| |
| |||||||
Log-Analyse und Auswertung: Bundespolizei-Virus / Riskware.InstallMonetizer in C:\Users\...\Temporary Internet Files\Content.IE5\2JL0EWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
15.11.2012, 21:58
| #1 |
| |  Bundespolizei-Virus / Riskware.InstallMonetizer in C:\Users\...\Temporary Internet Files\Content.IE5\2JL0E Hallo, ich hatte heute den Sperrbildschirm des Bundespolizei-Viruses. Ich habe im abgesicherten Modus neu gestartet und die Systemwiederherstellung durchgeführt. Dann mit Malwarebytes einen Scan durchgeführt, wobei ein infiziertes Objekt o.g. "Riskware.InstallMonetizer" in der Datei "C:\Users\Jimmy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2JL0ENF7\SplitCam_5414[1].exe" gefunden wurde. Ob das der Bundespolizei-Virus ist, weiß ich nicht. Auf jeden Fall wurde er in Quarantäne geschoben. Komisch ist, dass einen Tag vorher das Windows Update 18 Dateien heruntergeladen und automatisch installiert hatte, obwohl ich damals eingestellt hatte, dass ich die Installation manuell starte (ob das mit dem Virus zusammenhängt, weiß ich nicht) Ich habe die "defogger"-Anweisung von Euch befolgt (keine Fehlermeldungen) Dann OTL ausgeführt, im Anschluss GMer. Ist mein Notebook durch Malwarebytes nun sauber? Oder muss ich noch etwas machen? OTL.txt:OTL Logfile: Code:
ATTFilter OTL logfile created on: 15.11.2012 21:13:11 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jimmy\Desktop Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,99 Gb Total Physical Memory | 2,03 Gb Available Physical Memory | 67,79% Memory free 5,99 Gb Paging File | 4,77 Gb Available in Paging File | 79,63% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 119,24 Gb Total Space | 43,55 Gb Free Space | 36,52% Space Free | Partition Type: NTFS Drive D: | 142,18 Gb Total Space | 82,51 Gb Free Space | 58,03% Space Free | Partition Type: NTFS Drive E: | 142,16 Gb Total Space | 35,06 Gb Free Space | 24,66% Space Free | Partition Type: NTFS Computer Name: JIMMY-PC | User Name: Jimmy | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.11.15 21:10:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jimmy\Desktop\OTL.exe PRC - [2012.11.15 20:55:49 | 000,384,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.10.30 14:54:07 | 000,084,256 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2012.10.30 14:53:59 | 000,108,320 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2012.10.02 18:34:41 | 000,690,096 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\Macromed\Flash\FlashUtil32_11_4_402_278_ActiveX.exe PRC - [2012.10.02 18:08:48 | 000,748,680 | ---- | M] (Microsoft Corporation) -- C:\Programme\Internet Explorer\iexplore.exe PRC - [2012.09.19 18:20:40 | 000,079,136 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2012.09.10 15:58:16 | 000,059,280 | ---- | M] (Apple Inc.) -- C:\Programme\Common Files\Apple\Internet Services\ApplePhotoStreams.exe PRC - [2012.09.05 03:04:08 | 000,059,280 | ---- | M] (Apple Inc.) -- C:\Programme\Common Files\Apple\Internet Services\BookmarkDAV_client.exe PRC - [2012.08.30 20:13:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe PRC - [2012.08.30 16:57:34 | 000,864,104 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvxdsync.exe PRC - [2012.08.29 13:00:12 | 000,059,280 | ---- | M] (Apple Inc.) -- C:\Programme\Common Files\Apple\Internet Services\iCloudServices.exe PRC - [2012.08.27 20:32:54 | 000,059,280 | ---- | M] (Apple Inc.) -- C:\Programme\Common Files\Apple\Apple Application Support\APSDaemon.exe PRC - [2012.07.17 13:49:00 | 001,713,904 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE PRC - [2012.07.17 13:49:00 | 000,194,304 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE PRC - [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2011.02.23 21:19:22 | 000,371,200 | ---- | M] (shbox.de) -- C:\Programme\FreePDF_XP\fpassist.exe PRC - [2010.11.20 13:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2010.11.20 13:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2009.06.04 18:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe PRC - [2009.06.04 18:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe PRC - [2007.09.02 12:58:52 | 000,495,616 | ---- | M] () -- C:\Programme\RocketDock\RocketDock.exe ========== Modules (No Company Name) ========== MOD - [2012.08.27 20:33:32 | 000,087,912 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2012.08.27 20:33:08 | 001,242,512 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2012.01.08 14:41:12 | 000,093,696 | ---- | M] () -- d:\Program Files\FileZilla FTP Client\fzshellext.dll MOD - [2007.09.02 12:58:52 | 000,495,616 | ---- | M] () -- C:\Programme\RocketDock\RocketDock.exe MOD - [2007.09.02 12:57:36 | 000,069,632 | ---- | M] () -- C:\Programme\RocketDock\RocketDock.dll ========== Services (SafeList) ========== SRV - [2012.10.30 14:54:07 | 000,084,256 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.10.30 14:53:59 | 000,108,320 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.08.30 20:13:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.07.17 13:49:00 | 001,713,904 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2011.07.20 04:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2010.11.20 13:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2009.06.04 18:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) SRV - [2009.04.30 01:21:04 | 000,410,624 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\System32\XAudio32.dll -- (HsfXAudioService) SRV - [2009.02.26 17:36:22 | 000,064,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service) SRV - [2006.10.26 13:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\RtsUCcid.sys -- (USBCCID) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\Rts516xIR.sys -- (RtsUIR) DRV - [2012.11.15 20:56:02 | 000,133,824 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2012.11.15 20:56:02 | 000,036,552 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2012.11.15 20:56:01 | 000,083,432 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2012.10.11 04:08:38 | 000,034,432 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mcvidrv.sys -- (ManyCam) DRV - [2012.10.11 04:08:36 | 000,025,088 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mcaudrv.sys -- (mcaudrv_simple) DRV - [2012.10.02 20:06:40 | 000,697,328 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sptd.sys -- (sptd) DRV - [2012.08.30 20:13:00 | 010,790,760 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2012.08.27 14:50:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2012.08.23 15:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV - [2012.08.23 15:40:25 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2012.07.03 16:25:17 | 000,149,352 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA) DRV - [2010.11.20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2009.11.30 16:00:00 | 000,144,640 | ---- | M] (Roland Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Rdwm1104.sys -- (RDID1104) DRV - [2009.09.15 18:40:18 | 006,114,816 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5s32.sys -- (NETw5s32) DRV - [2009.07.21 06:13:24 | 000,005,632 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hidshim.sys -- (hidshim) DRV - [2009.07.21 06:13:22 | 000,022,528 | ---- | M] (Nuvoton Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nuvotonhidgeneric.sys -- (nuvotonhidgeneric) DRV - [2009.07.14 00:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp) DRV - [2009.06.04 15:45:48 | 000,166,912 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV - [2009.05.14 07:40:38 | 004,231,680 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw5v32.sys -- (netw5v32) DRV - [2009.04.30 01:20:56 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio32.sys -- (XAudio) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0D FA DF 2E C1 A0 CD 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {7DF7069B-5CF8-4802-A4F9-48F78280ABA6} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{7DF7069B-5CF8-4802-A4F9-48F78280ABA6}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 202.23.159.51:3127 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found. O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files\FreePDF_XP\fpassist.exe (shbox.de) O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) O4 - HKCU..\Run: [ApplePhotoStreams] C:\Programme\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.) O4 - HKCU..\Run: [com.apple.dav.bookmarks.daemon] C:\Programme\Common Files\Apple\Internet Services\BookmarkDAV_client.exe (Apple Inc.) O4 - HKCU..\Run: [iCloudServices] C:\Programme\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.) O4 - HKCU..\Run: [RocketDock] C:\Program Files\RocketDock\RocketDock.exe () O4 - Startup: C:\Users\Jimmy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Jimmy\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: Free YouTube Download - C:\Users\Jimmy\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: fritz.box ([]* in Lokales Intranet) O15 - HKCU\..Trusted Ranges: Range1 ([*] in Lokales Intranet) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{42B6D12D-5900-492C-9440-7CC5A6C661EB}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8358E747-9961-4E43-8F47-A1C4F1C61DF1}: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - E:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{70f04e2c-0cc4-11e2-b2ba-003091400023}\Shell - "" = AutoRun O33 - MountPoints2\{70f04e2c-0cc4-11e2-b2ba-003091400023}\Shell\AutoRun\command - "" = F:\SETUP.EXE O33 - MountPoints2\{70f04e2c-0cc4-11e2-b2ba-003091400023}\Shell\configure\command - "" = F:\SETUP.EXE O33 - MountPoints2\{70f04e2c-0cc4-11e2-b2ba-003091400023}\Shell\install\command - "" = F:\SETUP.EXE O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.11.15 21:10:46 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Jimmy\Desktop\OTL.exe [2012.11.15 16:22:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.11.15 16:22:27 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.11.15 16:22:27 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.11.15 15:53:52 | 000,000,000 | ---D | C] -- C:\ProgramData\ddzzvlvgsqdvquj [2012.11.14 22:49:27 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012.11.10 17:57:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ManyCam [2012.11.10 17:57:35 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Roaming\ManyCam [2012.11.10 17:57:35 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Local\ManyCam [2012.11.10 17:57:35 | 000,000,000 | ---D | C] -- C:\ProgramData\ManyCam [2012.11.09 19:44:55 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Fraps [2012.11.09 19:44:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fraps [2012.11.06 20:46:56 | 058,752,061 | ---- | C] (Avanquest Software ) -- C:\Users\Jimmy\Desktop\PDFExperte8Ultimate.exe [2012.10.28 16:09:22 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\Documents\My Palettes [2012.10.28 16:09:10 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\Documents\Corel [2012.10.28 16:08:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Protexis [2012.10.28 16:08:14 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Roaming\Corel [2012.10.28 16:06:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Protexis [2012.10.28 16:06:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Corel [2012.10.28 16:04:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CorelDRAW Graphics Suite X5 [2012.10.28 16:02:19 | 000,000,000 | ---D | C] -- C:\ProgramData\CorelDRAW Graphics Suite X5 [2012.10.27 18:55:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RocketDock [2012.10.27 18:55:39 | 000,000,000 | ---D | C] -- C:\Program Files\RocketDock [2012.10.27 16:18:51 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\.thumbnails [2012.10.27 16:17:25 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Local\fontconfig [2012.10.27 16:17:24 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Local\gegl-0.2 [2012.10.27 16:17:24 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\.gimp-2.8 [2012.10.27 12:04:53 | 000,000,000 | -H-D | C] -- C:\Users\Jimmy\Documents\Freemake_do_not_remove_this_folder634869398930380691 [2012.10.26 21:56:21 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Roaming\NVIDIA [2012.10.26 21:55:52 | 000,000,000 | -H-D | C] -- C:\Users\Jimmy\Documents\Freemake_do_not_remove_this_folder634868889524665827 [2012.10.26 21:55:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Ask [2012.10.26 21:54:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Temp [2012.10.22 17:18:16 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Roaming\Avira [2012.10.22 17:15:01 | 000,000,000 | -H-D | C] -- C:\Users\Jimmy\Documents\Freemake_do_not_remove_this_folder634865265011295873 [2012.10.22 17:12:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2012.10.22 17:12:51 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys [2012.10.22 17:12:50 | 000,133,824 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys [2012.10.22 17:12:50 | 000,083,432 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys [2012.10.22 17:12:50 | 000,036,552 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys [2012.10.22 17:12:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2012.10.22 17:12:50 | 000,000,000 | ---D | C] -- C:\Program Files\Avira ========== Files - Modified Within 30 Days ========== [2012.11.15 21:15:50 | 000,654,166 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.11.15 21:15:50 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.11.15 21:15:50 | 000,130,006 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.11.15 21:15:50 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.11.15 21:11:38 | 000,302,592 | ---- | M] () -- C:\Users\Jimmy\Desktop\56zndlx9.exe [2012.11.15 21:10:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jimmy\Desktop\OTL.exe [2012.11.15 21:09:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.11.15 21:09:14 | 2411,888,640 | -HS- | M] () -- C:\hiberfil.sys [2012.11.15 21:07:38 | 000,013,728 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.11.15 21:07:38 | 000,013,728 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.11.15 21:07:37 | 000,000,204 | ---- | M] () -- C:\Users\Jimmy\defogger_reenable [2012.11.15 21:06:46 | 000,050,477 | ---- | M] () -- C:\Users\Jimmy\Desktop\Defogger.exe [2012.11.15 20:56:02 | 000,133,824 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys [2012.11.15 20:56:02 | 000,036,552 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys [2012.11.15 20:56:01 | 000,083,432 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys [2012.11.15 15:53:51 | 000,076,349 | ---- | M] () -- C:\ProgramData\atdagutdujochvn [2012.11.07 14:55:19 | 000,001,057 | ---- | M] () -- C:\Users\Jimmy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2012.11.06 20:49:59 | 058,752,061 | ---- | M] (Avanquest Software ) -- C:\Users\Jimmy\Desktop\PDFExperte8Ultimate.exe [2012.10.30 20:26:36 | 000,156,660 | ---- | M] () -- C:\Users\Jimmy\Documents\FRITZ.Box Fon WLAN 7270 v3 (O2) 74.04.88_30.10.12_2026.export [2012.10.30 19:19:22 | 000,031,911 | ---- | M] () -- C:\Users\Jimmy\Documents\HP OfficeJet Registrierung.pdf [2012.10.30 18:00:39 | 000,153,196 | ---- | M] () -- C:\Users\Jimmy\Desktop\fritz5.jpg [2012.10.30 17:59:52 | 000,204,913 | ---- | M] () -- C:\Users\Jimmy\Desktop\fritz4.jpg [2012.10.30 17:58:34 | 000,151,129 | ---- | M] () -- C:\Users\Jimmy\Desktop\fritz3.jpg [2012.10.30 17:57:37 | 000,150,758 | ---- | M] () -- C:\Users\Jimmy\Desktop\fritz2.jpg [2012.10.30 17:56:14 | 000,178,532 | ---- | M] () -- C:\Users\Jimmy\Desktop\fritz1.jpg [2012.10.30 17:54:54 | 000,201,597 | ---- | M] () -- C:\Users\Jimmy\Documents\FRITZ.Box Fon WLAN 7270 v3 (O2) 74.04.88_30.10.12_1754.export [2012.10.28 16:58:55 | 000,014,740 | ---- | M] () -- C:\Users\Jimmy\Documents\cc_20121028_165851.reg [2012.10.28 16:17:03 | 000,427,352 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.10.27 16:26:27 | 000,002,139 | ---- | M] () -- C:\Users\Jimmy\AppData\Local\recently-used.xbel [2012.10.19 08:27:24 | 000,851,836 | ---- | M] () -- C:\Users\Jimmy\Documents\beschwerde t-mobile iphone 5.pdf [2012.10.18 19:39:59 | 001,817,413 | ---- | M] () -- C:\Users\Jimmy\Documents\anzeige diebstahl iphone 5.pdf [2012.10.18 18:16:11 | 000,219,769 | ---- | M] () -- C:\Users\Jimmy\Documents\dhl2.pdf [2012.10.18 18:14:43 | 000,290,514 | ---- | M] () -- C:\Users\Jimmy\Documents\dhl1.pdf ========== Files Created - No Company Name ========== [2012.11.15 21:11:38 | 000,302,592 | ---- | C] () -- C:\Users\Jimmy\Desktop\56zndlx9.exe [2012.11.15 21:07:18 | 000,000,204 | ---- | C] () -- C:\Users\Jimmy\defogger_reenable [2012.11.15 21:06:46 | 000,050,477 | ---- | C] () -- C:\Users\Jimmy\Desktop\Defogger.exe [2012.11.15 18:26:02 | 000,032,768 | ---- | C] () -- C:\Windows\System32\drivers\sp_rsdrv2.sys [2012.11.15 15:53:48 | 000,076,349 | ---- | C] () -- C:\ProgramData\atdagutdujochvn [2012.11.09 19:45:56 | 000,810,496 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2012.11.09 19:45:56 | 000,183,808 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2012.11.09 19:45:56 | 000,080,896 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2012.11.09 19:45:52 | 000,389,120 | ---- | C] () -- C:\Windows\System32\actskn43.ocx [2012.11.07 14:55:19 | 000,001,057 | ---- | C] () -- C:\Users\Jimmy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2012.10.30 20:26:36 | 000,156,660 | ---- | C] () -- C:\Users\Jimmy\Documents\FRITZ.Box Fon WLAN 7270 v3 (O2) 74.04.88_30.10.12_2026.export [2012.10.30 19:19:18 | 000,031,911 | ---- | C] () -- C:\Users\Jimmy\Documents\HP OfficeJet Registrierung.pdf [2012.10.30 18:00:32 | 000,153,196 | ---- | C] () -- C:\Users\Jimmy\Desktop\fritz5.jpg [2012.10.30 17:59:50 | 000,204,913 | ---- | C] () -- C:\Users\Jimmy\Desktop\fritz4.jpg [2012.10.30 17:58:32 | 000,151,129 | ---- | C] () -- C:\Users\Jimmy\Desktop\fritz3.jpg [2012.10.30 17:57:35 | 000,150,758 | ---- | C] () -- C:\Users\Jimmy\Desktop\fritz2.jpg [2012.10.30 17:56:11 | 000,178,532 | ---- | C] () -- C:\Users\Jimmy\Desktop\fritz1.jpg [2012.10.30 17:54:54 | 000,201,597 | ---- | C] () -- C:\Users\Jimmy\Documents\FRITZ.Box Fon WLAN 7270 v3 (O2) 74.04.88_30.10.12_1754.export [2012.10.28 16:58:53 | 000,014,740 | ---- | C] () -- C:\Users\Jimmy\Documents\cc_20121028_165851.reg [2012.10.27 16:26:27 | 000,002,139 | ---- | C] () -- C:\Users\Jimmy\AppData\Local\recently-used.xbel [2012.10.19 08:27:23 | 000,851,836 | ---- | C] () -- C:\Users\Jimmy\Documents\beschwerde t-mobile iphone 5.pdf [2012.10.18 19:39:57 | 001,817,413 | ---- | C] () -- C:\Users\Jimmy\Documents\anzeige diebstahl iphone 5.pdf [2012.10.18 18:16:11 | 000,219,769 | ---- | C] () -- C:\Users\Jimmy\Documents\dhl2.pdf [2012.10.18 18:14:43 | 000,290,514 | ---- | C] () -- C:\Users\Jimmy\Documents\dhl1.pdf [2012.10.14 09:11:39 | 000,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll [2012.10.14 09:11:39 | 000,045,056 | ---- | C] () -- C:\Windows\System32\unredmon.exe [2012.10.06 19:15:08 | 000,003,584 | ---- | C] () -- C:\Users\Jimmy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.10.06 18:39:56 | 000,013,312 | ---- | C] () -- C:\Windows\System32\RdCi1104.dll [2012.10.03 08:49:11 | 000,189,796 | ---- | C] () -- C:\Windows\System32\drivers\RTConvEQ.dat [2012.10.03 08:49:11 | 000,001,112 | ---- | C] () -- C:\Windows\System32\drivers\RtHdatEx.dat [2012.10.03 08:49:11 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX2.dat [2012.10.03 08:49:11 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat [2012.10.03 08:49:11 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat [2012.10.03 08:49:11 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat [2012.10.02 20:59:36 | 000,021,916 | ---- | C] () -- C:\Windows\System32\emptyregdb.dat [2012.10.02 19:03:12 | 000,000,017 | ---- | C] () -- C:\Users\Jimmy\AppData\Local\resmon.resmoncfg ========== ZeroAccess Check ========== [2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2012.10.07 16:26:46 | 000,000,000 | ---D | M] -- C:\Users\Jimmy\AppData\Roaming\Audacity [2012.10.28 16:01:19 | 000,000,000 | ---D | M] -- C:\Users\Jimmy\AppData\Roaming\BitTorrent [2012.10.06 18:46:36 | 000,000,000 | ---D | M] -- C:\Users\Jimmy\AppData\Roaming\Cakewalk [2012.11.15 21:09:44 | 000,000,000 | ---D | M] -- C:\Users\Jimmy\AppData\Roaming\Dropbox [2012.10.13 06:55:00 | 000,000,000 | ---D | M] -- C:\Users\Jimmy\AppData\Roaming\DVDVideoSoft [2012.10.13 06:54:55 | 000,000,000 | ---D | M] -- C:\Users\Jimmy\AppData\Roaming\DVDVideoSoftIEHelpers [2012.10.24 14:16:45 | 000,000,000 | ---D | M] -- C:\Users\Jimmy\AppData\Roaming\FileZilla [2012.10.14 09:11:38 | 000,000,000 | ---D | M] -- C:\Users\Jimmy\AppData\Roaming\FreePDF [2012.11.10 17:57:47 | 000,000,000 | ---D | M] -- C:\Users\Jimmy\AppData\Roaming\ManyCam [2012.10.14 10:32:33 | 000,000,000 | ---D | M] -- C:\Users\Jimmy\AppData\Roaming\OpenCandy [2012.10.03 09:35:24 | 000,000,000 | ---D | M] -- C:\Users\Jimmy\AppData\Roaming\pdfforge [2012.10.02 21:23:01 | 000,000,000 | ---D | M] -- C:\Users\Jimmy\AppData\Roaming\WindSolutions ========== Purity Check ========== < End of report > _________________________________________________________________ Extras.txt (von OTL):OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 15.11.2012 21:13:11 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jimmy\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,99 Gb Total Physical Memory | 2,03 Gb Available Physical Memory | 67,79% Memory free
5,99 Gb Paging File | 4,77 Gb Available in Paging File | 79,63% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 119,24 Gb Total Space | 43,55 Gb Free Space | 36,52% Space Free | Partition Type: NTFS
Drive D: | 142,18 Gb Total Space | 82,51 Gb Free Space | 58,03% Space Free | Partition Type: NTFS
Drive E: | 142,16 Gb Total Space | 35,06 Gb Free Space | 24,66% Space Free | Partition Type: NTFS
Computer Name: JIMMY-PC | User Name: Jimmy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "d:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "d:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{22CD36F8-A34D-44B4-AA42-96350E9EB8D7}" = lport=10243 | protocol=6 | dir=in | app=system |
"{23DCF2F8-97B0-4911-9559-5B42417F6EFC}" = lport=445 | protocol=6 | dir=in | app=system |
"{2F2375DD-EFE0-42B1-9106-7571B2D7C2E2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{300C93F0-75C9-494D-A81C-4D7DA31B7203}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{44B4A7BC-AA9C-4867-8BFC-21ECDD0FEB56}" = rport=445 | protocol=6 | dir=out | app=system |
"{4BDAECB4-9550-423F-9B99-A3508AE75D14}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{65A147EF-0116-40BB-A0A5-62B669DEF3A1}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7A33CE5E-146F-4548-8AFD-5DC8457ABAD2}" = lport=138 | protocol=17 | dir=in | app=system |
"{7BC87CEE-D986-4993-950A-B276BFEBC232}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{8D207D57-CD89-4A77-B1AF-F135CB47F0C6}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{8F4D11D0-FF69-42A9-8FB0-226644EDF8C2}" = rport=137 | protocol=17 | dir=out | app=system |
"{905498B3-AEDB-442C-A84C-EBE9376281A1}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{941B37DC-4CBC-4C9F-825F-55C3D2349FBA}" = rport=138 | protocol=17 | dir=out | app=system |
"{9DF2B32E-B17C-4E71-B265-17F2A31EB9DE}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A13E8EB1-04DB-4E12-AC19-69A0E9726BC8}" = lport=137 | protocol=17 | dir=in | app=system |
"{A3242A54-9208-4FBF-B836-9C83A4F97CDE}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{AC521BB4-1ABC-48E1-AB3C-BD172EE19E40}" = lport=139 | protocol=6 | dir=in | app=system |
"{B35920B6-E3ED-462F-9529-63E69D4082E2}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CC7B82E4-B4A0-41D8-BBC2-985005218BFE}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{D7E5DFD7-7270-4927-BA70-6964107E18D0}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{DB191048-601C-4EFE-B81A-098DF02AE43B}" = rport=10243 | protocol=6 | dir=out | app=system |
"{DE027731-1C67-4D9F-B4AF-6F7A818A62D5}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E222F896-4A20-49F9-9685-4033BE543E5C}" = rport=139 | protocol=6 | dir=out | app=system |
"{F129DB16-9C32-46D6-A9B6-E42B2D8B690A}" = lport=2869 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04EC53FF-7091-4161-955D-1CF74642FD6F}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{05142161-F90F-45E7-904F-475CF66373CD}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{0568B093-34C3-4FEA-9CD8-656948AF12E8}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{08150577-FA22-4A00-ABB7-2C993FA7C936}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0CB4DFE1-FD6D-4AD1-8A9F-A02C99C2261A}" = dir=out | app=d:\program files\corel\coreldraw graphics suite x5\programs\dim.exe |
"{234C4760-8615-415D-B795-E2E01748F807}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet pro 8500 a910\bin\devicesetup.exe |
"{2774519B-D453-4B5B-8FBE-66E71501DD2F}" = protocol=6 | dir=in | app=c:\users\jimmy\appdata\roaming\dropbox\bin\dropbox.exe |
"{3BCEF3EB-07B7-40A7-B8E5-B9CBF5CF2F1E}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{3C4AF0B2-2E3E-4EB8-A1D9-AEF688698941}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3DE8A9B5-DE87-416D-9068-507F8462FBCE}" = dir=out | app=d:\program files\corel\coreldraw graphics suite x5\programs\cdrconv.exe |
"{3E80F7F5-961D-48B9-9823-EBC7F1A63D4C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{473302E8-CC46-4331-B887-20BAD4D45756}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{49607488-EF13-4E32-8679-B6C9F3FA5094}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{51BC5B19-CE32-476E-99D0-02A087EC8270}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{57F98BF6-CB01-471C-831C-82F6AAFBA7BD}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{5BC4B516-CC33-46C7-82A9-89D3CC194C8F}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{609B8BDF-F43D-4827-8357-D3D0EED6460B}" = protocol=6 | dir=out | app=system |
"{62F53FFB-5805-409A-B8D3-5402B6049F60}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{67C448EA-F6FD-48E2-B591-BF2E242DBF49}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{686E4DC8-3F5B-4D0B-8A2C-E5EB54AFC7AC}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet pro 8500 a910\bin\hpnetworkcommunicator.exe |
"{6D09EA49-EC31-49C1-B6CE-A050FA2ACC53}" = dir=out | app=d:\program files\corel\coreldraw graphics suite x5\connect\connect.exe |
"{70BD979B-50E2-4614-9532-72AA0202C07E}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{779BF6A2-040B-404C-A7D6-4F36FE8F45BD}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7D7C7F01-9626-41F0-9D87-0AA501B6DF44}" = protocol=6 | dir=in | app=d:\program files\bittorrent\bittorrent.exe |
"{9141F5D1-9403-4152-929C-F9C6D6340B83}" = protocol=17 | dir=in | app=d:\program files\bittorrent\bittorrent.exe |
"{95CA1332-62BE-4016-BCD7-579271507C4F}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{A8E53E8C-D9D7-4E4D-88A6-2A58EE870DBE}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{ACCCC9B7-95CA-4E62-A51A-4B2CA2480140}" = dir=out | app=d:\program files\corel\coreldraw graphics suite x5\programs\barcode.exe |
"{B8C67065-F562-415A-80A1-E4884895D309}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{B9F56F1B-8A09-46B4-8D51-6DF344346BD6}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{BA8E5E95-E01A-4A3D-A5FF-D1788268D4B8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{C5C27709-F968-4905-8690-269C6B61AFCB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CBB0D257-FF10-4F00-86C9-BC58FF4D8269}" = dir=out | app=d:\program files\corel\coreldraw graphics suite x5\programs\coreldrw.exe |
"{D06B7150-924D-4AA5-AEE3-66FDBAA166F9}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet pro 8500 a910\bin\hpnetworkcommunicator.exe |
"{D0B9FCAA-8030-4366-9287-702F33C1A0C1}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{D6A229A9-30B8-4134-BF9D-BD4255AA8365}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet pro 8500 a910\bin\devicesetup.exe |
"{D75B3E7F-9E4A-4E8C-8273-8F607428CE93}" = protocol=17 | dir=in | app=c:\users\jimmy\appdata\roaming\dropbox\bin\dropbox.exe |
"{D9464B73-CA3F-45CD-AC47-EB1CED798576}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{E5E572CA-A9F5-4FC3-849D-26ACD4BA7C7E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{EC747821-7E66-4FBB-BE5D-219A4B9FE0F3}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{F390FFAF-DCB9-447F-8613-D4DF08BBDB55}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{FA0B1DE5-F5C7-471F-998B-3F635990E350}" = dir=out | app=d:\program files\corel\coreldraw graphics suite x5\programs\corelpp.exe |
"{FD3EACBB-3BAD-4A37-A907-4FD230F8F1D1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{B7B941A7-563E-47E0-ABEB-EBE2FA50D4F3}C:\program files\hp\hp officejet pro 8500 a910\bin\hpnetworkcommunicator.exe" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet pro 8500 a910\bin\hpnetworkcommunicator.exe |
"TCP Query User{FAEAAF4D-961B-4A36-A637-8FDE4B76C391}C:\users\jimmy\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\jimmy\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{595CA507-4144-445A-B9D0-2F16960067B2}C:\users\jimmy\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\jimmy\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{89022973-F3F6-4865-AEDC-80035E3E6C70}C:\program files\hp\hp officejet pro 8500 a910\bin\hpnetworkcommunicator.exe" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet pro 8500 a910\bin\hpnetworkcommunicator.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}" = CorelDRAW(R) Graphics Suite X5
"{03CC9D58-B132-4CC0-A521-4F3660AA43C7}" = Movie Maker
"{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform
"{0F6F6876-6334-4977-B5DD-CFC12E193420}" = iTunes
"{24D9A3E0-D086-4B62-AF93-63CF6B05CB48}" = CorelDRAW Graphics Suite X5 - Custom Data
"{260ED378-2B8C-4831-ADAE-D0712D119AC5}" = CorelDRAW Graphics Suite X5 - VSTA
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{2FDD750F-49B7-40C1-9D5E-D2955BC0E2D8}" = NVIDIA PhysX
"{30F99474-EBE3-4134-A02B-F6CD38CFE243}" = Photo Gallery
"{3472C84E-2FD0-439F-B27F-C290C1E4CD8B}" = CorelDRAW Graphics Suite X5 - Filters
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3CBD94C1-BA15-488C-888B-D8DD296CC6DC}" = Fotogalerie
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform
"{54B8F4A1-02B0-4D32-8F37-925526C0EEC6}" = CorelDRAW Graphics Suite X5 - Connect
"{57400C1E-BC51-4ECE-AD2A-A6096204DDEC}" = CorelDRAW Graphics Suite X5 - VBA
"{59123CCF-FED2-46FF-9293-D1DC80042219}" = CorelDRAW Graphics Suite X5 - Redist
"{62978C1C-FE2E-4A4E-851D-3EB406C9EBC2}" = CorelDRAW Graphics Suite X5 - Draw
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{690F5BA3-5DEB-42CD-962B-F687EE59FAA7}" = Windows Live Essentials
"{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7A108EBC-C9DF-4E14-93A8-42CF316F1ECF}" = Marketsplash Schnellzugriffe
"{8256F87F-8554-4457-8C3D-3F3324697D9F}" = Windows Live ID Sign-in Assistant
"{871B2A9D-0F12-44B3-88C1-E0CB10A232E4}" = HP Officejet Pro 8500 A910 Hilfe
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions
"{8CC68433-5837-4075-B81F-EA7E4F14CE60}" = iCloud
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{9244E956-5939-4B88-930C-0699D4AB2B95}" = CorelDRAW Graphics Suite X5 - WT
"{92975DF9-EA36-4F36-A9AC-D412BC1D709E}" = Nuvoton EC Generic HID Driver
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{983F7145-CABF-4EDD-9F3D-E06B2F024BD3}" = CorelDRAW Graphics Suite X5 - FontNav
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A1B04B6B-25BB-48AD-8BD9-D31A86E89F3E}" = CorelDRAW Graphics Suite X5 - PHOTO-PAINT
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 306.23
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 306.23
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0604
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.18.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B399C91E-96F2-4265-9884-1C9A10E9FCF4}" = CorelDRAW Graphics Suite X5
"{B727564C-47D3-473A-AC9E-F4BE7B1BD5D3}" = Windows Live UX Platform Language Pack
"{BD136CE7-6666-4273-A056-8D92F8625AAB}" = Sun ODF Plugin for Microsoft Office 3.2
"{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer
"{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common
"{CA3861BA-1D96-4D66-B577-318E1602C4F3}" = CorelDRAW Graphics Suite X5 - Common
"{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR
"{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}" = CorelDRAW Graphics Suite X5 - Setup Files
"{D4DDFAA1-EC37-4529-AD5B-A433ADE68662}" = Apple Mobile Device Support
"{D642FF8D-438D-4545-A1D5-2EDB4BCAE3BA}" = CorelDRAW Graphics Suite X5 - Photozoom Plugin
"{DE6CBC04-8673-4DBA-BA81-07F1639CEB5F}" = CorelDRAW Graphics Suite X5 - IPM
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1203F8C-FF34-4968-A4A5-B4F1F8533DAB}" = Photo Common
"{E2E25F53-EB64-4BC1-8A9E-B970BBEF8C1C}" = HP Officejet Pro 8500 A910 - Grundlegende Software für das Gerät
"{E34C6AA4-AE8E-4677-912A-92FC2E039DD9}" = CorelDRAW Graphics Suite X5 - EN
"{E3723A04-A894-4036-A78E-282E18F43C0A}_is1" = Tinypic 3.18
"{ED6C77F9-4D7E-447C-9EC0-9A212D075535}" = Movie Maker
"{EDB98D5A-A6FB-425C-BFB7-51A0924B762D}" = CorelDRAW Graphics Suite X5 - Capture
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FE4B83DE-85CF-4DE5-90CE-A2735A0E1F21}" = CorelDRAW Graphics Suite X5 - VideoBrowser
"{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Audacity_is1" = Audacity 2.0.2
"Avira AntiVir Desktop" = Avira Free Antivirus
"BitTorrent" = BitTorrent
"CCleaner" = CCleaner
"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FileZilla Client" = FileZilla Client 3.5.3
"Fraps" = Fraps (remove only)
"Free YouTube Download_is1" = Free YouTube Download version 3.1.38.1005
"Freemake Video Converter_is1" = Freemake Video Converter Version 3.1.2
"FreePDF_XP" = FreePDF (Remove only)
"GPL Ghostscript 9.04" = GPL Ghostscript
"LAME_is1" = LAME v3.99.3 (for Windows)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.0.1400
"ManyCam" = ManyCam 3.0.92 (remove only)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"RocketDock_is1" = RocketDock 1.3.5
"SONAR85LE_is1" = SONAR LE
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VLC media player" = VLC media player 2.0.3
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"xp-AntiSpy" = xp-AntiSpy 3.98-2
"YTdetect" = Yahoo! Detect
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 15.11.2012 10:55:21 | Computer Name = Jimmy-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3541
Error - 15.11.2012 10:55:22 | Computer Name = Jimmy-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 15.11.2012 10:55:22 | Computer Name = Jimmy-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 4664
Error - 15.11.2012 10:55:22 | Computer Name = Jimmy-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 4664
Error - 15.11.2012 10:55:23 | Computer Name = Jimmy-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 15.11.2012 10:55:23 | Computer Name = Jimmy-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 5663
Error - 15.11.2012 10:55:23 | Computer Name = Jimmy-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 5663
Error - 15.11.2012 11:16:03 | Computer Name = Jimmy-PC | Source = Avira Antivirus | ID = 4110
Description = Während der Initialisierung der Suchengine trat ein unbekannter Fehler
auf! Fehlercode: 0x35
Error - 15.11.2012 13:23:20 | Computer Name = Jimmy-PC | Source = Avira Antivirus | ID = 4110
Description = Während der Initialisierung der Suchengine trat ein unbekannter Fehler
auf! Fehlercode: 0x35
Error - 15.11.2012 14:15:26 | Computer Name = Jimmy-PC | Source = Avira Antivirus | ID = 4110
Description = Während der Initialisierung der Suchengine trat ein unbekannter Fehler
auf! Fehlercode: 0x35
[ System Events ]
Error - 15.11.2012 11:07:46 | Computer Name = Jimmy-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 15.11.2012 11:07:46 | Computer Name = Jimmy-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 15.11.2012 11:07:46 | Computer Name = Jimmy-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 15.11.2012 11:07:46 | Computer Name = Jimmy-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 15.11.2012 11:07:46 | Computer Name = Jimmy-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 15.11.2012 11:13:50 | Computer Name = Jimmy-PC | Source = DCOM | ID = 10005
Description =
Error - 15.11.2012 11:14:22 | Computer Name = Jimmy-PC | Source = DCOM | ID = 10010
Description =
Error - 15.11.2012 11:16:03 | Computer Name = Jimmy-PC | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Avira Echtzeit-Scanner" wurde mit folgendem dienstspezifischem
Fehler beendet: %%306.
Error - 15.11.2012 13:23:20 | Computer Name = Jimmy-PC | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Avira Echtzeit-Scanner" wurde mit folgendem dienstspezifischem
Fehler beendet: %%306.
Error - 15.11.2012 14:15:26 | Computer Name = Jimmy-PC | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Avira Echtzeit-Scanner" wurde mit folgendem dienstspezifischem
Fehler beendet: %%306.
< End of report >
_________________________________________________________________ Gmer.txtGMER Logfile: Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-11-15 21:33:50
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 SAMSUNG_ rev.CXM0
Running: 56zndlx9.exe; Driver: C:\Users\Jimmy\AppData\Local\Temp\fwtoypoc.sys
---- System - GMER 1.0.15 ----
SSDT 90820556 ZwCreateSection
SSDT 90820560 ZwRequestWaitReplyPort
SSDT 9082055B ZwSetContextThread
SSDT 90820565 ZwSetSecurityObject
SSDT 9082056A ZwSystemDebugControl
SSDT 908204F7 ZwTerminateProcess
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 82C5CA49 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82C964D2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 11F7 82C9D62C 4 Bytes [56, 05, 82, 90]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1553 82C9D988 4 Bytes JMP 82056082
.text ntkrnlpa.exe!KeRemoveQueueEx + 1597 82C9D9CC 4 Bytes [5B, 05, 82, 90]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1613 82C9DA48 4 Bytes [65, 05, 82, 90]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1667 82C9DA9C 4 Bytes [6A, 05, 82, 90]
.text ...
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Internet Explorer\iexplore.exe[3072] kernel32.dll!CreateThread 7746DCC2 5 Bytes JMP 67F375E3 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3072] USER32.dll!EnableWindow 77508D02 5 Bytes JMP 67F79EBC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3072] USER32.dll!GetAsyncKeyState 7750A256 5 Bytes JMP 67F1DECD C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3072] USER32.dll!CallNextHookEx 7750ABE1 5 Bytes JMP 67F97FDF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3072] USER32.dll!UnhookWindowsHookEx 7750ADF9 5 Bytes JMP 67FBED00 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3072] USER32.dll!DefWindowProcA 7750BB1C 7 Bytes JMP 67F3980D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3072] USER32.dll!CreateWindowExA 7750BF40 5 Bytes JMP 67F43643 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3072] USER32.dll!SetWindowsHookExW 7750E30C 5 Bytes JMP 67F725B4 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3072] USER32.dll!CreateWindowExW 7750EC7C 5 Bytes JMP 67FA03CF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3072] USER32.dll!GetKeyState 77512B4D 5 Bytes JMP 67F1DDA7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3072] USER32.dll!IsDialogMessageW 77514104 5 Bytes JMP 680C9AF2 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3072] USER32.dll!DefWindowProcW 7751507D 7 Bytes JMP 67F98042 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3072] USER32.dll!CreateDialogParamA 77521F42 5 Bytes JMP 680C9360 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3072] USER32.dll!IsDialogMessage 77522019 5 Bytes JMP 680C9ACA C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3072] USER32.dll!DialogBoxParamW 77523B9B 5 Bytes JMP 67ED1893 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3072] USER32.dll!CreateDialogIndirectParamA 7752721D 5 Bytes JMP 680C93D0 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3072] USER32.dll!CreateDialogIndirectParamW 7752EA10 5 Bytes JMP 680C9408 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3072] USER32.dll!DialogBoxIndirectParamW 77533B7F 5 Bytes JMP 680C902E C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3072] USER32.dll!EndDialog 77533BA3 5 Bytes JMP 680C9D9E C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3072] USER32.dll!CreateDialogParamW 77535630 5 Bytes JMP 680C9398 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3072] USER32.dll!SetKeyboardState 7753695A 5 Bytes JMP 680CA3E5 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3072] USER32.dll!SendInput 77537019 5 Bytes JMP 680CA38D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3072] USER32.dll!SetCursorPos 7754C1B0 5 Bytes JMP 680CA466 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3072] USER32.dll!DialogBoxParamA 7754CF42 5 Bytes JMP 680C8FC9 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3072] USER32.dll!DialogBoxIndirectParamA 7754D274 5 Bytes JMP 680C9093 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3072] USER32.dll!MessageBoxIndirectA 7755E869 5 Bytes JMP 680C8F50 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3072] USER32.dll!MessageBoxIndirectW 7755E963 5 Bytes JMP 680C8ED7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3072] USER32.dll!MessageBoxExA 7755E9C9 5 Bytes JMP 680C8E73 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3072] USER32.dll!MessageBoxExW 7755E9ED 5 Bytes JMP 680C8E0F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3072] USER32.dll!keybd_event 7755EC3B 5 Bytes JMP 680CA34A C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3072] SHELL32.dll!RealDriveType + 173D 7686FE30 4 Bytes [CF, 01, E7, 67]
.text C:\Program Files\Internet Explorer\iexplore.exe[3072] SHELL32.dll!RealDriveType + 1745 7686FE38 8 Bytes [E0, 61, E6, 67, 79, F7, E6, ...] {LOOPNZ 0x63; OUT 0x67, AL; JNS 0xfffffffffffffffd; OUT 0x67, AL}
.text C:\Program Files\Internet Explorer\iexplore.exe[3072] ole32.dll!OleLoadFromStream 77686143 5 Bytes JMP 680C97FC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3892] USER32.dll!EnableWindow 77508D02 5 Bytes JMP 67F79EBC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3892] USER32.dll!DialogBoxParamW 77523B9B 5 Bytes JMP 67ED1893 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3892] USER32.dll!DialogBoxIndirectParamW 77533B7F 5 Bytes JMP 680C902E C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3892] USER32.dll!DialogBoxParamA 7754CF42 5 Bytes JMP 680C8FC9 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3892] USER32.dll!DialogBoxIndirectParamA 7754D274 5 Bytes JMP 680C9093 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3892] USER32.dll!MessageBoxIndirectA 7755E869 5 Bytes JMP 680C8F50 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3892] USER32.dll!MessageBoxIndirectW 7755E963 5 Bytes JMP 680C8ED7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3892] USER32.dll!MessageBoxExA 7755E9C9 5 Bytes JMP 680C8E73 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3892] USER32.dll!MessageBoxExW 7755E9ED 5 Bytes JMP 680C8E0F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
Device \Driver\BTHUSB \Device\00000084 bthport.sys (Bluetooth-Bustreiber/Microsoft Corporation)
Device \Driver\BTHUSB \Device\00000086 bthport.sys (Bluetooth-Bustreiber/Microsoft Corporation)
Device \Driver\ACPI_HAL \Device\0000004d halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\003091400023
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\003091400023@002248da1ee6 0x9F 0x2E 0x6B 0x31 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 d:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x29 0x1D 0x2B 0xF8 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x48 0x02 0x25 0x90 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x47 0x46 0x2C 0xF1 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\003091400023 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\003091400023@002248da1ee6 0x9F 0x2E 0x6B 0x31 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 d:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x29 0x1D 0x2B 0xF8 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x48 0x02 0x25 0x90 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x47 0x46 0x2C 0xF1 ...
---- EOF - GMER 1.0.15 ----
Ich danke für Euer Forum und Eure Mühe!!! |
|
17.11.2012, 00:30
| #2 |
| /// Helfer-Team  | Bundespolizei-Virus / Riskware.InstallMonetizer in C:\Users\...\Temporary Internet Files\Content.IE5\2JL0E 1. Schritt Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.danach: 2. Schritt Downloade Dir bitte AdwCleaner auf deinen Desktop.
__________________ |
|
17.11.2012, 10:38
| #3 |
| | Bundespolizei-Virus / Riskware.InstallMonetizer in C:\Users\...\Temporary Internet Files\Content.IE5\2JL0E Guten Morgen t'john,
__________________ich habe o. g. Schritte befolgt (hier wurden keine Funde angezeigt). Nachdem ich hier gepostet habe, habe ich noch Spybot installiert (sorry, später habe ich dann gelesen, dass man nach den Suchläufen nichts mehr installieren soll). Auf jeden Fall hat Spybot beim Suchlauf den Trojaner angezeigt, wobei ich jetzt noch nichts gemacht habe, da ich erstmal auf Deine Anweisungen waren wollte (also kein Löschen und keine Quarantäne). Im Anhang sind die Protokolle. Danke schon mal für Deine Hilfe! Anhang 46455 Anhang 46456 Anhang 46457 |
|
17.11.2012, 16:38
| #4 |
| /// Helfer-Team | Bundespolizei-Virus / Riskware.InstallMonetizer in C:\Users\...\Temporary Internet Files\Content.IE5\2JL0E Sehr gut! 
danach: Malware-Scan mit Emsisoft Anti-Malware Lade die Gratisversion von => Emsisoft Anti-Malware herunter und installiere das Programm. Lade über Jetzt Updaten die aktuellen Signaturen herunter. Wähle den Freeware-Modus aus. Wähle Detail Scan und starte über den Button Scan die Überprüfung des Computers. Am Ende des Scans nichts loeschen lassen!. Mit Klick auf Bericht speichern das Logfile auf dem Desktop speichern und hier in den Thread posten. Anleitung: http://www.trojaner-board.de/103809-...i-malware.html |
|
18.11.2012, 16:08
| #5 |
| | Bundespolizei-Virus / Riskware.InstallMonetizer in C:\Users\...\Temporary Internet Files\Content.IE5\2JL0E Hallo, ich habe beide Programme ausgeführt. Der Ukash-Trojaner wurde leider nicht gefunden... Die Protokolle finden sich im Anhang! Einen schönen Sonntag... Anhang 46536 Anhang 46537 |
|
19.11.2012, 03:43
| #6 |
| /// Helfer-Team | Bundespolizei-Virus / Riskware.InstallMonetizer in C:\Users\...\Temporary Internet Files\Content.IE5\2JL0E Sehr gut! Deinstalliere: Emsisoft Anti-Malware ESET Online Scanner Vorbereitung
__________________ --> Bundespolizei-Virus / Riskware.InstallMonetizer in C:\Users\...\Temporary Internet Files\Content.IE5\2JL0E |
|
19.11.2012, 20:38
| #7 |
| | Bundespolizei-Virus / Riskware.InstallMonetizer in C:\Users\...\Temporary Internet Files\Content.IE5\2JL0E Ich hab jetzt wirklich ALLE meine externen Laufwerke/USB-Sticks angeschlossen, von daher wurde auch etwas mehr gefunden... Der Bundespolizei-Virus war wohl auch dabei  Ansonsten liefs ohne Fehler Anhang 46600 |
|
19.11.2012, 21:20
| #8 |
| /// Helfer-Team | Bundespolizei-Virus / Riskware.InstallMonetizer in C:\Users\...\Temporary Internet Files\Content.IE5\2JL0E Java aktualisieren Dein Java ist nicht mehr aktuell. Älter Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.
Dann so einstellen: http://www.trojaner-board.de/105213-...tellungen.html Danach poste (kopieren und einfuegen) mir, was du hier angezeigt bekommst: PluginCheck Java deaktivieren Aufgrund derezeitigen Sicherheitsluecke: http://www.trojaner-board.de/122961-...ktivieren.html Danach poste mir (kopieren und einfuegen), was du hier angezeigt bekommst: PluginCheck |
|
19.11.2012, 22:16
| #9 |
| | Bundespolizei-Virus / Riskware.InstallMonetizer in C:\Users\...\Temporary Internet Files\Content.IE5\2JL0E Bei der Option "Dateien löschen" konnte ich nur beim 1. Kästchen ein Haken machen, die anderen beiden sind grau und nicht "anhakbar"  Danach 1. Check: PluginCheck Der PluginCheck hilft die größten Sicherheitslücken beim Surfen im Internet zu schliessen. Überprüft wird: Browser, Flash, Java und Adobe Reader Version. Internet Explorer 9.0 ist aktuell Flash (11,5,502,110) ist aktuell. Java (1,7,0,9) ist aktuell. Adobe Reader 11,0,0,0 ist aktuell. Beim Link bzgl. des Deaktivieren des Plug-Ins stand, dass man Java komplett deinstallieren soll, wenn man Internet Explorer benutzt. Ich hab jetzt vorerst nur das Plugin deinstalliert bei folgendem Bildschirm:   Ich hoffe eins von beiden war das was ich machen sollte... 2. Check: PluginCheck Der PluginCheck hilft die größten Sicherheitslücken beim Surfen im Internet zu schliessen. Überprüft wird: Browser, Flash, Java und Adobe Reader Version. Internet Explorer 9.0 ist aktuell Flash (11,5,502,110) ist aktuell. Java (1,7,0,9) ist aktuell. Adobe Reader 11,0,0,0 ist aktuell. Geändert von JimmyRakete (19.11.2012 um 22:38 Uhr) |
|
20.11.2012, 05:06
| #10 |
| /// Helfer-Team | Bundespolizei-Virus / Riskware.InstallMonetizer in C:\Users\...\Temporary Internet Files\Content.IE5\2JL0E Sehr gut! damit bist Du sauber und entlassen!  adwCleaner entfernen
Tool-Bereinigung mit OTL Wir werden nun die CleanUp!-Funktion von OTL nutzen, um die meisten Programme, die wir zur Bereinigung installiert haben, wieder von Deinem System zu löschen.
Zurücksetzen der Sicherheitszonen Lasse die Sicherheitszonen wieder zurücksetzen, da diese manipuliert wurden um den Browser für weitere Angriffe zu öffnen. Gehe dabei so vor: http://www.trojaner-board.de/111805-...ecksetzen.html Systemwiederherstellungen leeren Damit der Rechner nicht mit einer infizierten Systemwiederherstellung erneut infiziert werden kann, muessen wir diese leeren. Dazu schalten wir sie einmal aus und dann wieder ein: Systemwiederherstellung deaktivieren Tutorial fuer Windows XP, Windows Vista, Windows 7 Danach wieder aktivieren. Aufräumen mit CCleaner Lasse mit CCleaner (Download) (Anleitung) Fehler in der
Lektuere zum abarbeiten: http://www.trojaner-board.de/90880-d...tallation.html http://www.trojaner-board.de/105213-...tellungen.html PluginCheck http://www.trojaner-board.de/96344-a...-rechners.html Secunia Online Software Inspector http://www.trojaner-board.de/71715-k...iendungen.html http://www.trojaner-board.de/83238-a...sschalten.html http://www.trojaner-board.de/109844-...ren-seite.html PC wird immer langsamer - was tun? |
|
20.11.2012, 16:06
| #11 |
| | Bundespolizei-Virus / Riskware.InstallMonetizer in C:\Users\...\Temporary Internet Files\Content.IE5\2JL0E t'john, recht vielen Dank für Deine Hilfe!!! Ich bin froh, dass es so schnell, unkompliziert und ohne Verlust meiner Daten geklappt hat! Kann Euch nur weiterempfehlen! Eine schöne Zeit... |
|
21.11.2012, 04:19
| #12 |
| /// Helfer-Team | Bundespolizei-Virus / Riskware.InstallMonetizer in C:\Users\...\Temporary Internet Files\Content.IE5\2JL0Ewir wuenschen eine virenfreie Zeit  |
|
| Themen zu Bundespolizei-Virus / Riskware.InstallMonetizer in C:\Users\...\Temporary Internet Files\Content.IE5\2JL0E |
| antivir, autorun, avira, bho, bonjour, browser, bundespolizei-virus, converter, echtzeit-scanner, error, firefox, flash player, helper, home, hängt, install.exe, installation, internet, intranet, logfile, nvidia update, object, office 2007, officejet, plug-in, realtek, registry, scan, security, senden, software, splitcam, svchost.exe, t-mobile, usb 2.0, windows |
Linear-Darstellung
