Error - 10.05.2012 11:33:53 | Computer Name = Pablo | Source = wmssvc.exe | ID = 0 Description = Error - 10.05.2012 13:17:58 | Computer Name = Pablo | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\NovaStor\NovaStor NovaBACKUP\x64\ExchangeDelegate.exe". Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 10.05.2012 13:35:01 | Computer Name = Pablo | Source = wmssvc.exe | ID = 0 Description = Error - 10.05.2012 16:53:51 | Computer Name = Pablo | Source = wmssvc.exe | ID = 0 Description = Error - 10.05.2012 16:53:51 | Computer Name = Pablo | Source = wmssvc.exe | ID = 0 Description = [ System Events ] Error - 31.08.2012 14:07:01 | Computer Name = Pablo | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 31.08.2012 14:09:09 | Computer Name = Pablo | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 31.08.2012 14:09:09 | Computer Name = Pablo | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 31.08.2012 14:09:09 | Computer Name = Pablo | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 31.08.2012 14:14:09 | Computer Name = Pablo | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 31.08.2012 14:14:09 | Computer Name = Pablo | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 31.08.2012 14:14:09 | Computer Name = Pablo | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 31.08.2012 14:16:15 | Computer Name = Pablo | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 31.08.2012 14:16:15 | Computer Name = Pablo | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 31.08.2012 14:16:15 | Computer Name = Pablo | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 < End of report > Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net Rootkit scan 2012-09-01 00:08:28 Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD5000AAKS-00YGA0 rev.12.01C02 Running: pc70uyhh.exe; Driver: C:\Users\User\AppData\Local\Temp\ugldapod.sys ---- System - GMER 1.0.15 ---- SSDT 8E3B0906 ZwCreateSection SSDT 8E3B0910 ZwRequestWaitReplyPort SSDT 8E3B090B ZwSetContextThread SSDT 8E3B0915 ZwSetSecurityObject SSDT 8E3B091A ZwSystemDebugControl SSDT 8E3B08A7 ZwTerminateProcess ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 82C543C9 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82C8DD52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text ntkrnlpa.exe!KeRemoveQueueEx + 11F7 82C94EAC 4 Bytes [06, 09, 3B, 8E] .text ntkrnlpa.exe!KeRemoveQueueEx + 1553 82C95208 4 Bytes JMP BDD2628F .text ntkrnlpa.exe!KeRemoveQueueEx + 1597 82C9524C 4 Bytes [0B, 09, 3B, 8E] .text ntkrnlpa.exe!KeRemoveQueueEx + 1613 82C952C8 4 Bytes [15, 09, 3B, 8E] .text ntkrnlpa.exe!KeRemoveQueueEx + 1667 82C9531C 4 Bytes [1A, 09, 3B, 8E] .text ... ? System32\drivers\vqcgjrx.sys Das System kann den angegebenen Pfad nicht finden. ! .text C:\Windows\system32\drivers\atikmdag.sys section is writeable [0x8EC18000, 0x227A14, 0xE8000020] PAGE spsys.sys!?SPRevision@@3PADA + 4F90 A84BA000 68 Bytes [8B, FF, 55, 8B, EC, 33, C0, ...] PAGE spsys.sys!?SPRevision@@3PADA + 4FD5 A84BA045 203 Bytes [8B, C6, F0, 0F, BA, 28, 00, ...] PAGE spsys.sys!?SPRevision@@3PADA + 50A1 A84BA111 17 Bytes [87, 01, 6A, 00, 6A, 20, A3, ...] PAGE spsys.sys!?SPRevision@@3PADA + 50B3 A84BA123 629 Bytes [55, 4B, A8, FE, 05, 34, 55, ...] PAGE spsys.sys!?SPRevision@@3PADA + 5329 A84BA399 101 Bytes [6A, 28, 59, A5, 5E, C6, 03, ...] PAGE ... ---- Devices - GMER 1.0.15 ---- AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation) Device \Driver\ACPI_HAL \Device\0000004a halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation) ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0009dd5084cf Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0009dd5084cf@0060d1000b58 0x6D 0x90 0x99 0x19 ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0009dd5084cf@123456789cdf 0xC9 0x54 0xC4 0x86 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0009dd5084cf (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0009dd5084cf@0060d1000b58 0x6D 0x90 0x99 0x19 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0009dd5084cf@123456789cdf 0xC9 0x54 0xC4 0x86 ... ---- EOF - GMER 1.0.15 ---- Ich hoffe ihr könnt mir helfen und im Voraus vielen Dank! LG Rudi |
Themen zu Cyber Crime Investigation Department Virus |
7-zip, antivir, avira, babylon toolbar, babylontoolbar, bho, bonjour, browser, cdburnerxp, crime, cyber crime, error, euro, fehler, firefox, flash player, format, google-analytics.com, helper, iexplore.exe, infizierte dateien, install.exe, intranet, langs, locker, logfile, mozilla, plug-in, registry, rundll, scan, security, server, software, starten, svchost.exe, udp, virus, zahlung |