| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Facebook Schadlink hkmnf.promotii-rca.roWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
03.04.2013, 20:44
| #1 |
 |  Facebook Schadlink hkmnf.promotii-rca.ro Hallo, hab beim facebook schauen leider mein Hirn ausgeschalten und blind auf ein vermeintliches Video gedrückt, das eine Freundin gepostet haben soll: (Punkte durch Sterne ersetzt) hkmnf*promotii-rca*ro/hewabela*php?fb_action_ids=528079687235788&fb_action_types=og*likes&fb_source=other_multiline&action_object_map=%7B%22528079687235788%22%3A17824831566 5819%7D&action_type_map=%7B%22528079687235788%22%3A%22og*likes%22%7D&action_ref_map=%5B%5D Benutze Opera11.51 1087 für facebook, und dieses machte sofort ein neues Tab auf, welches ich unverzüglich schloss. Machte mir bis heute keine Gedanken, jedoch postete ein Freund, der nie Videos postet das gleiche, kurz drauf meinte ein Kommentator es sei ein Virus hinter dem link. Hier die logs von OTL und gmer OTL.txt Code:
ATTFilter OTL logfile created on: 03.04.2013 17:38:50 - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\hmmm\Desktop
Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16521)
Locale: 00000407 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
1013,42 Mb Total Physical Memory | 268,32 Mb Available Physical Memory | 26,48% Memory free
1,99 Gb Paging File | 0,78 Gb Available in Paging File | 39,21% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 214,84 Gb Total Space | 144,69 Gb Free Space | 67,35% Space Free | Partition Type: NTFS
Drive D: | 17,75 Gb Total Space | 9,57 Gb Free Space | 53,90% Space Free | Partition Type: NTFS
Computer Name: HMMM-KA | User Name: hmmm | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2013.04.03 14:02:58 | 000,712,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SoftwareDistribution\Download\Install\AM_Delta_Patch_1.147.889.0.exe
PRC - [2013.04.03 12:45:49 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\hmmm\Desktop\OTL(1).exe
PRC - [2013.04.02 12:33:22 | 000,237,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
PRC - [2013.02.05 17:48:44 | 000,272,248 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee Security Scan\3.0.318\SSScheduler.exe
PRC - [2013.01.27 12:11:46 | 000,295,232 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft Security Client\NisSrv.exe
PRC - [2013.01.27 12:11:46 | 000,284,304 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft Security Client\MpCmdRun.exe
PRC - [2013.01.27 12:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft Security Client\MsMpEng.exe
PRC - [2013.01.27 12:11:06 | 000,947,152 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Security Client\msseces.exe
PRC - [2013.01.02 15:10:28 | 002,448,032 | ---- | M] (Check Point Software Technologies LTD) -- C:\Programme\CheckPoint\ZoneAlarm\vsmon.exe
PRC - [2013.01.02 14:38:50 | 000,073,984 | ---- | M] (Check Point Software Technologies LTD) -- C:\Programme\CheckPoint\ZoneAlarm\zatray.exe
PRC - [2012.12.18 16:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.11.30 04:55:25 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2012.11.23 04:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012.11.22 16:33:18 | 000,497,320 | ---- | M] (Check Point Software Technologies) -- C:\Programme\CheckPoint\ZAForceField\ISWSVC.exe
PRC - [2012.11.22 16:32:54 | 000,738,984 | ---- | M] (Check Point Software Technologies) -- C:\Programme\CheckPoint\ZAForceField\ForceField.exe
PRC - [2012.01.04 15:22:40 | 000,822,624 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
PRC - [2011.10.01 09:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011.10.01 09:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011.09.27 14:50:49 | 000,114,688 | ---- | M] () -- C:\Programme\Mobile Partner\Mobile Partner.exe
PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.10.25 10:05:52 | 000,795,648 | ---- | M] () -- C:\Programme\Control Center\CCenter.exe
PRC - [2010.09.21 14:03:14 | 001,710,464 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2010.09.21 14:03:14 | 000,193,408 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2010.06.07 14:24:48 | 000,289,952 | ---- | M] (Atheros Commnucations) -- C:\Programme\Atheros\Bluetooth Suite\AthBtTray.exe
PRC - [2010.06.07 14:24:34 | 000,470,176 | ---- | M] (Atheros Commnucations) -- C:\Programme\Atheros\Bluetooth Suite\BtvStack.exe
PRC - [2010.06.07 14:24:28 | 000,038,560 | ---- | M] (Atheros Commnucations) -- C:\Programme\Atheros\Bluetooth Suite\AdminService.exe
PRC - [2010.05.24 16:44:48 | 000,151,552 | ---- | M] (Atheros) -- C:\Programme\Atheros\Ath_CoexAgent.exe
PRC - [2009.01.26 15:31:16 | 002,144,088 | RHS- | M] (Safer Networking Limited) -- C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe
========== Modules (No Company Name) ==========
MOD - [2012.11.29 23:59:32 | 000,093,696 | ---- | M] () -- C:\Programme\FileZilla FTP Client\fzshellext.dll
MOD - [2011.09.27 14:50:49 | 000,114,688 | ---- | M] () -- C:\Programme\Mobile Partner\Mobile Partner.exe
MOD - [2010.10.25 10:05:52 | 000,795,648 | ---- | M] () -- C:\Programme\Control Center\CCenter.exe
MOD - [2008.07.03 15:44:50 | 000,135,168 | ---- | M] () -- C:\Programme\Mobile Partner\LocaleMgrPlugin.dll
MOD - [2008.07.03 15:44:18 | 000,155,648 | ---- | M] () -- C:\Programme\Mobile Partner\SMSPlugin.dll
MOD - [2008.07.03 15:43:26 | 000,032,768 | ---- | M] () -- C:\Programme\Mobile Partner\NotifyServicePlugin.dll
MOD - [2008.07.03 15:41:26 | 000,057,344 | ---- | M] () -- C:\Programme\Mobile Partner\ConfigFilePlugin.dll
MOD - [2008.07.03 15:40:20 | 000,098,304 | ---- | M] () -- C:\Programme\Mobile Partner\DeviceMgrPlugin.dll
MOD - [2008.07.03 15:38:32 | 000,114,688 | ---- | M] () -- C:\Programme\Mobile Partner\NetInfoPlugin.dll
MOD - [2008.07.03 15:36:32 | 000,086,016 | ---- | M] () -- C:\Programme\Mobile Partner\DialUpPlugin.dll
MOD - [2008.07.03 15:35:40 | 000,155,648 | ---- | M] () -- C:\Programme\Mobile Partner\DeviceMgrUIPlugin.dll
MOD - [2008.05.23 16:19:36 | 000,061,440 | ---- | M] () -- C:\Programme\Mobile Partner\XCodec.dll
MOD - [2008.05.23 16:19:32 | 000,040,960 | ---- | M] () -- C:\Programme\Mobile Partner\DeviceOperate.dll
MOD - [2008.05.23 16:19:28 | 000,147,456 | ---- | M] () -- C:\Programme\Mobile Partner\DetectDev.dll
MOD - [2008.05.23 16:19:22 | 000,524,288 | ---- | M] () -- C:\Programme\Mobile Partner\atcomm.dll
MOD - [2008.03.07 14:55:40 | 000,088,576 | ---- | M] () -- C:\Programme\Control Center\ShowIcoOSD.dll
MOD - [2008.01.28 10:46:34 | 000,089,088 | ---- | M] () -- C:\Programme\Control Center\ShowDisplaySwitchOSD.dll
MOD - [2007.09.24 12:12:54 | 000,088,576 | ---- | M] () -- C:\Programme\Control Center\AcpiRwDll.dll
MOD - [2007.09.24 12:12:36 | 000,089,088 | ---- | M] () -- C:\Programme\Control Center\ShowProgressOSD.dll
MOD - [2007.08.23 16:39:30 | 000,014,848 | ---- | M] () -- C:\Programme\Mobile Partner\isaputrace.dll
MOD - [2007.07.31 15:50:04 | 000,090,112 | ---- | M] () -- C:\Programme\Mobile Partner\FileManager.dll
========== Services (SafeList) ==========
SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SBSDWSCService)
SRV - [2013.03.08 23:57:05 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.02.05 17:48:00 | 000,235,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Programme\McAfee Security Scan\3.0.318\McCHSvc.exe -- (McComponentHostService)
SRV - [2013.01.27 12:11:46 | 000,295,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2013.01.27 12:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2013.01.08 13:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013.01.02 15:10:28 | 002,448,032 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Programme\CheckPoint\ZoneAlarm\vsmon.exe -- (vsmon)
SRV - [2012.12.18 16:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.11.22 16:33:18 | 000,497,320 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Programme\CheckPoint\ZAForceField\ISWSVC.exe -- (IswSvc)
SRV - [2012.01.18 14:38:28 | 000,155,320 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Programme\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion)
SRV - [2012.01.04 15:22:40 | 000,822,624 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE -- (cvhsvc)
SRV - [2011.10.01 09:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011.10.01 09:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011.09.27 21:03:28 | 000,295,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2010.11.20 23:29:49 | 001,121,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2010.09.22 16:33:04 | 000,051,040 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010.09.21 14:03:14 | 001,710,464 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.06.07 14:24:28 | 000,038,560 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Programme\Atheros\Bluetooth Suite\AdminService.exe -- (AtherosSvc)
SRV - [2010.05.24 16:44:48 | 000,151,552 | ---- | M] (Atheros) [Auto | Running] -- C:\Programme\Atheros\Ath_CoexAgent.exe -- (Atheros Bt&Wlan Coex Agent)
SRV - [2010.01.09 22:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010.01.09 22:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | System | Stopped] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{824C147E-A3BC-42A8-8473-947ED58A2120}\MpKslade283cc.sys -- (MpKslade283cc)
DRV - [2013.01.20 16:59:04 | 000,100,328 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2012.12.13 12:49:38 | 000,454,744 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\System32\drivers\vsdatant.sys -- (Vsdatant)
DRV - [2012.11.22 16:33:30 | 000,027,056 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Programme\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)
DRV - [2012.10.25 14:23:22 | 000,025,200 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggsemc.sys -- (ggsemc)
DRV - [2012.10.25 14:23:22 | 000,012,400 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggflt.sys -- (ggflt)
DRV - [2012.08.23 16:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2012.08.23 16:41:34 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2012.08.23 16:40:25 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2011.10.01 09:30:42 | 000,019,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol)
DRV - [2011.10.01 09:30:40 | 000,021,864 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir)
DRV - [2011.10.01 09:30:38 | 000,194,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay)
DRV - [2011.10.01 09:30:36 | 000,579,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs)
DRV - [2011.09.02 08:31:28 | 000,039,192 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2011.09.02 08:31:20 | 000,041,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2011.06.27 02:37:12 | 002,191,872 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2010.11.19 04:34:14 | 000,141,568 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV - [2010.11.19 04:34:12 | 000,062,208 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nusb3hub.sys -- (nusb3hub)
DRV - [2010.06.07 11:08:54 | 000,230,760 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btfilter.sys -- (BtFilter)
DRV - [2010.06.07 11:08:54 | 000,177,704 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btath_hcrp.sys -- (BTATH_HCRP)
DRV - [2010.06.07 11:08:54 | 000,143,080 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btath_rcp.sys -- (BTATH_RCP)
DRV - [2010.06.07 11:08:54 | 000,046,952 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btath_lwflt.sys -- (BTATH_LWFLT)
DRV - [2010.06.07 11:08:52 | 000,256,360 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btath_a2dp.sys -- (BTATH_A2DP)
DRV - [2010.06.07 11:08:52 | 000,047,144 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AthDfu.sys -- (ATHDFU)
DRV - [2010.06.07 11:08:52 | 000,037,224 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btath_flt.sys -- (AthBTPort)
DRV - [2010.06.07 11:08:52 | 000,028,200 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btath_bus.sys -- (BTATH_BUS)
DRV - [2009.07.14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2008.12.30 11:57:54 | 000,103,040 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ewusbfake.sys -- (hwusbfake)
DRV - [2008.12.13 11:27:50 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2008.08.27 11:06:00 | 000,010,728 | ---- | M] (TPS Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tpsacpi.sys -- (tpsacpi)
DRV - [2008.06.10 13:37:22 | 000,026,624 | ---- | M] (ELANTECH Devices Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Ktp.sys -- (Ktp)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://at.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-AT
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 14 0A B0 F8 78 85 CD 01 [binary data]
IE - HKCU\..\URLSearchHook: {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledAddons: add-to-searchbox%40maltekraus.de:2.0
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.14
FF - prefs.js..extensions.enabledAddons: adblockpopups%40jessehakanen.net:0.7
FF - prefs.js..extensions.enabledAddons: personas%40christopher.beard:1.6.5
FF - prefs.js..extensions.enabledAddons: %7B1018e4d6-728f-4b20-ad56-37578a4de76b%7D:4.2.7
FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.5.9
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1165635.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2013.01.14 19:23:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.03.08 23:57:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.04.03 15:09:20 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.03.08 23:57:09 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.04.03 15:09:20 | 000,000,000 | ---D | M]
[2011.09.27 15:00:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\hmmm\AppData\Roaming\mozilla\Extensions
[2013.03.29 15:19:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\hmmm\AppData\Roaming\mozilla\Firefox\Profiles\dohj0kke.default\extensions
[2013.03.14 21:55:03 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\hmmm\AppData\Roaming\mozilla\Firefox\Profiles\dohj0kke.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2013.02.23 21:43:26 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\hmmm\AppData\Roaming\mozilla\Firefox\Profiles\dohj0kke.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2013.03.25 12:20:58 | 000,000,000 | ---D | M] (CCC003) -- C:\Users\hmmm\AppData\Roaming\mozilla\Firefox\Profiles\dohj0kke.default\extensions\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}
[2013.03.04 01:19:30 | 000,134,804 | ---- | M] () (No name found) -- C:\Users\hmmm\AppData\Roaming\mozilla\firefox\profiles\dohj0kke.default\extensions\adblockpopups@jessehakanen.net.xpi
[2011.10.01 14:40:33 | 000,025,781 | ---- | M] () (No name found) -- C:\Users\hmmm\AppData\Roaming\mozilla\firefox\profiles\dohj0kke.default\extensions\add-to-searchbox@maltekraus.de.xpi
[2012.07.07 15:01:34 | 000,123,385 | ---- | M] () (No name found) -- C:\Users\hmmm\AppData\Roaming\mozilla\firefox\profiles\dohj0kke.default\extensions\elemhidehelper@adblockplus.org.xpi
[2013.03.06 22:41:02 | 000,386,363 | ---- | M] () (No name found) -- C:\Users\hmmm\AppData\Roaming\mozilla\firefox\profiles\dohj0kke.default\extensions\personas@christopher.beard.xpi
[2013.03.29 15:19:36 | 000,531,916 | ---- | M] () (No name found) -- C:\Users\hmmm\AppData\Roaming\mozilla\firefox\profiles\dohj0kke.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2013.02.14 15:59:41 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\hmmm\AppData\Roaming\mozilla\firefox\profiles\dohj0kke.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.04.17 02:14:31 | 000,001,396 | ---- | M] () -- C:\Users\hmmm\AppData\Roaming\mozilla\firefox\profiles\dohj0kke.default\searchplugins\checkoutmycardscom.xml
[2011.10.04 15:12:06 | 000,002,261 | ---- | M] () -- C:\Users\hmmm\AppData\Roaming\mozilla\firefox\profiles\dohj0kke.default\searchplugins\google-suche.xml
[2012.07.24 23:11:49 | 000,001,274 | ---- | M] () -- C:\Users\hmmm\AppData\Roaming\mozilla\firefox\profiles\dohj0kke.default\searchplugins\nba--aba-basketball-statistics--history--basketball-referenc.xml
[2012.05.18 15:58:13 | 000,001,022 | ---- | M] () -- C:\Users\hmmm\AppData\Roaming\mozilla\firefox\profiles\dohj0kke.default\searchplugins\ultimate-guitar-tabs-archive--300000-guitar-tabs-bass-tabs-c.xml
[2011.10.01 16:43:03 | 000,001,187 | ---- | M] () -- C:\Users\hmmm\AppData\Roaming\mozilla\firefox\profiles\dohj0kke.default\searchplugins\wikipedia-the-free-encyclopedia.xml
[2011.10.01 15:30:09 | 000,001,030 | ---- | M] () -- C:\Users\hmmm\AppData\Roaming\mozilla\firefox\profiles\dohj0kke.default\searchplugins\youtube---broadcast-yourself.xml
[2013.03.08 23:55:01 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2013.03.08 23:57:08 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.10.17 02:10:31 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.10.17 02:10:31 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.10.17 02:10:31 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.10.17 02:10:31 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.10.17 02:10:31 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.10.17 02:10:31 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
========== Chrome ==========
CHR - homepage:
CHR - homepage:
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.79\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.79\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.79\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: npFFApi (Enabled) = C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U7 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.70.10 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw_1165635.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\hmmm\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\hmmm\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Google Mail = C:\Users\hmmm\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Programme\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Programme\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O2 - BHO: (Free Download Manager) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Programme\Free Download Manager\iefdm2.dll (FreeDownloadManager.ORG)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O4 - HKLM..\Run: [AthBtTray] C:\Program Files\Atheros\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations)
O4 - HKLM..\Run: [AtherosBtStack] C:\Program Files\Atheros\Bluetooth Suite\BtvStack.exe (Atheros Commnucations)
O4 - HKLM..\Run: [Control Center] C:\Programme\Control Center\CCenter.exe ()
O4 - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
O4 - HKLM..\Run: [KTPWare] X:\Program Files\Elantech\ktpCtrl.exe File not found
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Alles mit FDM herunterladen - C:\Program Files\Free Download Manager\dlall.htm ()
O8 - Extra context menu item: Auswahl mit FDM herunterladen - C:\Program Files\Free Download Manager\dlselected.htm ()
O8 - Extra context menu item: Datei mit FDM herunterladen - C:\Program Files\Free Download Manager\dllink.htm ()
O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.17.2)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{3392c1fa-8ad0-11e1-9bf2-e0b9a59a01aa}\Shell - "" = AutoRun
O33 - MountPoints2\{3392c1fa-8ad0-11e1-9bf2-e0b9a59a01aa}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{67770b98-e935-11e0-9f86-e0b9a5495183}\Shell - "" = AutoRun
O33 - MountPoints2\{67770b98-e935-11e0-9f86-e0b9a5495183}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{67770ba8-e935-11e0-9f86-e0b9a5495183}\Shell - "" = AutoRun
O33 - MountPoints2\{67770ba8-e935-11e0-9f86-e0b9a5495183}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{88824bce-9556-11e1-b016-e0b9a59a01aa}\Shell - "" = AutoRun
O33 - MountPoints2\{88824bce-9556-11e1-b016-e0b9a59a01aa}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{98decd6f-1e99-11e2-9bd9-00e04c8920f7}\Shell - "" = AutoRun
O33 - MountPoints2\{98decd6f-1e99-11e2-9bd9-00e04c8920f7}\Shell\AutoRun\command - "" = G:\Startme.exe
O33 - MountPoints2\{a1155944-906c-11e1-af44-00e04c8920f7}\Shell - "" = AutoRun
O33 - MountPoints2\{a1155944-906c-11e1-af44-00e04c8920f7}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{b81150fb-ec56-11e0-9407-e0b9a59a01aa}\Shell - "" = AutoRun
O33 - MountPoints2\{b81150fb-ec56-11e0-9407-e0b9a59a01aa}\Shell\AutoRun\command - "" = H:\Startme.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2013.04.03 14:42:59 | 000,000,000 | ---D | C] -- C:\Users\hmmm\AppData\Local\Programs
[2013.04.03 13:34:02 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\hmmm\Desktop\OTL(1).exe
[2013.04.01 13:13:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2013.03.25 14:03:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\D-Fend Reloaded
[2013.03.25 14:03:20 | 000,000,000 | ---D | C] -- C:\Users\hmmm\D-Fend Reloaded
[2013.03.25 14:03:09 | 000,000,000 | ---D | C] -- C:\Program Files\D-Fend Reloaded
[2013.03.08 23:55:01 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Users\hmmm\Documents\*.tmp files -> C:\Users\hmmm\Documents\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2013.04.03 17:33:35 | 000,016,928 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.04.03 17:33:35 | 000,016,928 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.04.03 17:26:50 | 000,000,043 | ---- | M] () -- C:\Users\Public\Documents\AtherosServiceConfig.ini
[2013.04.03 17:26:17 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.04.03 17:26:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.04.03 17:25:52 | 796,987,392 | -HS- | M] () -- C:\hiberfil.sys
[2013.04.03 14:43:44 | 000,001,069 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.04.03 14:09:01 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.04.03 12:48:36 | 000,377,856 | ---- | M] () -- C:\Users\hmmm\Desktop\gmer_2.1.19155.exe
[2013.04.03 12:48:16 | 000,050,477 | ---- | M] () -- C:\Users\hmmm\Desktop\Defogger(1).exe
[2013.04.03 12:45:49 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\hmmm\Desktop\OTL(1).exe
[2013.04.02 12:32:58 | 000,654,852 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.04.02 12:32:58 | 000,616,694 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.04.02 12:32:58 | 000,130,434 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.04.02 12:32:58 | 000,106,816 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.04.01 13:13:41 | 000,002,172 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2013.03.30 12:50:11 | 000,025,185 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2013.03.26 16:45:50 | 000,103,015 | ---- | M] () -- C:\Users\hmmm\Documents\siemens.pdf
[2013.03.26 16:42:19 | 000,103,392 | ---- | M] () -- C:\Users\hmmm\Documents\wiesenthal.pdf
[2013.03.25 14:04:38 | 000,001,035 | ---- | M] () -- C:\Users\Public\Desktop\D-Fend Reloaded.lnk
[2013.03.22 20:42:52 | 000,162,125 | ---- | M] () -- C:\Users\hmmm\Documents\wiesenthal.xps
[3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Users\hmmm\Documents\*.tmp files -> C:\Users\hmmm\Documents\*.tmp -> ]
========== Files Created - No Company Name ==========
[2013.04.03 14:43:44 | 000,001,069 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.04.03 13:34:03 | 000,050,477 | ---- | C] () -- C:\Users\hmmm\Desktop\Defogger(1).exe
[2013.04.03 13:34:02 | 000,377,856 | ---- | C] () -- C:\Users\hmmm\Desktop\gmer_2.1.19155.exe
[2013.04.01 13:13:41 | 000,002,172 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2013.03.30 12:50:11 | 000,025,185 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2013.03.26 16:42:16 | 000,103,392 | ---- | C] () -- C:\Users\hmmm\Documents\wiesenthal.pdf
[2013.03.25 14:04:38 | 000,001,035 | ---- | C] () -- C:\Users\Public\Desktop\D-Fend Reloaded.lnk
[2013.03.22 20:42:50 | 000,162,125 | ---- | C] () -- C:\Users\hmmm\Documents\wiesenthal.xps
[2013.03.22 20:32:44 | 000,103,015 | ---- | C] () -- C:\Users\hmmm\Documents\siemens.pdf
[2013.02.07 00:27:21 | 000,022,379 | ---- | C] () -- C:\Users\hmmm\AppData\Local\recently-used.xbel
[2012.09.29 13:43:52 | 000,000,056 | RHS- | C] () -- C:\Windows\System32\E71BBE94BF.sys
[2012.09.29 13:14:06 | 000,003,766 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys
[2012.09.10 16:16:12 | 000,000,000 | ---- | C] () -- C:\Users\hmmm\defogger_reenable
[2012.05.04 12:40:17 | 000,005,120 | ---- | C] () -- C:\Users\hmmm\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.03.22 22:01:32 | 000,079,360 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2012.03.15 10:40:28 | 004,826,112 | ---- | C] () -- C:\Windows\System32\x264vfw.dll
[2012.01.09 23:45:18 | 000,178,688 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2011.12.07 23:32:24 | 000,216,064 | ---- | C] ( ) -- C:\Windows\System32\lagarith.dll
[2011.09.28 21:09:45 | 000,001,065 | ---- | C] () -- C:\Windows\winamp.ini
[2011.04.06 02:19:30 | 000,246,804 | ---- | C] () -- C:\Windows\System32\AtherosBT.bin
========== ZeroAccess Check ==========
[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 23:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2013.01.12 19:28:25 | 000,000,000 | ---D | M] -- C:\Users\hmmm\AppData\Roaming\Audacity
[2012.09.27 19:32:41 | 000,000,000 | ---D | M] -- C:\Users\hmmm\AppData\Roaming\CheckPoint
[2013.01.20 23:42:21 | 000,000,000 | ---D | M] -- C:\Users\hmmm\AppData\Roaming\FileZilla
[2012.09.03 14:14:02 | 000,000,000 | ---D | M] -- C:\Users\hmmm\AppData\Roaming\Free Download Manager
[2012.05.04 11:36:18 | 000,000,000 | ---D | M] -- C:\Users\hmmm\AppData\Roaming\FreeFLVConverter
[2012.12.25 17:41:36 | 000,000,000 | ---D | M] -- C:\Users\hmmm\AppData\Roaming\gtk-2.0
[2011.12.04 01:43:23 | 000,000,000 | ---D | M] -- C:\Users\hmmm\AppData\Roaming\Guitar Pro 6
[2012.03.22 12:42:36 | 000,000,000 | ---D | M] -- C:\Users\hmmm\AppData\Roaming\Leadertech
[2012.09.10 11:54:14 | 000,000,000 | ---D | M] -- C:\Users\hmmm\AppData\Roaming\OpenOffice.org
[2011.09.28 20:59:43 | 000,000,000 | ---D | M] -- C:\Users\hmmm\AppData\Roaming\Opera
[2013.03.27 16:24:53 | 000,000,000 | ---D | M] -- C:\Users\hmmm\AppData\Roaming\SoftGrid Client
[2012.12.15 15:25:29 | 000,000,000 | ---D | M] -- C:\Users\hmmm\AppData\Roaming\TP
[2012.05.04 12:37:53 | 000,000,000 | ---D | M] -- C:\Users\hmmm\AppData\Roaming\Win7codecs
[2011.12.06 01:13:11 | 000,000,000 | ---D | M] -- C:\Users\hmmm\AppData\Roaming\Windows Live Writer
========== Purity Check ==========
< End of report >
Code:
ATTFilter OTL Extras logfile created on: 03.04.2013 16:55:16 - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\hmmm\Desktop
Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16521)
Locale: 00000407 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
1013,42 Mb Total Physical Memory | 471,80 Mb Available Physical Memory | 46,56% Memory free
1,99 Gb Paging File | 1,57 Gb Available in Paging File | 78,71% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 214,84 Gb Total Space | 144,68 Gb Free Space | 67,34% Space Free | Partition Type: NTFS
Drive D: | 17,75 Gb Total Space | 9,57 Gb Free Space | 53,90% Space Free | Partition Type: NTFS
Computer Name: HMMM-KA | User Name: hmmm | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (All) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = comfile] -- "%1" %*
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\System32\mshta.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
.inf [@ = inffile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\System32\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-4033972169-725669118-744484689-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\System32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\Winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\Winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\Winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{141F9633-CA8B-475A-BD1C-FBAD28B07F55}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{F212C4FD-CE67-4C2F-AEA5-00560AE6A324}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{36CD5DF5-84E9-4F7E-9992-ADEA9B18E5F6}" = protocol=17 | dir=in | app=c:\program files\sony ericsson\update engine\sony ericsson update engine.exe |
"{379DD5CF-C282-4BBD-A9C6-FACDC9000C5B}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 |
"{4C58C2A4-2CA6-4CB6-B172-EA22C3017715}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{555EA909-B6E9-4F22-9C77-F22EBF278A96}" = protocol=6 | dir=in | app=c:\program files\opera\pluginwrapper\opera_plugin_wrapper.exe |
"{60E4D7ED-49A9-4AD7-90F8-E64CBBF0F6EF}" = protocol=17 | dir=in | app=c:\program files\opera\pluginwrapper\opera_plugin_wrapper.exe |
"{8024DF97-E4F2-42D5-9226-3312C03ACC49}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"{88A55365-DF3E-4E44-BE35-664F956ADCC9}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{96892ED3-3072-4CF6-AB28-BA221022FB53}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
"{AF85D2DB-16AA-4F6E-A6CB-08C1BEA94147}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E50AA223-0618-4504-87A3-4A4035AE69A6}" = protocol=58 | dir=in | app=system |
"{EC9FD432-0EB8-4D14-BFC6-4D1D5C889BE1}" = protocol=6 | dir=in | app=c:\program files\sony ericsson\update engine\sony ericsson update engine.exe |
"{F83F1E47-A320-40E1-B9B8-3465ED2EB25D}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02602409-9189-4567-BC07-562605243B69}" = Windows Live Remote Client Resources
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{101A497C-7EF6-4001-834D-E5FA1C70FEFA}" = Bluetooth Win7 Suite
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack
"{14A487F2-1259-4E6C-AE3C-3C888DDBCB60}_is1" = Guitar Pro 6
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20B1B020-DEAE-48D1-9960-D4C3185D758B}" = Phase 5 HTML-Editor
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros WLAN and Bluetooth Client Installation Program
"{325988C2-8D7B-460E-8F6F-4747129CA495}" = ZoneAlarm Security
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{390DD8BB-BB57-4942-A029-2D913E4E9D74}" = Microsoft Security Client
"{3A65A74A-5B6E-451A-92D8-50F1182BBE9A}" = Windows Live Remote Service Resources
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{50779A29-834E-4E36-BBEB-B7CABC67A825}" = Microsoft Security Client DE-DE Language Pack
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6ADCBB79-7B9A-449B-AE31-E1C7116042B9}" = ZoneAlarm Firewall
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C0CAA7A-3272-4991-A808-2C7559DE3409}" = Win7codecs
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-006D-0407-0000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9E48FF52-082C-4CC2-BB67-6E10D09C0431}" = Windows Live UX Platform Language Pack
"{A09AB2EA-4E3B-48A8-A716-CD4FB3529548}" = Control Center
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.6) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony PC Companion 2.10.094
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F843C6A3-224D-4615-94F8-3C461BD9AEA0}" = Jasc Paint Shop Pro 9
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.13 (Unicode)
"AudioCon" = AudioCon
"D-Fend Reloaded" = D-Fend Reloaded 1.3.3 (deinstallieren)
"Elantech" = KTP Ware PS/2-x86 5.3.0.4
"ESET Online Scanner" = ESET Online Scanner v3
"FLV Player" = FLV Player 2.0 (build 25)
"Free Download Manager_is1" = Free Download Manager 3.9
"GIMP-2_is1" = GIMP 2.8.2
"Google Chrome" = Google Chrome
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Security Client" = Microsoft Security Essentials
"Mobile Partner" = Mobile Partner
"Mozilla Firefox 19.0.2 (x86 de)" = Mozilla Firefox 19.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"Opera 12.14.1738" = Opera 12.14
"sp6" = Logitech SetPoint 6.32
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Update Engine" = Sony Ericsson Update Engine
"Winamp" = Winamp (remove only)
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"ZoneAlarm Free Firewall" = ZoneAlarm Free Firewall
"ZoneAlarm LTD Toolbar" = ZoneAlarm LTD Toolbar
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-4033972169-725669118-744484689-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"FileZilla Client" = FileZilla Client 3.6.0.2
"Gnumeric" = Gnumeric Spreadsheet 1.10.16-20110616
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 20.01.2013 14:14:22 | Computer Name = hmmm-ka | Source = CVHSVC | ID = 100
Description = Nur zur Information. (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
DownloadLatest Failed: Zurzeit sind keine aktiven Netzwerkverbindungen verfügbar.
Der Vorgang wird von BITS wiederholt, sobald der Adapter über eine Verbindung verfügt.
Error - 20.01.2013 21:39:02 | Computer Name = hmmm-ka | Source = WinMgmt | ID = 10
Description =
Error - 21.01.2013 12:42:08 | Computer Name = hmmm-ka | Source = WinMgmt | ID = 10
Description =
Error - 21.01.2013 15:12:56 | Computer Name = hmmm-ka | Source = WinMgmt | ID = 10
Description =
Error - 21.01.2013 18:10:42 | Computer Name = hmmm-ka | Source = WinMgmt | ID = 10
Description =
Error - 21.01.2013 18:59:07 | Computer Name = hmmm-ka | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\spybot
- search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
files\spybot - search & destroy\DelZip179.dll" in Zeile 8. Der Wert "*" des "language"-Attributs
im assemblyIdentity-Element ist ungültig.
Error - 21.01.2013 18:59:17 | Computer Name = hmmm-ka | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\Sony\sony
pc companion\Drivers\DPInst64.exe". Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 21.01.2013 20:06:03 | Computer Name = hmmm-ka | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\spybot
- search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
files\spybot - search & destroy\DelZip179.dll" in Zeile 8. Der Wert "*" des "language"-Attributs
im assemblyIdentity-Element ist ungültig.
Error - 21.01.2013 20:06:07 | Computer Name = hmmm-ka | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\Sony\sony
pc companion\Drivers\DPInst64.exe". Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 22.01.2013 17:47:28 | Computer Name = hmmm-ka | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 03.04.2013 09:09:44 | Computer Name = hmmm-ka | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 03.04.2013 09:11:10 | Computer Name = hmmm-ka | Source = DCOM | ID = 10005
Description =
Error - 03.04.2013 09:11:16 | Computer Name = hmmm-ka | Source = DCOM | ID = 10005
Description =
Error - 03.04.2013 09:11:19 | Computer Name = hmmm-ka | Source = DCOM | ID = 10005
Description =
Error - 03.04.2013 09:11:19 | Computer Name = hmmm-ka | Source = DCOM | ID = 10005
Description =
Error - 03.04.2013 09:11:19 | Computer Name = hmmm-ka | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 03.04.2013 09:11:19 | Computer Name = hmmm-ka | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 03.04.2013 09:11:19 | Computer Name = hmmm-ka | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 03.04.2013 09:23:56 | Computer Name = hmmm-ka | Source = DCOM | ID = 10005
Description =
Error - 03.04.2013 09:23:56 | Computer Name = hmmm-ka | Source = Microsoft Antimalware | ID = 2001
Description = Beim Aktualisieren der Signaturen wurde von %%860 ein Fehler festgestellt.
Neue
Signaturversion: Vorherige Signaturversion: 1.147.889.0 Aktualisierungsquelle: %%859
Aktualisierungsphase:
%%852 Quellpfad: Default URL Signaturtyp: %%800 Aktualisierungstyp: %%803 Benutzer:
NT-AUTORITÄT\SYSTEM Aktuelle Modulversion: Vorherige Modulversion: 1.1.9302.0 Fehlercode:
0x8007043c Fehlerbeschreibung: Der Dienst kann nicht im abgesicherten Modus gestartet
werden.
< End of report >
Code:
ATTFilter GMER 2.1.19155 - hxxp://www.gmer.net
Rootkit scan 2013-04-03 14:41:57
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 TOSHIBA_MK2576GSX rev.GS001A 232,89GB
Running: gmer_2.1.19155.exe; Driver: C:\Users\hmmm\AppData\Local\Temp\pfldipoc.sys
---- System - GMER 2.1 ----
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwAlpcConnectPort [0x89122082]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwAlpcCreatePort [0x8912294A]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwConnectPort [0x89121AD8]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwCreateFile [0x8911B334]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwCreateKey [0x8913D1DA]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwCreatePort [0x891225E2]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwCreateProcess [0x89136F1C]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwCreateProcessEx [0x89137344]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwCreateSection [0x8914196E]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwCreateUserProcess [0x891377B8]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwCreateWaitablePort [0x89122740]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwDeleteFile [0x8911C070]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwDeleteKey [0x8913ECCE]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwDeleteValueKey [0x8913E580]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwDuplicateObject [0x89135CFC]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwLoadDriver [0x89115D46]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwLoadKey [0x8913F760]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwLoadKey2 [0x8913F99E]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwLoadKeyEx [0x8913FE50]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwMapViewOfSection [0x89141D2C]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwOpenFile [0x8911BC22]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwOpenProcess [0x89139430]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwOpenThread [0x8913901E]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwProtectVirtualMemory [0x8914E340]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwRenameKey [0x89140838]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwReplaceKey [0x8914011A]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwRequestWaitReplyPort [0x8912167C]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwRestoreKey [0x8914129E]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwSecureConnectPort [0x89121DA4]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwSetInformationFile [0x8911C47C]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwSetInformationObject [0x8914E204]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwSetSecurityObject [0x89140DC2]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwSetSystemInformation [0x89115410]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwSetValueKey [0x8913DCA0]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwSystemDebugControl [0x89138042]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwTerminateProcess [0x89137D72]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwUnloadDriver [0x89116198]
---- Kernel code sections - GMER 2.1 ----
.text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 81C489E9 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 81C821C2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 10FF 81C89214 8 Bytes [82, 20, 12, 89, 4A, 29, 12, ...]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1193 81C892A8 4 Bytes [D8, 1A, 12, 89]
.text ntkrnlpa.exe!KeRemoveQueueEx + 11AF 81C892C4 1 Byte [34]
.text ntkrnlpa.exe!KeRemoveQueueEx + 11AF 81C892C4 4 Bytes [34, B3, 11, 89]
.text ntkrnlpa.exe!KeRemoveQueueEx + 11BF 81C892D4 4 Bytes [DA, D1, 13, 89]
.text ...
---- User code sections - GMER 2.1 ----
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[1864] USER32.dll!GetUpdateRect + CF 75CFA644 5 Bytes JMP 20CC9266 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
---- Devices - GMER 2.1 ----
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\485d60d098ec
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\485d60d098ed
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\485d60f2b4cf
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\e0b9a5495183
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\e0b9a5495183@b8f934934c25 0x4F 0x62 0x65 0x80 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\485d60d098ec (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\485d60d098ed (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\485d60f2b4cf (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\e0b9a5495183 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\e0b9a5495183@b8f934934c25 0x4F 0x62 0x65 0x80 ...
---- EOF - GMER 2.1 ----
Hab ein paar Fragen dazu: Hab mir die logs durchgesehen und nichts entdeckt, was für mich merkwürdig aussieht, inwiefern kann diesen Programmen Schadsoftware entgehen? Ist es möglich, dass sich der link über mein facebookprofil weiterverbreitet, ohne dass mein System infiziert ist und ich es bemerke(bei letzteren glaube ich schon)? |
| Themen zu Facebook Schadlink hkmnf.promotii-rca.ro |
| autorun, error, failed, firefox, flash player, frage, free download, ftp, iexplore.exe, install.exe, installation, microsoft office starter 2010, mozilla, object, plug-in, registry, richtlinie, rundll, safer networking, schadlink, security, updates, win32/bundled.toolbar.ask, win32/installcore.d, win32/toolbar.searchsuite, windows, wlan, wrapper, wscript.exe |
Baum-Darstellung