| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: TR/Crypt.ZPACK.GEN8 in C:\Windows\System32\wmidxu.dll durch Avira gefunden und isoliertWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
15.01.2013, 12:17
| #1 |
 |  TR/Crypt.ZPACK.GEN8 in C:\Windows\System32\wmidxu.dll durch Avira gefunden und isoliert Hallo zusammen, ich habe gestern von einer vermeintlich vertrauenswürdigen Seite eine Datei heruntergeladen, die sich allerdings nicht installieren ließ, da Avira den Trojaner erkannt und in Quarantäne gestellt hat. Es hat sich trotzdem anscheinend etwas installieren können, denn seitdem lässt sich das Windows Sicherheitscenter und das Avira Control Center nicht mehr aktivieren. Des Weiteren wurde ich bei Googlesuchen immer wieder auf falsche Internetadressen gelotst (u.a. ihavenet.com). Dies hat sich nun gegeben, nachdem ich meine gesamten Dateien mit Avira gescannt habe und nun hoffentlich alle Teile des Trojaners eingefangen habe. Weitere Scans mit Eset online scan und Malwarebytes Anti-Malware führten nach der Isolierung zu keinem weiteren Fund einer infizierten Datei. Leider bekomme ich von Avira keine Datei erstellt, in denen der Trojaner näher bezeichnet ist. Nun würde ich aber gerne diesen Trojaner möglichst schnell wieder loswerden und benötige dabei eure Hilfe. Leider kann ich mein Netbook nicht formatieren, da mir erstens ein CD-Laufwerk fehlt und zweitens die dazu passende CD. Vielen Dank im Vorfeld für eure Mühen Dakur OTL.txt Code:
ATTFilter OTL logfile created on: 1/15/2013 1:36:04 AM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Danny\Desktop Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1014.12 Mb Total Physical Memory | 491.21 Mb Available Physical Memory | 48.44% Memory free 1.99 Gb Paging File | 1.13 Gb Available in Paging File | 56.81% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files Drive C: | 100.00 Gb Total Space | 55.73 Gb Free Space | 55.73% Space Free | Partition Type: NTFS Drive D: | 117.87 Gb Total Space | 30.19 Gb Free Space | 25.61% Space Free | Partition Type: NTFS Computer Name: DANNY-PC | User Name: Danny | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013/01/15 01:29:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Danny\Desktop\OTL.exe PRC - [2012/12/11 16:07:46 | 000,085,280 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2012/12/11 16:07:33 | 000,079,136 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe PRC - [2012/12/11 16:07:31 | 000,384,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2012/12/11 16:07:31 | 000,109,344 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2012/11/30 03:55:25 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2012/11/23 03:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2012/07/27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011/10/13 17:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE PRC - [2011/10/01 08:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe PRC - [2011/10/01 08:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe PRC - [2011/05/27 15:23:00 | 001,300,264 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\Scrybe\Service\ScrybeUpdater.exe PRC - [2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010/05/28 06:47:44 | 003,058,304 | ---- | M] (ASUS) -- C:\Windows\AsScrPro.exe PRC - [2010/05/17 22:49:26 | 001,242,544 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\EeePC\HotkeyService\HotkeyService.exe PRC - [2010/04/16 16:56:44 | 000,644,384 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe PRC - [2010/04/03 01:45:20 | 000,407,552 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\EeePC\SHE\SuperHybridEngine.exe PRC - [2010/04/02 00:52:34 | 000,445,344 | ---- | M] (ASUS) -- C:\Program Files\EeePC\CapsHook\CapsHook.exe PRC - [2010/03/23 12:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe PRC - [2010/02/04 13:05:32 | 007,350,912 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe PRC - [2009/09/11 19:41:02 | 000,100,328 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe PRC - [2009/08/19 01:35:56 | 000,219,136 | ---- | M] () -- C:\Windows\System32\AsusService.exe PRC - [2009/06/19 09:29:42 | 000,105,016 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe PRC - [2009/06/15 16:30:42 | 000,084,536 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe PRC - [2009/06/05 03:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe PRC - [2009/06/05 03:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe ========== Modules (No Company Name) ========== MOD - [2013/01/10 10:59:15 | 001,670,144 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\b95e7795ea5951d09521cddfc03b5c4e\Microsoft.VisualBasic.ni.dll MOD - [2013/01/10 10:58:19 | 001,051,136 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\302207b4fa3083899fd8ab4db98cecc5\System.Management.ni.dll MOD - [2013/01/10 10:23:54 | 001,840,640 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\aa0c82eddc6cc12961a92835f777dcc0\System.Web.Services.ni.dll MOD - [2013/01/10 10:23:16 | 000,628,224 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\01c6cb58745f397c9b7ccf3ab7bfc9cd\System.EnterpriseServices.ni.dll MOD - [2013/01/10 10:23:14 | 000,627,200 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\536d704e93ffec9b54e4a0312fb5b996\System.Transactions.ni.dll MOD - [2013/01/10 10:23:11 | 006,611,456 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\dd20416f723ee13ffb4173ec1afc4ec4\System.Data.ni.dll MOD - [2013/01/10 10:21:12 | 012,436,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\865d2bf19a7af7fab8660a42d92550fe\System.Windows.Forms.ni.dll MOD - [2013/01/10 10:20:34 | 001,592,832 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll MOD - [2013/01/10 10:20:18 | 000,025,600 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\d908c91e24616e6b8d38c9da61038b25\Accessibility.ni.dll MOD - [2013/01/10 10:18:57 | 005,453,312 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll MOD - [2013/01/10 10:18:42 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll MOD - [2013/01/10 10:18:38 | 007,989,760 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll MOD - [2013/01/10 10:18:07 | 011,493,376 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll MOD - [2011/03/31 18:31:02 | 000,066,856 | ---- | M] () -- C:\Program Files\Synaptics\SynTP\SynTPEnhPS.dll MOD - [2010/11/13 01:02:21 | 000,315,392 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2010/11/05 02:58:05 | 002,927,616 | ---- | M] () -- C:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll MOD - [2010/05/28 07:05:49 | 000,030,032 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\SqliteShared\1.0.3726.20828__0d0f4b69e50e559b\SqliteShared.dll MOD - [2010/05/28 07:05:48 | 000,839,680 | ---- | M] () -- C:\windows\assembly\GAC_32\System.Data.SQLite\1.0.60.0__db937bc2d44ff139\System.Data.SQLite.dll MOD - [2010/03/16 02:48:46 | 000,148,816 | ---- | M] () -- C:\Program Files\ASUS\ASUS WebStorage\EcaremeDLL.dll MOD - [2009/06/10 22:23:19 | 000,261,632 | ---- | M] () -- C:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll MOD - [2009/05/28 22:02:28 | 000,054,272 | ---- | M] () -- C:\Program Files\BatteryBar\BarExplorerHook.dll ========== Services (SafeList) ========== SRV - [2013/01/10 20:10:31 | 000,115,760 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013/01/09 22:10:34 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012/12/11 16:07:46 | 000,085,280 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012/12/11 16:07:31 | 000,109,344 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012/07/27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011/10/21 15:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc) SRV - [2011/10/13 17:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate) SRV - [2011/10/01 08:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa) SRV - [2011/10/01 08:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist) SRV - [2011/05/27 15:23:00 | 001,300,264 | ---- | M] (Synaptics, Inc.) [Auto | Running] -- C:\Program Files\Synaptics\Scrybe\Service\ScrybeUpdater.exe -- (ScrybeUpdater) SRV - [2010/04/16 16:56:44 | 000,644,384 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins) SRV - [2010/03/23 12:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND) SRV - [2009/08/19 01:35:56 | 000,219,136 | ---- | M] () [Auto | Running] -- C:\Windows\System32\AsusService.exe -- (AsusService) SRV - [2009/07/14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV - [2009/06/15 16:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService) SRV - [2009/06/05 03:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON) SRV - [2007/05/31 15:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2007/05/31 15:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) ========== Driver Services (SafeList) ========== DRV - [2012/12/11 16:07:50 | 000,134,336 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2012/12/11 16:07:50 | 000,083,944 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2012/11/13 17:16:36 | 000,036,552 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2012/08/27 14:50:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2011/10/01 08:30:42 | 000,019,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol) DRV - [2011/10/01 08:30:40 | 000,021,864 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir) DRV - [2011/10/01 08:30:38 | 000,194,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay) DRV - [2011/10/01 08:30:36 | 000,579,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs) DRV - [2011/08/19 11:25:25 | 000,106,880 | ---- | M] (HSPADataCard Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HSPADataCardusbser.sys -- (HSPADataCardusbser) DRV - [2011/08/19 11:25:25 | 000,106,880 | ---- | M] (HSPADataCard Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HSPADataCardusbnmea.sys -- (HSPADataCardusbnmea) DRV - [2011/08/19 11:25:25 | 000,106,880 | ---- | M] (HSPADataCard Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HSPADataCardusbmdm.sys -- (HSPADataCardusbmdm) DRV - [2011/08/19 11:25:25 | 000,010,240 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter.sys -- (massfilter) DRV - [2010/11/20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010/11/20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WINUSB) DRV - [2010/04/22 04:59:09 | 000,065,576 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C) DRV - [2010/04/19 06:43:57 | 000,013,880 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\kbfiltr.sys -- (kbfiltr) DRV - [2010/03/31 02:40:20 | 000,011,520 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\AsUpIO.sys -- (AsUpIO) DRV - [2010/03/23 12:15:36 | 000,308,859 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA) DRV - [2009/12/15 03:46:26 | 000,024,192 | ---- | M] (Bytemobile, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\tcpipBM.sys -- (tcpipBM) DRV - [2009/12/15 03:46:18 | 000,013,184 | ---- | M] (Bytemobile, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\BMLoad.sys -- (BMLoad) DRV - [2009/07/13 23:02:46 | 001,096,704 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2009/07/06 14:33:40 | 000,015,616 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hcw95rc.sys -- (hcw95rc) DRV - [2009/07/06 14:30:58 | 000,573,440 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hcw95bda.sys -- (hcw95bda) DRV - [2008/11/16 17:39:44 | 000,131,984 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE) DRV - [2007/01/18 19:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2319825 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://eeepc.asus.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://eeepc.asus.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2319825 IE - HKCU\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2319825 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultthis.engineName: "Winload Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.selectedEngine: "Yahoo" FF - prefs.js..browser.startup.homepage: "hxxp://de.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:de:official" FF - prefs.js..extensions.enabledAddons: personas%40christopher.beard:1.6.2 FF - prefs.js..extensions.enabledAddons: ff-bmboc%40bytemobile.com:4.2.2 FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0033-ABCDEFFEDCBA%7D:6.0.33 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.2 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&q=" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll () FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF - HKCU\Software\MozillaPlugins\intel.com/AppUp: C:\Program Files\Intel\IntelAppStore\bin\npAppUp.dll (Intel) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{8AA36F4F-6DC7-4c06-77AF-5035170634FE}: C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2011/06/09 17:50:12 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ff-bmboc@bytemobile.com: C:\Program Files\congstar\Internet-Manager\Bin\addon [2010/04/01 13:29:34 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/01/10 20:10:31 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/01/10 20:10:22 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013/01/08 20:50:22 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013/01/08 20:50:22 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013/01/08 20:50:22 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013/01/08 20:50:22 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013/01/08 20:50:22 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013/01/08 20:50:22 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013/01/08 20:50:22 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013/01/08 20:50:22 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013/01/08 20:50:22 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013/01/08 20:50:22 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013/01/08 20:50:22 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013/01/08 20:50:22 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 5.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013/01/08 20:50:22 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 5.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013/01/08 20:50:22 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013/01/08 20:50:22 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013/01/08 20:50:22 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013/01/08 20:50:22 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013/01/08 20:50:22 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013/01/08 20:50:22 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\finder@meingutscheincode.de: C:\Program Files\Mein Gutscheincode Finder\Firefox [2011/08/15 21:48:37 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 16.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013/01/08 20:50:22 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 16.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013/01/08 20:50:22 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013/01/08 20:50:22 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013/01/08 20:50:22 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010/08/17 00:09:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Danny\AppData\Roaming\mozilla\Extensions [2010/08/17 00:09:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Danny\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2012/11/25 20:00:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Danny\AppData\Roaming\mozilla\Firefox\Profiles\xnh2q9it.default\extensions [2012/07/19 16:41:16 | 000,000,000 | ---D | M] ("DHL Toolbar") -- C:\Users\Danny\AppData\Roaming\mozilla\Firefox\Profiles\xnh2q9it.default\extensions\{edc0b8a5-c050-4bb2-b785-a623b4515abf} [2011/03/12 22:38:07 | 000,000,000 | ---D | M] (Personas) -- C:\Users\Danny\AppData\Roaming\mozilla\Firefox\Profiles\xnh2q9it.default\extensions\personas@christopher.beard [2012/11/25 20:00:10 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\Danny\AppData\Roaming\mozilla\firefox\profiles\xnh2q9it.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011/08/15 21:48:38 | 000,001,123 | ---- | M] () -- C:\Users\Danny\AppData\Roaming\mozilla\firefox\profiles\xnh2q9it.default\searchplugins\conduit.xml [2013/01/10 20:10:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions [2013/01/10 20:10:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2010/04/01 13:29:34 | 000,000,000 | ---D | M] (Bytemobile Optimization Client) -- C:\PROGRAM FILES\CONGSTAR\INTERNET-MANAGER\BIN\ADDON [2013/01/10 20:10:31 | 000,262,704 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012/07/17 19:00:14 | 000,170,624 | ---- | M] (Tracker Software Products (Canada) Ltd.) -- C:\Program Files\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll [2012/10/24 23:03:12 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012/10/24 23:03:11 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012/10/24 23:03:12 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012/10/24 23:03:12 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012/10/24 23:03:12 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012/10/24 23:03:11 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009/06/10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Mein Gutscheincode Finder zeigt automatisch Shopping-Gutscheine an mit denen Sie beim Online-Einkauf sparen können.) - {1ED16E0A-E8C4-40A0-8BC2-79485D21F796} - C:\Program Files\Mein Gutscheincode Finder\Internet Explorer\x86\ConversionOneIE.dll (Conversion One GmbH) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O4 - HKLM..\Run: [ASUS Screen Saver Protector] C:\Windows\AsScrPro.exe (ASUS) O4 - HKLM..\Run: [ASUSPRP] C:\Program Files\ASUS\APRP\APRP.EXE (ASUSTek Computer Inc.) O4 - HKLM..\Run: [ATKOSD2] C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe (ASUS) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [CapsHook] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.) O4 - HKLM..\Run: [HControlUser] C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe (ASUS) O4 - HKLM..\Run: [HotkeyMon] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.) O4 - HKLM..\Run: [HotkeyService] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.) O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation) O4 - HKLM..\Run: [OOBESetup] C:\Program Files\asus\OOBERegBackup\OOBERegBackup.exe (ASUSTeK Computer Inc.) O4 - HKLM..\Run: [SuperHybridEngine] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.) O4 - HKCU..\Run: [ShowBatteryBar] C:\Program Files\BatteryBar\ShowBatteryBar.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: @C:\windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 10.7.2) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 172.30.3.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{983A5790-0C7D-48E8-BE1E-1DD96D3025A2}: DhcpNameServer = 172.30.3.254 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013/01/15 01:29:27 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Danny\Desktop\OTL.exe [2013/01/14 20:09:34 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2013/01/10 20:10:19 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2013/01/08 20:50:22 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird ========== Files - Modified Within 30 Days ========== [2013/01/15 01:33:24 | 000,000,000 | ---- | M] () -- C:\Users\Danny\defogger_reenable [2013/01/15 01:30:36 | 000,365,568 | ---- | M] () -- C:\Users\Danny\Desktop\gmer-2.0.18444.exe [2013/01/15 01:29:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Danny\Desktop\OTL.exe [2013/01/15 01:28:36 | 000,050,477 | ---- | M] () -- C:\Users\Danny\Desktop\Defogger.exe [2013/01/15 01:10:00 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job [2013/01/14 17:10:12 | 000,009,696 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013/01/14 17:10:12 | 000,009,696 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013/01/14 17:02:16 | 000,000,302 | ---- | M] () -- C:\windows\tasks\Zzfyf.job [2013/01/14 17:02:08 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2013/01/14 17:01:56 | 797,532,160 | -HS- | M] () -- C:\hiberfil.sys [2013/01/10 10:15:43 | 000,288,296 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT [2013/01/10 10:04:23 | 000,659,448 | ---- | M] () -- C:\windows\System32\perfh007.dat [2013/01/10 10:04:23 | 000,620,594 | ---- | M] () -- C:\windows\System32\perfh009.dat [2013/01/10 10:04:23 | 000,132,728 | ---- | M] () -- C:\windows\System32\perfc007.dat [2013/01/10 10:04:23 | 000,108,518 | ---- | M] () -- C:\windows\System32\perfc009.dat [2013/01/09 22:23:30 | 000,118,879 | ---- | M] () -- C:\Users\Danny\Desktop\Nr 22 - 22102010 Bachelorprüfungsordnung Phil Fak 4 Satzung zur Änderung.pdf [2013/01/09 22:22:31 | 001,647,871 | ---- | M] () -- C:\Users\Danny\Desktop\Nr 46 - 30092009 Bachelorstudiengänge 3 Satzung zur Änderung der Neufassung der.pdf [2013/01/09 22:21:54 | 000,053,596 | ---- | M] () -- C:\Users\Danny\Desktop\Nr 25 - 15052009 Bachelorprüfungsordnung Phil Fak 2 Satzung zur Änderung der N.pdf [2013/01/09 22:16:10 | 002,050,882 | ---- | M] () -- C:\Users\Danny\Desktop\Nr 35 - 08102007 Bachelorprüfungsordnung Phil Fak Neufassung.pdf [2013/01/04 10:40:51 | 000,040,752 | ---- | M] () -- C:\Users\Danny\Desktop\Nr 06 - 14032006 Satzung der Ethikkommission Med Fak.pdf [2013/01/04 10:40:26 | 000,720,571 | ---- | M] () -- C:\Users\Danny\Desktop\Nr 25 - 05102006 Bachelorstudiengänge der Phil Fak Prüfungsordnung.pdf [2012/12/30 19:38:48 | 000,001,187 | ---- | M] () -- C:\Users\Public\Desktop\ElsterFormular.lnk [2012/12/30 15:51:14 | 000,069,206 | ---- | M] () -- C:\Users\Danny\Desktop\Merkblatt_Einzureichende_Belege_ab_VZ2011_Ansichts-PDF.pdf ========== Files Created - No Company Name ========== [2013/01/15 01:33:24 | 000,000,000 | ---- | C] () -- C:\Users\Danny\defogger_reenable [2013/01/15 01:30:36 | 000,365,568 | ---- | C] () -- C:\Users\Danny\Desktop\gmer-2.0.18444.exe [2013/01/15 01:28:34 | 000,050,477 | ---- | C] () -- C:\Users\Danny\Desktop\Defogger.exe [2013/01/14 12:45:22 | 000,000,302 | ---- | C] () -- C:\windows\tasks\Zzfyf.job [2013/01/09 22:23:30 | 000,118,879 | ---- | C] () -- C:\Users\Danny\Desktop\Nr 22 - 22102010 Bachelorprüfungsordnung Phil Fak 4 Satzung zur Änderung.pdf [2013/01/09 22:22:29 | 001,647,871 | ---- | C] () -- C:\Users\Danny\Desktop\Nr 46 - 30092009 Bachelorstudiengänge 3 Satzung zur Änderung der Neufassung der.pdf [2013/01/09 22:21:54 | 000,053,596 | ---- | C] () -- C:\Users\Danny\Desktop\Nr 25 - 15052009 Bachelorprüfungsordnung Phil Fak 2 Satzung zur Änderung der N.pdf [2013/01/09 22:16:07 | 002,050,882 | ---- | C] () -- C:\Users\Danny\Desktop\Nr 35 - 08102007 Bachelorprüfungsordnung Phil Fak Neufassung.pdf [2013/01/04 10:40:50 | 000,040,752 | ---- | C] () -- C:\Users\Danny\Desktop\Nr 06 - 14032006 Satzung der Ethikkommission Med Fak.pdf [2013/01/04 10:40:26 | 000,720,571 | ---- | C] () -- C:\Users\Danny\Desktop\Nr 25 - 05102006 Bachelorstudiengänge der Phil Fak Prüfungsordnung.pdf [2012/12/30 19:38:48 | 000,001,187 | ---- | C] () -- C:\Users\Public\Desktop\ElsterFormular.lnk [2012/12/30 15:50:58 | 000,069,206 | ---- | C] () -- C:\Users\Danny\Desktop\Merkblatt_Einzureichende_Belege_ab_VZ2011_Ansichts-PDF.pdf [2012/10/19 00:37:36 | 000,116,224 | ---- | C] () -- C:\windows\System32\redmonnt.dll [2012/10/19 00:37:36 | 000,045,056 | ---- | C] () -- C:\windows\System32\unredmon.exe [2011/07/04 15:32:45 | 000,007,621 | ---- | C] () -- C:\Users\Danny\AppData\Local\Resmon.ResmonCfg [2011/04/21 08:46:39 | 000,393,256 | ---- | C] () -- C:\windows\System32\CNQ4809N.DAT [2011/03/23 15:13:41 | 000,009,704 | ---- | C] () -- C:\windows\HCWPNP.INI [2010/05/28 06:50:35 | 000,131,984 | ---- | C] () -- C:\ProgramData\FullRemove.exe ========== ZeroAccess Check ========== [2009/07/14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2010/08/17 19:42:09 | 000,000,000 | ---D | M] -- C:\Users\Danny\AppData\Roaming\Asus [2010/05/28 07:06:05 | 000,000,000 | ---D | M] -- C:\Users\Danny\AppData\Roaming\ASUS WebStorage [2012/09/04 22:07:35 | 000,000,000 | ---D | M] -- C:\Users\Danny\AppData\Roaming\BatteryBar [2012/05/09 23:29:07 | 000,000,000 | ---D | M] -- C:\Users\Danny\AppData\Roaming\Broken Sword 2.5 [2011/11/24 20:47:25 | 000,000,000 | ---D | M] -- C:\Users\Danny\AppData\Roaming\Canon [2010/08/17 00:49:36 | 000,000,000 | ---D | M] -- C:\Users\Danny\AppData\Roaming\com.nyt.timesreader.78C54164786ADE80CB31E1C5D95607D0938C987A.1 [2010/08/18 16:17:58 | 000,000,000 | ---D | M] -- C:\Users\Danny\AppData\Roaming\DeltaVision [2012/11/26 13:22:49 | 000,000,000 | ---D | M] -- C:\Users\Danny\AppData\Roaming\Dropbox [2010/08/17 01:38:06 | 000,000,000 | ---D | M] -- C:\Users\Danny\AppData\Roaming\EeeStorageUploader [2012/01/02 14:02:14 | 000,000,000 | ---D | M] -- C:\Users\Danny\AppData\Roaming\elsterformular [2012/10/19 13:16:05 | 000,000,000 | ---D | M] -- C:\Users\Danny\AppData\Roaming\FreePDF [2010/12/27 12:06:37 | 000,000,000 | ---D | M] -- C:\Users\Danny\AppData\Roaming\GetRightToGo [2010/08/17 01:17:09 | 000,000,000 | ---D | M] -- C:\Users\Danny\AppData\Roaming\GoBoingo [2010/11/13 19:26:02 | 000,000,000 | ---D | M] -- C:\Users\Danny\AppData\Roaming\ICAClient [2012/07/24 07:31:03 | 000,000,000 | ---D | M] -- C:\Users\Danny\AppData\Roaming\Internet-Manager [2010/12/27 12:09:06 | 000,000,000 | ---D | M] -- C:\Users\Danny\AppData\Roaming\MS-Buchhalter [2011/08/15 21:48:25 | 000,000,000 | ---D | M] -- C:\Users\Danny\AppData\Roaming\OCS [2010/08/18 07:48:41 | 000,000,000 | ---D | M] -- C:\Users\Danny\AppData\Roaming\OpenOffice.org [2011/08/15 21:48:39 | 000,000,000 | ---D | M] -- C:\Users\Danny\AppData\Roaming\Opera [2011/09/28 15:17:01 | 000,000,000 | ---D | M] -- C:\Users\Danny\AppData\Roaming\Rovio [2011/05/17 21:55:28 | 000,000,000 | ---D | M] -- C:\Users\Danny\AppData\Roaming\SoftGrid Client [2011/08/01 22:49:24 | 000,000,000 | ---D | M] -- C:\Users\Danny\AppData\Roaming\Swiss Academic Software [2011/06/26 21:51:22 | 000,000,000 | ---D | M] -- C:\Users\Danny\AppData\Roaming\Synaptics [2010/08/17 01:38:28 | 000,000,000 | ---D | M] -- C:\Users\Danny\AppData\Roaming\temp [2010/08/17 00:09:00 | 000,000,000 | ---D | M] -- C:\Users\Danny\AppData\Roaming\Thunderbird [2011/05/13 12:15:30 | 000,000,000 | ---D | M] -- C:\Users\Danny\AppData\Roaming\TP [2010/08/18 21:24:40 | 000,000,000 | ---D | M] -- C:\Users\Danny\AppData\Roaming\Windows Live Writer [2012/08/14 14:25:41 | 000,000,000 | ---D | M] -- C:\Users\Danny\AppData\Roaming\yWorks ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:AB689DEA < End of report > Code:
ATTFilter OTL Extras logfile created on: 1/15/2013 1:36:04 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Danny\Desktop
Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1014.12 Mb Total Physical Memory | 491.21 Mb Available Physical Memory | 48.44% Memory free
1.99 Gb Paging File | 1.13 Gb Available in Paging File | 56.81% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 100.00 Gb Total Space | 55.73 Gb Free Space | 55.73% Space Free | Partition Type: NTFS
Drive D: | 117.87 Gb Total Space | 30.19 Gb Free Space | 25.61% Space Free | Partition Type: NTFS
Computer Name: DANNY-PC | User Name: Danny | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)
.scr [@ = scrfile] -- "%1" /S "%3"
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S "%3"
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"AutoUpdateDisableNotify" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{12D9827D-E68C-4A4D-B547-27C5276AAF5B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{1F02B523-A70A-4521-8F7A-E01404740443}" = rport=445 | protocol=6 | dir=out | app=system |
"{2EF29DF8-05B4-4F18-8F18-D4DA7CE99308}" = lport=8182 | protocol=6 | dir=in | name=java(tm) platform se binary |
"{3F15569D-A990-4D60-8326-AB55DF0F6269}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{44F30C2C-CE31-4718-91EA-90BF79F345A9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{606A869D-535C-4168-8D3C-24BB9C53E868}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{6E6299B2-885E-4471-9DA3-7E29B97DF87E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7AC75C99-C85A-4477-83F8-D997E30B0B1A}" = lport=445 | protocol=6 | dir=in | app=system |
"{7CC8D969-6294-4FD2-BA04-C9CA60D3FD24}" = rport=139 | protocol=6 | dir=out | app=system |
"{7EB19E55-7D19-4D2F-91E4-616F3B75C560}" = lport=138 | protocol=17 | dir=in | app=system |
"{8C85562E-1268-438A-987D-4653E7DE1998}" = lport=139 | protocol=6 | dir=in | app=system |
"{9189FDB7-0F60-4908-B508-6130B7218258}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{98A04DAA-33EA-4072-83AE-0A28D2597E45}" = lport=137 | protocol=17 | dir=in | app=system |
"{9A4E19BF-A3F7-4545-8DE2-3F8370CB8ADB}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A0D91D61-B780-4B5E-B7A6-F4A7F3F94AC3}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A201FC9F-0B87-4AAE-88C6-80B7722C7E49}" = lport=2869 | protocol=6 | dir=in | name=tcp 2869 |
"{A90BCA1A-751B-4A2E-B2AB-4EE026B8DA17}" = rport=137 | protocol=17 | dir=out | app=system |
"{AE6079B6-C825-4B5C-99FC-A64C2E4C90CB}" = lport=1900 | protocol=17 | dir=in | name=udp 1900 |
"{B083AE7B-D4C5-4E88-A094-9980757C5F96}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{B404BAD4-7943-4FFD-B96E-DE0E99482E28}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BA1E8C6A-C8EC-41EB-8EBF-3EA5B5BB1B12}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{BF1DD50F-9977-4324-B735-5C7C671C1483}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{CA7192D2-FC1C-4C78-8B67-EB3A8012B8F5}" = rport=138 | protocol=17 | dir=out | app=system |
"{E156E7AD-C325-4FE8-8535-35F5D5DC0231}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E87D5E42-F192-4B89-8043-4EDFDE0B5163}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F4C27420-1C5E-4414-80EF-4ED97A3F1A6A}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{F5A4E98C-03D8-41DF-8300-C9DF24636CE7}" = lport=5353 | protocol=17 | dir=in | name=java(tm) platform se binary |
"{FD20F2E3-A591-4139-9004-566DA8B82ED6}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0517116C-D0E8-446C-9C72-98123591A900}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{0ACD9B26-9673-4C28-8AF3-D10D8AA61A35}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{241089C1-E410-4CF4-B48B-83884243BCFD}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{26BBAD95-E06E-449D-A416-E3CA0E08433B}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{28FC1FEB-090C-49D2-BDDF-CDE888044866}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"{2D6EFA0F-7B28-41B7-995D-AFC2345914A1}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{32CA4C7C-C449-4B03-BE7F-C99E1B79B825}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"{3EBA39D7-7BB4-4ADD-A61B-DA6307CD1063}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{48585F49-2409-46D6-B375-A4A5D2AC14DF}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"{52A610A9-10A2-42EB-8B0A-169818C1C967}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{78922A2F-9BE4-4294-AF0E-67F3281DF894}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{A143D63E-5D1C-42A0-9E82-3893F22F195F}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{A247D571-E068-4F61-95D0-EBA8528955DB}" = protocol=17 | dir=in | app=c:\users\danny\appdata\roaming\dropbox\bin\dropbox.exe |
"{A852C37D-A086-4679-98BC-B03E751601AD}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{AEB71E96-77D9-4C0F-AD7D-5FBAA896E132}" = protocol=6 | dir=in | app=c:\users\danny\appdata\roaming\dropbox\bin\dropbox.exe |
"{AEC030CA-707B-4096-93CF-15CB1864B35E}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{BA5A977C-EE74-4850-BFDF-B786688E8B0E}" = protocol=6 | dir=in | app=c:\program files\opera\pluginwrapper\opera_plugin_wrapper.exe |
"{C1AC876F-D3C3-4E4E-97F9-F5D0734E35C7}" = protocol=17 | dir=in | app=c:\program files\opera\pluginwrapper\opera_plugin_wrapper.exe |
"{CF73E322-2C16-483A-B54C-FD0920A8F599}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"{EEDD54AB-9237-4512-A167-B8393C321B12}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{F309993C-29DE-49E3-BA03-16288AD5C542}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"TCP Query User{3BFCAEA8-2FF6-4F74-B368-54600AA6D82B}C:\program files\yworks\yed\yed.exe" = protocol=6 | dir=in | app=c:\program files\yworks\yed\yed.exe |
"TCP Query User{A02200B6-46B5-4E85-B1B5-6F54F4F319EE}C:\users\danny\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\danny\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{C384783C-A4D5-44CC-9C50-7C6316CD530A}C:\program files\yworks\yed\yed.exe" = protocol=6 | dir=in | app=c:\program files\yworks\yed\yed.exe |
"UDP Query User{9B2D190F-942D-42EB-994E-E396F5A6868D}C:\program files\yworks\yed\yed.exe" = protocol=17 | dir=in | app=c:\program files\yworks\yed\yed.exe |
"UDP Query User{A10B38BD-61BD-4F2B-8376-3E786C845DF3}C:\users\danny\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\danny\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{FA5C925D-06D0-4047-AB1C-3550B015D68C}C:\program files\yworks\yed\yed.exe" = protocol=17 | dir=in | app=c:\program files\yworks\yed\yed.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4809" = CanoScan LiDE 210 Scanner Driver
"{147DFAD8-34C3-4DE1-9FCA-ACEFDE9EF810}" = Synaptics Gesture Suite featuring SYNAPTICS | Scrybe
"{17780F99-A9DF-450B-81B3-6781B20A17A8}" = FontResizer
"{1E11EE30-C0D4-46BC-9142-27EB4C37BE35}" = Angry Birds
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 33
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9
"{27D28586-BEF1-4E06-8787-3B1FC3A41489}" = congstar Internet-Manager
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{38E5A3B1-ADF1-47E0-8024-76310A30EB36}" = LiveUpdate
"{3B05F2FB-745B-4012-ADF2-439F36B2E70B}" = ATKOSD2
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = WIDCOMM Bluetooth Software
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B5092B6-F231-4D18-83BC-2618B729CA45}" = CapsHook
"{4FCBCF89-1823-4D97-A6F2-0E8DD66E273A}" = Broadcom Wireless Network Adapter
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate for Eee PC
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{6333FC29-BFE5-4024-AC78-958A1A7555D1}" = EeeSplendid
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{71C0E38E-09F2-4386-9977-404D4F6640CD}" = Hotkey Service
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{7C05592D-424B-46CB-B505-E0013E8E75C9}" = ATK Hotkey
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 4.9.0
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110209593}" = Chicken Invaders 2
"{84C2B80B-64A2-4B22-93EC-F30C3D6BF7D8}" = Boingo Wi-Fi
"{859D40CF-8491-44AD-8FA8-7389CB418C64}" = 32 Bit HP CIO Components Installer
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{88F08F98-12BC-4613-81A2-8F9B88CFC73E}" = Super Hybrid Engine
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}" = Ralink RT2860 Wireless LAN Card
"{90140000-006D-0407-0000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile-Gerätecenter
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{994223F3-A99B-4DDD-9E1D-0190A17C6860}" = Windows Live Family Safety
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1" = PDF-Viewer
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{AC7CCB3C-8E86-4165-9363-30B7CCCD9742}" = Angry Birds Rio
"{B0BF7057-6869-4E4B-920C-EA2A58DA07F0}" = Cisco Systems VPN Client 5.0.07.0290
"{B4089055-D468-45A4-A6BA-5A138DD715FC}" = Bing Bar
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{D44AA979-47C2-4BC0-A860-09A54224EA44}_is1" = Game Park Console
"{D802DD00-16A8-4A58-AFC9-020C2380ECDA}" = EeeSplendid
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E12C6653-1FF0-4686-ADB8-589C13AE761F}" = Citavi
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3D2DEDC-4732-4188-8A3A-1A3FFBD4D6C8}" = ebi.BookReader3J
"{F58C1D44-4AC9-48E8-9049-7A6CDFCB415C}" = LocaleMe
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"3309-7404-0599-8908" = yEd Graph Editor 3.10
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ASUS VIBE" = ASUS VIBE
"ASUS WebStorage" = ASUS WebStorage
"Avira AntiVir Desktop" = Avira Free Antivirus
"BatteryBar" = BatteryBar (remove only)
"Broken Sword 2.5_is1" = Broken Sword 2.5
"CanonSolutionMenuEX" = Canon Solution Menu EX
"CCleaner" = CCleaner
"Citrix ICA Web Client" = Citrix ICA Web Client
"Dirty Split" = Dirty Split (remove only)
"Eee Docking_is1" = Eee Docking 3.7.0
"ElsterFormular" = ElsterFormular
"ESET Online Scanner" = ESET Online Scanner v3
"Eye of the Kraken_is1" = Eye of the Kraken
"FormatFactory" = FormatFactory 2.96
"GPL Ghostscript 9.04" = GPL Ghostscript
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Im Dschungel der kleinsten Teilchen" = Im Dschungel der kleinsten Teilchen
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{17780F99-A9DF-450B-81B3-6781B20A17A8}" = FontResizer
"Intel AppUp(SM) center 28264" = Intel AppUp(SM) center
"lgx4.lgx.server" = G DATA Logox4 Speechengine
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 18.0 (x86 de)" = Mozilla Firefox 18.0 (x86 de)
"Mozilla Thunderbird 17.0.2 (x86 de)" = Mozilla Thunderbird 17.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 4.0" = Canon MP Navigator EX 4.0
"MS-Buchhalter Start" = MS-Buchhalter Start 3.0
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"OOBERegBackup_is1" = OOBERegBackup
"Opera 12.01.1532" = Opera 12.01
"Patrimonium_is1" = Patrimonium 1.04
"Pushy & the magic blocks_is1" = Pushy 1.0
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"ScreenSaverPatch_is1" = ScreenSaverPatch
"Sudoku Generator" = Sudoku Generator 2.63
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinLiveSuite_Wave3" = Windows Live Essentials
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 2/6/2012 3:50:47 AM | Computer Name = Danny-PC | Source = CVHSVC | ID = 100
Description = Nur zur Information. (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
DownloadLatest Failed:
Error - 2/17/2012 4:36:46 AM | Computer Name = Danny-PC | Source = CVHSVC | ID = 100
Description = Nur zur Information. (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
DownloadLatest Failed:
Error - 2/17/2012 6:46:27 AM | Computer Name = Danny-PC | Source = CVHSVC | ID = 100
Description = Nur zur Information. (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
DownloadLatest Failed:
Error - 2/17/2012 8:10:29 AM | Computer Name = Danny-PC | Source = CVHSVC | ID = 100
Description = Nur zur Information. (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
DownloadLatest Failed:
Error - 2/18/2012 2:14:44 PM | Computer Name = Danny-PC | Source = CVHSVC | ID = 100
Description = Nur zur Information. (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
DownloadLatest Failed:
Error - 3/10/2012 6:24:34 PM | Computer Name = Danny-PC | Source = CVHSVC | ID = 100
Description = Nur zur Information. (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
DownloadLatest Failed:
Error - 3/15/2012 4:26:36 AM | Computer Name = Danny-PC | Source = CVHSVC | ID = 100
Description = Nur zur Information. (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
DownloadLatest Failed:
Error - 3/19/2012 2:21:33 AM | Computer Name = Danny-PC | Source = CVHSVC | ID = 100
Description = Nur zur Information. (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
DownloadLatest Failed:
Error - 4/3/2012 8:18:40 AM | Computer Name = Danny-PC | Source = CVHSVC | ID = 100
Description = Nur zur Information. (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
DownloadLatest Failed:
Error - 4/3/2012 10:25:16 AM | Computer Name = Danny-PC | Source = CVHSVC | ID = 100
Description = Nur zur Information. (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
DownloadLatest Failed:
[ System Events ]
Error - 1/10/2013 6:22:47 AM | Computer Name = Danny-PC | Source = DCOM | ID = 10010
Description =
Error - 1/10/2013 6:26:40 AM | Computer Name = Danny-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
Error - 1/10/2013 2:21:19 PM | Computer Name = Danny-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
Error - 1/13/2013 3:21:06 PM | Computer Name = Danny-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
Error - 1/13/2013 5:41:34 PM | Computer Name = Danny-PC | Source = DCOM | ID = 10010
Description =
Error - 1/14/2013 7:14:38 AM | Computer Name = Danny-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
Error - 1/14/2013 11:23:56 AM | Computer Name = Danny-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
Error - 1/14/2013 12:03:03 PM | Computer Name = Danny-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
Error - 1/14/2013 12:03:21 PM | Computer Name = Danny-PC | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Windows Search" wurde mit folgendem dienstspezifischem
Fehler beendet: %%-1073473535.
Error - 1/14/2013 12:03:21 PM | Computer Name = Danny-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits
1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt:
Neustart des Diensts.
< End of report >
Code:
ATTFilter GMER 2.0.18444 - hxxp://www.gmer.net
Rootkit scan 2013-01-15 02:33:47
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 ST925031 rev.0003 232,89GB
Running: gmer-2.0.18444.exe; Driver: C:\Users\Danny\AppData\Local\Temp\fgloapog.sys
---- Kernel code sections - GMER 2.0 ----
.text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 81C54A49 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 81C8E4D2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
---- Registry - GMER 2.0 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\1c4bd61e3759
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\74f06da05c07
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\1c4bd61e3759 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\74f06da05c07 (not active ControlSet)
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage\NewShortcuts@C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intel\xae Matrix Storage Manager\Intel\xae Matrix Storage Console.lnk 1
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage\NewShortcuts@C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel\xae Matrix Storage Manager\Intel\xae Matrix Storage Console.lnk 1
---- EOF - GMER 2.0 ----
Code:
ATTFilter Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.01.15.07 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 Danny :: DANNY-PC [Administrator] 15.01.2013 09:52:23 mbam-log-2013-01-15 (09-52-23).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|Q:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 315302 Laufzeit: 1 Stunde(n), 55 Minute(n), 10 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) |
| Themen zu TR/Crypt.ZPACK.GEN8 in C:\Windows\System32\wmidxu.dll durch Avira gefunden und isoliert |
| .com, 32 bit, antivir, application/pdf:, avira, bho, bingbar, eeepc, error, failed, fehler, firefox, flash player, helper, install.exe, installation, logfile, loswerden, microsoft office starter 2010, mozilla, plug-in, realtek, registry, rundll, security, software, svchost.exe, system, tracker, trojaner, udp, windows, wrapper |
Baum-Darstellung