| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Facebook Schadlink hkmnf.promotii-rca.roWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
03.04.2013, 20:44
| #1 |
 |  Facebook Schadlink hkmnf.promotii-rca.ro Hallo, hab beim facebook schauen leider mein Hirn ausgeschalten und blind auf ein vermeintliches Video gedrückt, das eine Freundin gepostet haben soll: (Punkte durch Sterne ersetzt) hkmnf*promotii-rca*ro/hewabela*php?fb_action_ids=528079687235788&fb_action_types=og*likes&fb_source=other_multiline&action_object_map=%7B%22528079687235788%22%3A17824831566 5819%7D&action_type_map=%7B%22528079687235788%22%3A%22og*likes%22%7D&action_ref_map=%5B%5D Benutze Opera11.51 1087 für facebook, und dieses machte sofort ein neues Tab auf, welches ich unverzüglich schloss. Machte mir bis heute keine Gedanken, jedoch postete ein Freund, der nie Videos postet das gleiche, kurz drauf meinte ein Kommentator es sei ein Virus hinter dem link. Hier die logs von OTL und gmer OTL.txt Code:
ATTFilter OTL logfile created on: 03.04.2013 17:38:50 - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\hmmm\Desktop
Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16521)
Locale: 00000407 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
1013,42 Mb Total Physical Memory | 268,32 Mb Available Physical Memory | 26,48% Memory free
1,99 Gb Paging File | 0,78 Gb Available in Paging File | 39,21% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 214,84 Gb Total Space | 144,69 Gb Free Space | 67,35% Space Free | Partition Type: NTFS
Drive D: | 17,75 Gb Total Space | 9,57 Gb Free Space | 53,90% Space Free | Partition Type: NTFS
Computer Name: HMMM-KA | User Name: hmmm | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2013.04.03 14:02:58 | 000,712,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SoftwareDistribution\Download\Install\AM_Delta_Patch_1.147.889.0.exe
PRC - [2013.04.03 12:45:49 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\hmmm\Desktop\OTL(1).exe
PRC - [2013.04.02 12:33:22 | 000,237,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
PRC - [2013.02.05 17:48:44 | 000,272,248 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee Security Scan\3.0.318\SSScheduler.exe
PRC - [2013.01.27 12:11:46 | 000,295,232 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft Security Client\NisSrv.exe
PRC - [2013.01.27 12:11:46 | 000,284,304 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft Security Client\MpCmdRun.exe
PRC - [2013.01.27 12:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft Security Client\MsMpEng.exe
PRC - [2013.01.27 12:11:06 | 000,947,152 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Security Client\msseces.exe
PRC - [2013.01.02 15:10:28 | 002,448,032 | ---- | M] (Check Point Software Technologies LTD) -- C:\Programme\CheckPoint\ZoneAlarm\vsmon.exe
PRC - [2013.01.02 14:38:50 | 000,073,984 | ---- | M] (Check Point Software Technologies LTD) -- C:\Programme\CheckPoint\ZoneAlarm\zatray.exe
PRC - [2012.12.18 16:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.11.30 04:55:25 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2012.11.23 04:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012.11.22 16:33:18 | 000,497,320 | ---- | M] (Check Point Software Technologies) -- C:\Programme\CheckPoint\ZAForceField\ISWSVC.exe
PRC - [2012.11.22 16:32:54 | 000,738,984 | ---- | M] (Check Point Software Technologies) -- C:\Programme\CheckPoint\ZAForceField\ForceField.exe
PRC - [2012.01.04 15:22:40 | 000,822,624 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
PRC - [2011.10.01 09:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011.10.01 09:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011.09.27 14:50:49 | 000,114,688 | ---- | M] () -- C:\Programme\Mobile Partner\Mobile Partner.exe
PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.10.25 10:05:52 | 000,795,648 | ---- | M] () -- C:\Programme\Control Center\CCenter.exe
PRC - [2010.09.21 14:03:14 | 001,710,464 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2010.09.21 14:03:14 | 000,193,408 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2010.06.07 14:24:48 | 000,289,952 | ---- | M] (Atheros Commnucations) -- C:\Programme\Atheros\Bluetooth Suite\AthBtTray.exe
PRC - [2010.06.07 14:24:34 | 000,470,176 | ---- | M] (Atheros Commnucations) -- C:\Programme\Atheros\Bluetooth Suite\BtvStack.exe
PRC - [2010.06.07 14:24:28 | 000,038,560 | ---- | M] (Atheros Commnucations) -- C:\Programme\Atheros\Bluetooth Suite\AdminService.exe
PRC - [2010.05.24 16:44:48 | 000,151,552 | ---- | M] (Atheros) -- C:\Programme\Atheros\Ath_CoexAgent.exe
PRC - [2009.01.26 15:31:16 | 002,144,088 | RHS- | M] (Safer Networking Limited) -- C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe
========== Modules (No Company Name) ==========
MOD - [2012.11.29 23:59:32 | 000,093,696 | ---- | M] () -- C:\Programme\FileZilla FTP Client\fzshellext.dll
MOD - [2011.09.27 14:50:49 | 000,114,688 | ---- | M] () -- C:\Programme\Mobile Partner\Mobile Partner.exe
MOD - [2010.10.25 10:05:52 | 000,795,648 | ---- | M] () -- C:\Programme\Control Center\CCenter.exe
MOD - [2008.07.03 15:44:50 | 000,135,168 | ---- | M] () -- C:\Programme\Mobile Partner\LocaleMgrPlugin.dll
MOD - [2008.07.03 15:44:18 | 000,155,648 | ---- | M] () -- C:\Programme\Mobile Partner\SMSPlugin.dll
MOD - [2008.07.03 15:43:26 | 000,032,768 | ---- | M] () -- C:\Programme\Mobile Partner\NotifyServicePlugin.dll
MOD - [2008.07.03 15:41:26 | 000,057,344 | ---- | M] () -- C:\Programme\Mobile Partner\ConfigFilePlugin.dll
MOD - [2008.07.03 15:40:20 | 000,098,304 | ---- | M] () -- C:\Programme\Mobile Partner\DeviceMgrPlugin.dll
MOD - [2008.07.03 15:38:32 | 000,114,688 | ---- | M] () -- C:\Programme\Mobile Partner\NetInfoPlugin.dll
MOD - [2008.07.03 15:36:32 | 000,086,016 | ---- | M] () -- C:\Programme\Mobile Partner\DialUpPlugin.dll
MOD - [2008.07.03 15:35:40 | 000,155,648 | ---- | M] () -- C:\Programme\Mobile Partner\DeviceMgrUIPlugin.dll
MOD - [2008.05.23 16:19:36 | 000,061,440 | ---- | M] () -- C:\Programme\Mobile Partner\XCodec.dll
MOD - [2008.05.23 16:19:32 | 000,040,960 | ---- | M] () -- C:\Programme\Mobile Partner\DeviceOperate.dll
MOD - [2008.05.23 16:19:28 | 000,147,456 | ---- | M] () -- C:\Programme\Mobile Partner\DetectDev.dll
MOD - [2008.05.23 16:19:22 | 000,524,288 | ---- | M] () -- C:\Programme\Mobile Partner\atcomm.dll
MOD - [2008.03.07 14:55:40 | 000,088,576 | ---- | M] () -- C:\Programme\Control Center\ShowIcoOSD.dll
MOD - [2008.01.28 10:46:34 | 000,089,088 | ---- | M] () -- C:\Programme\Control Center\ShowDisplaySwitchOSD.dll
MOD - [2007.09.24 12:12:54 | 000,088,576 | ---- | M] () -- C:\Programme\Control Center\AcpiRwDll.dll
MOD - [2007.09.24 12:12:36 | 000,089,088 | ---- | M] () -- C:\Programme\Control Center\ShowProgressOSD.dll
MOD - [2007.08.23 16:39:30 | 000,014,848 | ---- | M] () -- C:\Programme\Mobile Partner\isaputrace.dll
MOD - [2007.07.31 15:50:04 | 000,090,112 | ---- | M] () -- C:\Programme\Mobile Partner\FileManager.dll
========== Services (SafeList) ==========
SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SBSDWSCService)
SRV - [2013.03.08 23:57:05 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.02.05 17:48:00 | 000,235,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Programme\McAfee Security Scan\3.0.318\McCHSvc.exe -- (McComponentHostService)
SRV - [2013.01.27 12:11:46 | 000,295,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2013.01.27 12:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2013.01.08 13:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013.01.02 15:10:28 | 002,448,032 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Programme\CheckPoint\ZoneAlarm\vsmon.exe -- (vsmon)
SRV - [2012.12.18 16:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.11.22 16:33:18 | 000,497,320 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Programme\CheckPoint\ZAForceField\ISWSVC.exe -- (IswSvc)
SRV - [2012.01.18 14:38:28 | 000,155,320 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Programme\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion)
SRV - [2012.01.04 15:22:40 | 000,822,624 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE -- (cvhsvc)
SRV - [2011.10.01 09:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011.10.01 09:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011.09.27 21:03:28 | 000,295,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2010.11.20 23:29:49 | 001,121,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2010.09.22 16:33:04 | 000,051,040 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010.09.21 14:03:14 | 001,710,464 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.06.07 14:24:28 | 000,038,560 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Programme\Atheros\Bluetooth Suite\AdminService.exe -- (AtherosSvc)
SRV - [2010.05.24 16:44:48 | 000,151,552 | ---- | M] (Atheros) [Auto | Running] -- C:\Programme\Atheros\Ath_CoexAgent.exe -- (Atheros Bt&Wlan Coex Agent)
SRV - [2010.01.09 22:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010.01.09 22:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | System | Stopped] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{824C147E-A3BC-42A8-8473-947ED58A2120}\MpKslade283cc.sys -- (MpKslade283cc)
DRV - [2013.01.20 16:59:04 | 000,100,328 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2012.12.13 12:49:38 | 000,454,744 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\System32\drivers\vsdatant.sys -- (Vsdatant)
DRV - [2012.11.22 16:33:30 | 000,027,056 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Programme\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)
DRV - [2012.10.25 14:23:22 | 000,025,200 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggsemc.sys -- (ggsemc)
DRV - [2012.10.25 14:23:22 | 000,012,400 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggflt.sys -- (ggflt)
DRV - [2012.08.23 16:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2012.08.23 16:41:34 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2012.08.23 16:40:25 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2011.10.01 09:30:42 | 000,019,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol)
DRV - [2011.10.01 09:30:40 | 000,021,864 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir)
DRV - [2011.10.01 09:30:38 | 000,194,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay)
DRV - [2011.10.01 09:30:36 | 000,579,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs)
DRV - [2011.09.02 08:31:28 | 000,039,192 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2011.09.02 08:31:20 | 000,041,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2011.06.27 02:37:12 | 002,191,872 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2010.11.19 04:34:14 | 000,141,568 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV - [2010.11.19 04:34:12 | 000,062,208 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nusb3hub.sys -- (nusb3hub)
DRV - [2010.06.07 11:08:54 | 000,230,760 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btfilter.sys -- (BtFilter)
DRV - [2010.06.07 11:08:54 | 000,177,704 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btath_hcrp.sys -- (BTATH_HCRP)
DRV - [2010.06.07 11:08:54 | 000,143,080 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btath_rcp.sys -- (BTATH_RCP)
DRV - [2010.06.07 11:08:54 | 000,046,952 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btath_lwflt.sys -- (BTATH_LWFLT)
DRV - [2010.06.07 11:08:52 | 000,256,360 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btath_a2dp.sys -- (BTATH_A2DP)
DRV - [2010.06.07 11:08:52 | 000,047,144 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AthDfu.sys -- (ATHDFU)
DRV - [2010.06.07 11:08:52 | 000,037,224 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btath_flt.sys -- (AthBTPort)
DRV - [2010.06.07 11:08:52 | 000,028,200 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btath_bus.sys -- (BTATH_BUS)
DRV - [2009.07.14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2008.12.30 11:57:54 | 000,103,040 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ewusbfake.sys -- (hwusbfake)
DRV - [2008.12.13 11:27:50 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2008.08.27 11:06:00 | 000,010,728 | ---- | M] (TPS Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tpsacpi.sys -- (tpsacpi)
DRV - [2008.06.10 13:37:22 | 000,026,624 | ---- | M] (ELANTECH Devices Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Ktp.sys -- (Ktp)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://at.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-AT
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 14 0A B0 F8 78 85 CD 01 [binary data]
IE - HKCU\..\URLSearchHook: {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledAddons: add-to-searchbox%40maltekraus.de:2.0
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.14
FF - prefs.js..extensions.enabledAddons: adblockpopups%40jessehakanen.net:0.7
FF - prefs.js..extensions.enabledAddons: personas%40christopher.beard:1.6.5
FF - prefs.js..extensions.enabledAddons: %7B1018e4d6-728f-4b20-ad56-37578a4de76b%7D:4.2.7
FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.5.9
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1165635.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2013.01.14 19:23:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.03.08 23:57:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.04.03 15:09:20 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.03.08 23:57:09 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.04.03 15:09:20 | 000,000,000 | ---D | M]
[2011.09.27 15:00:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\hmmm\AppData\Roaming\mozilla\Extensions
[2013.03.29 15:19:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\hmmm\AppData\Roaming\mozilla\Firefox\Profiles\dohj0kke.default\extensions
[2013.03.14 21:55:03 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\hmmm\AppData\Roaming\mozilla\Firefox\Profiles\dohj0kke.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2013.02.23 21:43:26 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\hmmm\AppData\Roaming\mozilla\Firefox\Profiles\dohj0kke.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2013.03.25 12:20:58 | 000,000,000 | ---D | M] (CCC003) -- C:\Users\hmmm\AppData\Roaming\mozilla\Firefox\Profiles\dohj0kke.default\extensions\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}
[2013.03.04 01:19:30 | 000,134,804 | ---- | M] () (No name found) -- C:\Users\hmmm\AppData\Roaming\mozilla\firefox\profiles\dohj0kke.default\extensions\adblockpopups@jessehakanen.net.xpi
[2011.10.01 14:40:33 | 000,025,781 | ---- | M] () (No name found) -- C:\Users\hmmm\AppData\Roaming\mozilla\firefox\profiles\dohj0kke.default\extensions\add-to-searchbox@maltekraus.de.xpi
[2012.07.07 15:01:34 | 000,123,385 | ---- | M] () (No name found) -- C:\Users\hmmm\AppData\Roaming\mozilla\firefox\profiles\dohj0kke.default\extensions\elemhidehelper@adblockplus.org.xpi
[2013.03.06 22:41:02 | 000,386,363 | ---- | M] () (No name found) -- C:\Users\hmmm\AppData\Roaming\mozilla\firefox\profiles\dohj0kke.default\extensions\personas@christopher.beard.xpi
[2013.03.29 15:19:36 | 000,531,916 | ---- | M] () (No name found) -- C:\Users\hmmm\AppData\Roaming\mozilla\firefox\profiles\dohj0kke.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2013.02.14 15:59:41 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\hmmm\AppData\Roaming\mozilla\firefox\profiles\dohj0kke.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.04.17 02:14:31 | 000,001,396 | ---- | M] () -- C:\Users\hmmm\AppData\Roaming\mozilla\firefox\profiles\dohj0kke.default\searchplugins\checkoutmycardscom.xml
[2011.10.04 15:12:06 | 000,002,261 | ---- | M] () -- C:\Users\hmmm\AppData\Roaming\mozilla\firefox\profiles\dohj0kke.default\searchplugins\google-suche.xml
[2012.07.24 23:11:49 | 000,001,274 | ---- | M] () -- C:\Users\hmmm\AppData\Roaming\mozilla\firefox\profiles\dohj0kke.default\searchplugins\nba--aba-basketball-statistics--history--basketball-referenc.xml
[2012.05.18 15:58:13 | 000,001,022 | ---- | M] () -- C:\Users\hmmm\AppData\Roaming\mozilla\firefox\profiles\dohj0kke.default\searchplugins\ultimate-guitar-tabs-archive--300000-guitar-tabs-bass-tabs-c.xml
[2011.10.01 16:43:03 | 000,001,187 | ---- | M] () -- C:\Users\hmmm\AppData\Roaming\mozilla\firefox\profiles\dohj0kke.default\searchplugins\wikipedia-the-free-encyclopedia.xml
[2011.10.01 15:30:09 | 000,001,030 | ---- | M] () -- C:\Users\hmmm\AppData\Roaming\mozilla\firefox\profiles\dohj0kke.default\searchplugins\youtube---broadcast-yourself.xml
[2013.03.08 23:55:01 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2013.03.08 23:57:08 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.10.17 02:10:31 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.10.17 02:10:31 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.10.17 02:10:31 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.10.17 02:10:31 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.10.17 02:10:31 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.10.17 02:10:31 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
========== Chrome ==========
CHR - homepage:
CHR - homepage:
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.79\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.79\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.79\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: npFFApi (Enabled) = C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U7 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.70.10 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw_1165635.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\hmmm\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\hmmm\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Google Mail = C:\Users\hmmm\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Programme\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Programme\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O2 - BHO: (Free Download Manager) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Programme\Free Download Manager\iefdm2.dll (FreeDownloadManager.ORG)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O4 - HKLM..\Run: [AthBtTray] C:\Program Files\Atheros\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations)
O4 - HKLM..\Run: [AtherosBtStack] C:\Program Files\Atheros\Bluetooth Suite\BtvStack.exe (Atheros Commnucations)
O4 - HKLM..\Run: [Control Center] C:\Programme\Control Center\CCenter.exe ()
O4 - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
O4 - HKLM..\Run: [KTPWare] X:\Program Files\Elantech\ktpCtrl.exe File not found
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Alles mit FDM herunterladen - C:\Program Files\Free Download Manager\dlall.htm ()
O8 - Extra context menu item: Auswahl mit FDM herunterladen - C:\Program Files\Free Download Manager\dlselected.htm ()
O8 - Extra context menu item: Datei mit FDM herunterladen - C:\Program Files\Free Download Manager\dllink.htm ()
O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.17.2)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{3392c1fa-8ad0-11e1-9bf2-e0b9a59a01aa}\Shell - "" = AutoRun
O33 - MountPoints2\{3392c1fa-8ad0-11e1-9bf2-e0b9a59a01aa}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{67770b98-e935-11e0-9f86-e0b9a5495183}\Shell - "" = AutoRun
O33 - MountPoints2\{67770b98-e935-11e0-9f86-e0b9a5495183}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{67770ba8-e935-11e0-9f86-e0b9a5495183}\Shell - "" = AutoRun
O33 - MountPoints2\{67770ba8-e935-11e0-9f86-e0b9a5495183}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{88824bce-9556-11e1-b016-e0b9a59a01aa}\Shell - "" = AutoRun
O33 - MountPoints2\{88824bce-9556-11e1-b016-e0b9a59a01aa}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{98decd6f-1e99-11e2-9bd9-00e04c8920f7}\Shell - "" = AutoRun
O33 - MountPoints2\{98decd6f-1e99-11e2-9bd9-00e04c8920f7}\Shell\AutoRun\command - "" = G:\Startme.exe
O33 - MountPoints2\{a1155944-906c-11e1-af44-00e04c8920f7}\Shell - "" = AutoRun
O33 - MountPoints2\{a1155944-906c-11e1-af44-00e04c8920f7}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{b81150fb-ec56-11e0-9407-e0b9a59a01aa}\Shell - "" = AutoRun
O33 - MountPoints2\{b81150fb-ec56-11e0-9407-e0b9a59a01aa}\Shell\AutoRun\command - "" = H:\Startme.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2013.04.03 14:42:59 | 000,000,000 | ---D | C] -- C:\Users\hmmm\AppData\Local\Programs
[2013.04.03 13:34:02 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\hmmm\Desktop\OTL(1).exe
[2013.04.01 13:13:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2013.03.25 14:03:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\D-Fend Reloaded
[2013.03.25 14:03:20 | 000,000,000 | ---D | C] -- C:\Users\hmmm\D-Fend Reloaded
[2013.03.25 14:03:09 | 000,000,000 | ---D | C] -- C:\Program Files\D-Fend Reloaded
[2013.03.08 23:55:01 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Users\hmmm\Documents\*.tmp files -> C:\Users\hmmm\Documents\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2013.04.03 17:33:35 | 000,016,928 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.04.03 17:33:35 | 000,016,928 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.04.03 17:26:50 | 000,000,043 | ---- | M] () -- C:\Users\Public\Documents\AtherosServiceConfig.ini
[2013.04.03 17:26:17 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.04.03 17:26:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.04.03 17:25:52 | 796,987,392 | -HS- | M] () -- C:\hiberfil.sys
[2013.04.03 14:43:44 | 000,001,069 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.04.03 14:09:01 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.04.03 12:48:36 | 000,377,856 | ---- | M] () -- C:\Users\hmmm\Desktop\gmer_2.1.19155.exe
[2013.04.03 12:48:16 | 000,050,477 | ---- | M] () -- C:\Users\hmmm\Desktop\Defogger(1).exe
[2013.04.03 12:45:49 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\hmmm\Desktop\OTL(1).exe
[2013.04.02 12:32:58 | 000,654,852 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.04.02 12:32:58 | 000,616,694 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.04.02 12:32:58 | 000,130,434 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.04.02 12:32:58 | 000,106,816 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.04.01 13:13:41 | 000,002,172 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2013.03.30 12:50:11 | 000,025,185 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2013.03.26 16:45:50 | 000,103,015 | ---- | M] () -- C:\Users\hmmm\Documents\siemens.pdf
[2013.03.26 16:42:19 | 000,103,392 | ---- | M] () -- C:\Users\hmmm\Documents\wiesenthal.pdf
[2013.03.25 14:04:38 | 000,001,035 | ---- | M] () -- C:\Users\Public\Desktop\D-Fend Reloaded.lnk
[2013.03.22 20:42:52 | 000,162,125 | ---- | M] () -- C:\Users\hmmm\Documents\wiesenthal.xps
[3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Users\hmmm\Documents\*.tmp files -> C:\Users\hmmm\Documents\*.tmp -> ]
========== Files Created - No Company Name ==========
[2013.04.03 14:43:44 | 000,001,069 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.04.03 13:34:03 | 000,050,477 | ---- | C] () -- C:\Users\hmmm\Desktop\Defogger(1).exe
[2013.04.03 13:34:02 | 000,377,856 | ---- | C] () -- C:\Users\hmmm\Desktop\gmer_2.1.19155.exe
[2013.04.01 13:13:41 | 000,002,172 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2013.03.30 12:50:11 | 000,025,185 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2013.03.26 16:42:16 | 000,103,392 | ---- | C] () -- C:\Users\hmmm\Documents\wiesenthal.pdf
[2013.03.25 14:04:38 | 000,001,035 | ---- | C] () -- C:\Users\Public\Desktop\D-Fend Reloaded.lnk
[2013.03.22 20:42:50 | 000,162,125 | ---- | C] () -- C:\Users\hmmm\Documents\wiesenthal.xps
[2013.03.22 20:32:44 | 000,103,015 | ---- | C] () -- C:\Users\hmmm\Documents\siemens.pdf
[2013.02.07 00:27:21 | 000,022,379 | ---- | C] () -- C:\Users\hmmm\AppData\Local\recently-used.xbel
[2012.09.29 13:43:52 | 000,000,056 | RHS- | C] () -- C:\Windows\System32\E71BBE94BF.sys
[2012.09.29 13:14:06 | 000,003,766 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys
[2012.09.10 16:16:12 | 000,000,000 | ---- | C] () -- C:\Users\hmmm\defogger_reenable
[2012.05.04 12:40:17 | 000,005,120 | ---- | C] () -- C:\Users\hmmm\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.03.22 22:01:32 | 000,079,360 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2012.03.15 10:40:28 | 004,826,112 | ---- | C] () -- C:\Windows\System32\x264vfw.dll
[2012.01.09 23:45:18 | 000,178,688 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2011.12.07 23:32:24 | 000,216,064 | ---- | C] ( ) -- C:\Windows\System32\lagarith.dll
[2011.09.28 21:09:45 | 000,001,065 | ---- | C] () -- C:\Windows\winamp.ini
[2011.04.06 02:19:30 | 000,246,804 | ---- | C] () -- C:\Windows\System32\AtherosBT.bin
========== ZeroAccess Check ==========
[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 23:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2013.01.12 19:28:25 | 000,000,000 | ---D | M] -- C:\Users\hmmm\AppData\Roaming\Audacity
[2012.09.27 19:32:41 | 000,000,000 | ---D | M] -- C:\Users\hmmm\AppData\Roaming\CheckPoint
[2013.01.20 23:42:21 | 000,000,000 | ---D | M] -- C:\Users\hmmm\AppData\Roaming\FileZilla
[2012.09.03 14:14:02 | 000,000,000 | ---D | M] -- C:\Users\hmmm\AppData\Roaming\Free Download Manager
[2012.05.04 11:36:18 | 000,000,000 | ---D | M] -- C:\Users\hmmm\AppData\Roaming\FreeFLVConverter
[2012.12.25 17:41:36 | 000,000,000 | ---D | M] -- C:\Users\hmmm\AppData\Roaming\gtk-2.0
[2011.12.04 01:43:23 | 000,000,000 | ---D | M] -- C:\Users\hmmm\AppData\Roaming\Guitar Pro 6
[2012.03.22 12:42:36 | 000,000,000 | ---D | M] -- C:\Users\hmmm\AppData\Roaming\Leadertech
[2012.09.10 11:54:14 | 000,000,000 | ---D | M] -- C:\Users\hmmm\AppData\Roaming\OpenOffice.org
[2011.09.28 20:59:43 | 000,000,000 | ---D | M] -- C:\Users\hmmm\AppData\Roaming\Opera
[2013.03.27 16:24:53 | 000,000,000 | ---D | M] -- C:\Users\hmmm\AppData\Roaming\SoftGrid Client
[2012.12.15 15:25:29 | 000,000,000 | ---D | M] -- C:\Users\hmmm\AppData\Roaming\TP
[2012.05.04 12:37:53 | 000,000,000 | ---D | M] -- C:\Users\hmmm\AppData\Roaming\Win7codecs
[2011.12.06 01:13:11 | 000,000,000 | ---D | M] -- C:\Users\hmmm\AppData\Roaming\Windows Live Writer
========== Purity Check ==========
< End of report >
Code:
ATTFilter OTL Extras logfile created on: 03.04.2013 16:55:16 - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\hmmm\Desktop
Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16521)
Locale: 00000407 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
1013,42 Mb Total Physical Memory | 471,80 Mb Available Physical Memory | 46,56% Memory free
1,99 Gb Paging File | 1,57 Gb Available in Paging File | 78,71% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 214,84 Gb Total Space | 144,68 Gb Free Space | 67,34% Space Free | Partition Type: NTFS
Drive D: | 17,75 Gb Total Space | 9,57 Gb Free Space | 53,90% Space Free | Partition Type: NTFS
Computer Name: HMMM-KA | User Name: hmmm | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (All) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = comfile] -- "%1" %*
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\System32\mshta.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
.inf [@ = inffile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\System32\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-4033972169-725669118-744484689-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\System32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\Winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\Winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\Winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{141F9633-CA8B-475A-BD1C-FBAD28B07F55}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{F212C4FD-CE67-4C2F-AEA5-00560AE6A324}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{36CD5DF5-84E9-4F7E-9992-ADEA9B18E5F6}" = protocol=17 | dir=in | app=c:\program files\sony ericsson\update engine\sony ericsson update engine.exe |
"{379DD5CF-C282-4BBD-A9C6-FACDC9000C5B}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 |
"{4C58C2A4-2CA6-4CB6-B172-EA22C3017715}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{555EA909-B6E9-4F22-9C77-F22EBF278A96}" = protocol=6 | dir=in | app=c:\program files\opera\pluginwrapper\opera_plugin_wrapper.exe |
"{60E4D7ED-49A9-4AD7-90F8-E64CBBF0F6EF}" = protocol=17 | dir=in | app=c:\program files\opera\pluginwrapper\opera_plugin_wrapper.exe |
"{8024DF97-E4F2-42D5-9226-3312C03ACC49}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"{88A55365-DF3E-4E44-BE35-664F956ADCC9}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{96892ED3-3072-4CF6-AB28-BA221022FB53}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
"{AF85D2DB-16AA-4F6E-A6CB-08C1BEA94147}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E50AA223-0618-4504-87A3-4A4035AE69A6}" = protocol=58 | dir=in | app=system |
"{EC9FD432-0EB8-4D14-BFC6-4D1D5C889BE1}" = protocol=6 | dir=in | app=c:\program files\sony ericsson\update engine\sony ericsson update engine.exe |
"{F83F1E47-A320-40E1-B9B8-3465ED2EB25D}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02602409-9189-4567-BC07-562605243B69}" = Windows Live Remote Client Resources
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{101A497C-7EF6-4001-834D-E5FA1C70FEFA}" = Bluetooth Win7 Suite
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack
"{14A487F2-1259-4E6C-AE3C-3C888DDBCB60}_is1" = Guitar Pro 6
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20B1B020-DEAE-48D1-9960-D4C3185D758B}" = Phase 5 HTML-Editor
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros WLAN and Bluetooth Client Installation Program
"{325988C2-8D7B-460E-8F6F-4747129CA495}" = ZoneAlarm Security
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{390DD8BB-BB57-4942-A029-2D913E4E9D74}" = Microsoft Security Client
"{3A65A74A-5B6E-451A-92D8-50F1182BBE9A}" = Windows Live Remote Service Resources
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{50779A29-834E-4E36-BBEB-B7CABC67A825}" = Microsoft Security Client DE-DE Language Pack
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6ADCBB79-7B9A-449B-AE31-E1C7116042B9}" = ZoneAlarm Firewall
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C0CAA7A-3272-4991-A808-2C7559DE3409}" = Win7codecs
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-006D-0407-0000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9E48FF52-082C-4CC2-BB67-6E10D09C0431}" = Windows Live UX Platform Language Pack
"{A09AB2EA-4E3B-48A8-A716-CD4FB3529548}" = Control Center
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.6) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony PC Companion 2.10.094
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F843C6A3-224D-4615-94F8-3C461BD9AEA0}" = Jasc Paint Shop Pro 9
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.13 (Unicode)
"AudioCon" = AudioCon
"D-Fend Reloaded" = D-Fend Reloaded 1.3.3 (deinstallieren)
"Elantech" = KTP Ware PS/2-x86 5.3.0.4
"ESET Online Scanner" = ESET Online Scanner v3
"FLV Player" = FLV Player 2.0 (build 25)
"Free Download Manager_is1" = Free Download Manager 3.9
"GIMP-2_is1" = GIMP 2.8.2
"Google Chrome" = Google Chrome
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Security Client" = Microsoft Security Essentials
"Mobile Partner" = Mobile Partner
"Mozilla Firefox 19.0.2 (x86 de)" = Mozilla Firefox 19.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"Opera 12.14.1738" = Opera 12.14
"sp6" = Logitech SetPoint 6.32
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Update Engine" = Sony Ericsson Update Engine
"Winamp" = Winamp (remove only)
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"ZoneAlarm Free Firewall" = ZoneAlarm Free Firewall
"ZoneAlarm LTD Toolbar" = ZoneAlarm LTD Toolbar
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-4033972169-725669118-744484689-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"FileZilla Client" = FileZilla Client 3.6.0.2
"Gnumeric" = Gnumeric Spreadsheet 1.10.16-20110616
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 20.01.2013 14:14:22 | Computer Name = hmmm-ka | Source = CVHSVC | ID = 100
Description = Nur zur Information. (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
DownloadLatest Failed: Zurzeit sind keine aktiven Netzwerkverbindungen verfügbar.
Der Vorgang wird von BITS wiederholt, sobald der Adapter über eine Verbindung verfügt.
Error - 20.01.2013 21:39:02 | Computer Name = hmmm-ka | Source = WinMgmt | ID = 10
Description =
Error - 21.01.2013 12:42:08 | Computer Name = hmmm-ka | Source = WinMgmt | ID = 10
Description =
Error - 21.01.2013 15:12:56 | Computer Name = hmmm-ka | Source = WinMgmt | ID = 10
Description =
Error - 21.01.2013 18:10:42 | Computer Name = hmmm-ka | Source = WinMgmt | ID = 10
Description =
Error - 21.01.2013 18:59:07 | Computer Name = hmmm-ka | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\spybot
- search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
files\spybot - search & destroy\DelZip179.dll" in Zeile 8. Der Wert "*" des "language"-Attributs
im assemblyIdentity-Element ist ungültig.
Error - 21.01.2013 18:59:17 | Computer Name = hmmm-ka | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\Sony\sony
pc companion\Drivers\DPInst64.exe". Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 21.01.2013 20:06:03 | Computer Name = hmmm-ka | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\spybot
- search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
files\spybot - search & destroy\DelZip179.dll" in Zeile 8. Der Wert "*" des "language"-Attributs
im assemblyIdentity-Element ist ungültig.
Error - 21.01.2013 20:06:07 | Computer Name = hmmm-ka | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\Sony\sony
pc companion\Drivers\DPInst64.exe". Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 22.01.2013 17:47:28 | Computer Name = hmmm-ka | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 03.04.2013 09:09:44 | Computer Name = hmmm-ka | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 03.04.2013 09:11:10 | Computer Name = hmmm-ka | Source = DCOM | ID = 10005
Description =
Error - 03.04.2013 09:11:16 | Computer Name = hmmm-ka | Source = DCOM | ID = 10005
Description =
Error - 03.04.2013 09:11:19 | Computer Name = hmmm-ka | Source = DCOM | ID = 10005
Description =
Error - 03.04.2013 09:11:19 | Computer Name = hmmm-ka | Source = DCOM | ID = 10005
Description =
Error - 03.04.2013 09:11:19 | Computer Name = hmmm-ka | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 03.04.2013 09:11:19 | Computer Name = hmmm-ka | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 03.04.2013 09:11:19 | Computer Name = hmmm-ka | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 03.04.2013 09:23:56 | Computer Name = hmmm-ka | Source = DCOM | ID = 10005
Description =
Error - 03.04.2013 09:23:56 | Computer Name = hmmm-ka | Source = Microsoft Antimalware | ID = 2001
Description = Beim Aktualisieren der Signaturen wurde von %%860 ein Fehler festgestellt.
Neue
Signaturversion: Vorherige Signaturversion: 1.147.889.0 Aktualisierungsquelle: %%859
Aktualisierungsphase:
%%852 Quellpfad: Default URL Signaturtyp: %%800 Aktualisierungstyp: %%803 Benutzer:
NT-AUTORITÄT\SYSTEM Aktuelle Modulversion: Vorherige Modulversion: 1.1.9302.0 Fehlercode:
0x8007043c Fehlerbeschreibung: Der Dienst kann nicht im abgesicherten Modus gestartet
werden.
< End of report >
Code:
ATTFilter GMER 2.1.19155 - hxxp://www.gmer.net
Rootkit scan 2013-04-03 14:41:57
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 TOSHIBA_MK2576GSX rev.GS001A 232,89GB
Running: gmer_2.1.19155.exe; Driver: C:\Users\hmmm\AppData\Local\Temp\pfldipoc.sys
---- System - GMER 2.1 ----
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwAlpcConnectPort [0x89122082]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwAlpcCreatePort [0x8912294A]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwConnectPort [0x89121AD8]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwCreateFile [0x8911B334]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwCreateKey [0x8913D1DA]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwCreatePort [0x891225E2]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwCreateProcess [0x89136F1C]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwCreateProcessEx [0x89137344]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwCreateSection [0x8914196E]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwCreateUserProcess [0x891377B8]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwCreateWaitablePort [0x89122740]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwDeleteFile [0x8911C070]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwDeleteKey [0x8913ECCE]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwDeleteValueKey [0x8913E580]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwDuplicateObject [0x89135CFC]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwLoadDriver [0x89115D46]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwLoadKey [0x8913F760]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwLoadKey2 [0x8913F99E]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwLoadKeyEx [0x8913FE50]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwMapViewOfSection [0x89141D2C]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwOpenFile [0x8911BC22]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwOpenProcess [0x89139430]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwOpenThread [0x8913901E]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwProtectVirtualMemory [0x8914E340]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwRenameKey [0x89140838]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwReplaceKey [0x8914011A]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwRequestWaitReplyPort [0x8912167C]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwRestoreKey [0x8914129E]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwSecureConnectPort [0x89121DA4]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwSetInformationFile [0x8911C47C]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwSetInformationObject [0x8914E204]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwSetSecurityObject [0x89140DC2]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwSetSystemInformation [0x89115410]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwSetValueKey [0x8913DCA0]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwSystemDebugControl [0x89138042]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwTerminateProcess [0x89137D72]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys ZwUnloadDriver [0x89116198]
---- Kernel code sections - GMER 2.1 ----
.text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 81C489E9 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 81C821C2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 10FF 81C89214 8 Bytes [82, 20, 12, 89, 4A, 29, 12, ...]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1193 81C892A8 4 Bytes [D8, 1A, 12, 89]
.text ntkrnlpa.exe!KeRemoveQueueEx + 11AF 81C892C4 1 Byte [34]
.text ntkrnlpa.exe!KeRemoveQueueEx + 11AF 81C892C4 4 Bytes [34, B3, 11, 89]
.text ntkrnlpa.exe!KeRemoveQueueEx + 11BF 81C892D4 4 Bytes [DA, D1, 13, 89]
.text ...
---- User code sections - GMER 2.1 ----
.text C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[1864] USER32.dll!GetUpdateRect + CF 75CFA644 5 Bytes JMP 20CC9266 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
---- Devices - GMER 2.1 ----
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\485d60d098ec
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\485d60d098ed
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\485d60f2b4cf
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\e0b9a5495183
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\e0b9a5495183@b8f934934c25 0x4F 0x62 0x65 0x80 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\485d60d098ec (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\485d60d098ed (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\485d60f2b4cf (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\e0b9a5495183 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\e0b9a5495183@b8f934934c25 0x4F 0x62 0x65 0x80 ...
---- EOF - GMER 2.1 ----
Hab ein paar Fragen dazu: Hab mir die logs durchgesehen und nichts entdeckt, was für mich merkwürdig aussieht, inwiefern kann diesen Programmen Schadsoftware entgehen? Ist es möglich, dass sich der link über mein facebookprofil weiterverbreitet, ohne dass mein System infiziert ist und ich es bemerke(bei letzteren glaube ich schon)? |
|
08.04.2013, 19:45
| #2 |
| /// Helfer-Team  | Facebook Schadlink hkmnf.promotii-rca.ro Deinstalliere Zonealarm & Spybot. Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers dann: Downloade Dir bitte  AdwCleaner auf deinen Desktop.
__________________ |
|
09.04.2013, 15:23
| #3 |
| | Facebook Schadlink hkmnf.promotii-rca.ro Hallo, danke für die schnelle Antwort.
__________________Bringen ZoneAlarm und spybot überhaupt etwas? Das heißt soll ich sie wieder installieren, oder bleiben lassen? Wenn alles nichts ergibt, mit welcher wahrscheinlichkeit/genauigkeit kann man sagen, dass das System sauber ist? Hab beide scans durchgeführt, hier die Ergebnisse: mbar-log-2013-04-09 (15-16-59).exe Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.01.0.1022
www.malwarebytes.org
Database version: v2013.04.09.04
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16521
hmmm :: HMMM-KA [administrator]
09.04.2013 15:16:59
mbar-log-2013-04-09 (15-16-59).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 28333
Time elapsed: 27 minute(s), 45 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v2.001 - Datei am 04/09/2013 um 16:02:38 erstellt
# Aktualisiert am 09/09/2012 von Xplode
# Betriebssystem : Windows 7 Starter Service Pack 1 (32 bits)
# Benutzer : hmmm - HMMM-KA
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\hmmm\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\Users\hmmm\AppData\Local\Temp\Uninstall.exe
Ordner Gelöscht : C:\Users\hmmm\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\hmmm\AppData\Roaming\Mozilla\Firefox\Profiles\dohj0kke.default\extensions\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}
Ordner Gelöscht : C:\Users\hmmm\AppData\Roaming\Mozilla\Firefox\Profiles\dohj0kke.default\extensions\staged
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2613550
***** [Internet Browser] *****
-\\ Internet Explorer v9.10.9200.16521
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v19.0.2 (de)
Profilname : default
Datei : C:\Users\hmmm\AppData\Roaming\Mozilla\Firefox\Profiles\dohj0kke.default\prefs.js
[OK] Die Datei ist sauber.
-\\ Google Chrome v [Version kann nicht ermittelt werden]
Datei : C:\Users\hmmm\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
-\\ Opera v12.14.1738.0
Datei : C:\Users\hmmm\AppData\Roaming\Opera\Opera\operaprefs.ini
[OK] Die Datei ist sauber.
*************************
AdwCleaner[R1].txt - [1046 octets] - [12/09/2012 19:12:14]
AdwCleaner[R2].txt - [1107 octets] - [12/09/2012 19:18:18]
AdwCleaner[R3].txt - [1168 octets] - [12/09/2012 19:19:00]
AdwCleaner[R4].txt - [1267 octets] - [13/09/2012 13:40:55]
AdwCleaner[R5].txt - [1288 octets] - [13/09/2012 17:07:02]
AdwCleaner[S1].txt - [1607 octets] - [13/09/2012 17:07:45]
AdwCleaner[S2].txt - [3850 octets] - [15/09/2012 14:07:42]
AdwCleaner[S3].txt - [1959 octets] - [09/04/2013 16:02:38]
########## EOF - C:\AdwCleaner[S3].txt - [2019 octets] ##########
|
|
09.04.2013, 15:48
| #4 | |
| /// Helfer-Team | Facebook Schadlink hkmnf.promotii-rca.roZitat:
Loesche die Version von adwCleaner die du hast, dann: Downloade Dir bitte AdwCleaner auf deinen Desktop.
|
|
10.04.2013, 11:53
| #5 | |
| | Facebook Schadlink hkmnf.promotii-rca.roZitat:
Hier aufjedenfall das log vom neuen scan: AdwCleaner[S4].txt AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v2.200 - Datei am 10/04/2013 um 12:34:10 erstellt
# Aktualisiert am 02/04/2013 von Xplode
# Betriebssystem : Windows 7 Starter Service Pack 1 (32 bits)
# Benutzer : hmmm - HMMM-KA
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\hmmm\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
***** [Internet Browser] *****
-\\ Internet Explorer v10.0.9200.16521
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v19.0.2 (de)
Datei : C:\Users\hmmm\AppData\Roaming\Mozilla\Firefox\Profiles\dohj0kke.default\prefs.js
[OK] Die Datei ist sauber.
-\\ Google Chrome v26.0.1410.43
Datei : C:\Users\hmmm\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
-\\ Opera v12.14.1738.0
Datei : C:\Users\hmmm\AppData\Roaming\Opera\Opera\operaprefs.ini
[OK] Die Datei ist sauber.
*************************
AdwCleaner[R1].txt - [1046 octets] - [12/09/2012 19:12:14]
AdwCleaner[R2].txt - [1107 octets] - [12/09/2012 19:18:18]
AdwCleaner[R3].txt - [1168 octets] - [12/09/2012 19:19:00]
AdwCleaner[R4].txt - [1267 octets] - [13/09/2012 13:40:55]
AdwCleaner[R5].txt - [1288 octets] - [13/09/2012 17:07:02]
AdwCleaner[S1].txt - [1607 octets] - [13/09/2012 17:07:45]
AdwCleaner[S2].txt - [3850 octets] - [15/09/2012 14:07:42]
AdwCleaner[S3].txt - [2088 octets] - [09/04/2013 16:02:38]
AdwCleaner[S4].txt - [1559 octets] - [10/04/2013 12:34:10]
########## EOF - C:\AdwCleaner[S4].txt - [1619 octets] ##########
|
|
10.04.2013, 12:26
| #6 | |
| /// Helfer-Team | Facebook Schadlink hkmnf.promotii-rca.roZitat:
Sehr gut!  Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). danach: ESET Online Scanner
danach: Downloade Dir bitte  SecurityCheck und:
__________________ --> Facebook Schadlink hkmnf.promotii-rca.ro |
|
17.04.2013, 08:55
| #7 |
| | Facebook Schadlink hkmnf.promotii-rca.ro Tut mir leid, dass ich mich erst jetzt melde. Denn esetscan trag ich nach, daweil aswMBR.txt Code:
ATTFilter aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-04-16 00:09:14
-----------------------------
00:09:14.296 OS Version: Windows 6.1.7601 Service Pack 1
00:09:14.296 Number of processors: 4 586 0x1C0A
00:09:14.296 ComputerName: HMMM-KA UserName: hmmm
00:09:16.932 Initialize success
00:16:42.307 AVAST engine defs: 13041501
00:16:47.267 The log file has been saved successfully to "C:\Users\hmmm\Desktop\aswMBR.txt"
00:16:52.499 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
00:16:52.515 Disk 0 Vendor: TOSHIBA_MK2576GSX GS001A Size: 238475MB BusType: 11
00:16:52.765 Disk 0 MBR read successfully
00:16:52.780 Disk 0 MBR scan
00:16:52.843 Disk 0 Windows 7 default MBR code
00:16:52.874 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 300 MB offset 2048
00:16:52.999 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 220000 MB offset 616448
00:16:53.139 Disk 0 Partition 3 00 27 Hidden NTFS WinRE NTFS 18173 MB offset 451176448
00:16:53.295 Disk 0 scanning sectors +488394752
00:16:53.638 Disk 0 scanning C:\Windows\system32\drivers
00:17:34.963 Service scanning
00:18:15.788 Service MpKsl376fd075 c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C42ED37E-CD2B-43B9-8EC5-2EFF136AF350}\MpKsl376fd075.sys **LOCKED** 32
00:19:06.878 Modules scanning
00:19:21.573 Disk 0 trace - called modules:
00:19:21.620 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS PCIIDEX.SYS msahci.sys
00:19:21.636 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x847d74c8]
00:19:21.651 3 CLASSPNP.SYS[865d659e] -> nt!IofCallDriver -> [0x84659c10]
00:19:21.667 5 ACPI.sys[862c43d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x84664030]
00:19:22.743 AVAST engine scan C:\Windows
00:19:28.235 AVAST engine scan C:\Windows\system32
00:28:21.116 AVAST engine scan C:\Windows\system32\drivers
00:29:04.266 AVAST engine scan C:\Users\hmmm
00:48:08.730 AVAST engine scan C:\ProgramData
00:51:42.529 Scan finished successfully
00:54:37.982 Disk 0 MBR has been saved successfully to "C:\Users\hmmm\Desktop\MBR.dat"
00:54:38.232 The log file has been saved successfully to "C:\Users\hmmm\Desktop\aswMBR.txt"
checkup.txt Code:
ATTFilter Results of screen317's Security Check version 0.99.61 Windows 7 Service Pack 1 x86 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` ESET NOD32 Antivirus 6.0 Microsoft Security Essentials Antivirus out of date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware Version 1.70.0.1100 JavaFX 2.1.1 Java(TM) 6 Update 31 Java 7 Update 17 Adobe Flash Player 11.4.402.287 Adobe Reader 10.1.6 Adobe Reader out of Date! Mozilla Firefox (19.0.2) Google Chrome 26.0.1410.43 Google Chrome 26.0.1410.64 Google Chrome plugins... ````````Process Check: objlist.exe by Laurent```````` Microsoft Security Essentials MSMpEng.exe ESET NOD32 Antivirus egui.exe ESET NOD32 Antivirus ekrn.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` |
|
19.04.2013, 17:51
| #8 |
| /// Helfer-Team | Facebook Schadlink hkmnf.promotii-rca.ro Log von ESET? |
|
20.04.2013, 19:49
| #9 | |
| | Facebook Schadlink hkmnf.promotii-rca.roZitat:
log.txt Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=193725aae21cdf45989578a008b7fd6f
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-09-12 04:37:16
# local_time=2012-09-12 06:37:16 (+0100, Mitteleuropäische Sommerzeit)
# country="Austria"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=5893 16776574 100 94 29518028 99081794 0 0
# compatibility_mode=8192 67108863 100 0 81521 81521 0 0
# compatibility_mode=9217 16777214 75 66 30320509 49411305 0 0
# scanned=95065
# found=2
# cleaned=0
# scan_time=17233
C:\Users\hmmm\Downloads\cnet_powertab_zip.exe a variant of Win32/InstallCore.D application (unable to clean) 00000000000000000000000000000000 I
C:\Users\hmmm\Downloads\Setup74_FreeFlvConverter.exe Win32/Toolbar.SearchSuite application (unable to clean) 00000000000000000000000000000000 I
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=193725aae21cdf45989578a008b7fd6f
# end=stopped
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-09-13 04:06:14
# local_time=2012-09-13 06:06:14 (+0100, Mitteleuropäische Sommerzeit)
# country="Austria"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=5893 16776574 100 94 29617016 99180782 0 0
# compatibility_mode=8192 67108863 100 0 180509 180509 0 0
# compatibility_mode=9217 16777214 75 66 30419497 49510293 0 0
# scanned=21631
# found=0
# cleaned=0
# scan_time=2783
ESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internet# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=193725aae21cdf45989578a008b7fd6f
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-09-15 11:31:11
# local_time=2012-09-15 01:31:11 (+0100, Mitteleuropäische Sommerzeit)
# country="Austria"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=5893 16776574 100 94 29774448 99338214 0 0
# compatibility_mode=8192 67108863 100 0 337941 337941 0 0
# compatibility_mode=9217 16777214 75 66 30576929 49667725 0 0
# scanned=149
# found=2
# cleaned=2
# scan_time=1648
C:\Users\hmmm\Downloads\cnet_powertab_zip.exe a variant of Win32/InstallCore.D application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\hmmm\Downloads\Setup74_FreeFlvConverter.exe Win32/Toolbar.SearchSuite application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=193725aae21cdf45989578a008b7fd6f
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-09-17 09:18:23
# local_time=2012-09-17 11:18:23 (+0100, Mitteleuropäische Sommerzeit)
# country="Austria"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=5893 16776574 100 94 29967358 99531124 0 0
# compatibility_mode=8192 67108863 100 0 530851 530851 0 0
# compatibility_mode=9217 16777214 75 4 189877 189877 0 0
# scanned=95443
# found=0
# cleaned=0
# scan_time=16770
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6844
# api_version=3.0.2
# EOSSerial=193725aae21cdf45989578a008b7fd6f
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-12-17 11:22:27
# local_time=2012-12-17 12:22:27 (+0100, Mitteleuropäische Zeit)
# country="Austria"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 37810772 107374538 0 0
# compatibility_mode=9217 16777214 75 4 6972987 6972987 0 0
# scanned=86
# found=0
# cleaned=0
# scan_time=2
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6844
# api_version=3.0.2
# EOSSerial=193725aae21cdf45989578a008b7fd6f
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-12-19 11:05:05
# local_time=2012-12-20 12:05:05 (+0100, Mitteleuropäische Zeit)
# country="Austria"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 38025730 107589496 0 0
# compatibility_mode=9217 16777214 75 4 7187945 7187945 0 0
# scanned=112668
# found=3
# cleaned=0
# scan_time=18295
C:\Users\hmmm\AppData\Local\Temp\nsf4A6D.tmp\OCSetupHlp.dll Win32/OpenCandy application (unable to clean) 9A80E0C2DDA638EBBF4A87D62A8A418C5786D27B I
C:\Users\hmmm\AppData\Local\Temp\nswB8D8.tmp\OCSetupHlp.dll Win32/OpenCandy application (unable to clean) 9A80E0C2DDA638EBBF4A87D62A8A418C5786D27B I
C:\Users\hmmm\Downloads\winamp563_full_emusic-7plus_en-us.exe Win32/OpenCandy application (unable to clean) 88B04B4C0855E13DADE7089E8B83CA7B0DD877EF I
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6844
# api_version=3.0.2
# EOSSerial=193725aae21cdf45989578a008b7fd6f
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-01-12 05:09:43
# local_time=2013-01-12 06:09:43 (+0100, Mitteleuropäische Zeit)
# country="Austria"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 40078008 109641774 0 0
# compatibility_mode=9217 16777214 75 4 9240223 9240223 0 0
# scanned=8
# found=0
# cleaned=0
# scan_time=197
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6889
# api_version=3.0.2
# EOSSerial=193725aae21cdf45989578a008b7fd6f
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-01-22 01:10:40
# local_time=2013-01-22 02:10:40 (+0100, Mitteleuropäische Zeit)
# country="Austria"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 40884465 110448231 0 0
# compatibility_mode=9217 16777214 75 4 636588 636588 0 0
# scanned=9
# found=0
# cleaned=0
# scan_time=0
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6889
# api_version=3.0.2
# EOSSerial=193725aae21cdf45989578a008b7fd6f
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-01-23 04:35:30
# local_time=2013-01-23 05:35:30 (+0100, Mitteleuropäische Zeit)
# country="Austria"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 41026355 110590121 0 0
# compatibility_mode=9217 16777214 75 4 774878 774878 0 0
# scanned=1272
# found=0
# cleaned=0
# scan_time=168
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6889
# api_version=3.0.2
# EOSSerial=193725aae21cdf45989578a008b7fd6f
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-01-23 06:55:24
# local_time=2013-01-23 07:55:24 (+0100, Mitteleuropäische Zeit)
# country="Austria"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 41034749 110598515 0 0
# compatibility_mode=9217 16777214 75 4 783272 783272 0 0
# scanned=1283
# found=0
# cleaned=0
# scan_time=114
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6889
# api_version=3.0.2
# EOSSerial=193725aae21cdf45989578a008b7fd6f
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-01-23 07:05:08
# local_time=2013-01-23 08:05:08 (+0100, Mitteleuropäische Zeit)
# country="Austria"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 41035333 110599099 0 0
# compatibility_mode=9217 16777214 75 4 783856 783856 0 0
# scanned=1234
# found=0
# cleaned=0
# scan_time=102
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6889
# api_version=3.0.2
# EOSSerial=193725aae21cdf45989578a008b7fd6f
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-02-01 01:08:38
# local_time=2013-02-01 02:08:38 (+0100, Mitteleuropäische Zeit)
# country="Austria"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 41748343 111312109 0 0
# compatibility_mode=9217 16777214 75 4 1496866 1496866 0 0
# scanned=57966
# found=5
# cleaned=0
# scan_time=13750
C:\ProgramData\Win7codecs\{8CC51024-90C9-43F8-A1AE-DB87858FD4D0}\Win7codecs.msi a variant of Win32/Bundled.Toolbar.Ask application 0DAE6AC65D344DBEB5A8DFEFDD7760F855303054 I
C:\Users\All Users\Win7codecs\{8CC51024-90C9-43F8-A1AE-DB87858FD4D0}\Win7codecs.msi a variant of Win32/Bundled.Toolbar.Ask application 0DAE6AC65D344DBEB5A8DFEFDD7760F855303054 I
C:\Users\hmmm\AppData\Local\Temp\nsf4A6D.tmp\OCSetupHlp.dll Win32/OpenCandy application 9A80E0C2DDA638EBBF4A87D62A8A418C5786D27B I
C:\Users\hmmm\AppData\Local\Temp\nswB8D8.tmp\OCSetupHlp.dll Win32/OpenCandy application 9A80E0C2DDA638EBBF4A87D62A8A418C5786D27B I
C:\Users\hmmm\Downloads\winamp563_full_emusic-7plus_en-us.exe Win32/OpenCandy application 88B04B4C0855E13DADE7089E8B83CA7B0DD877EF I
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=193725aae21cdf45989578a008b7fd6f
# engine=13129
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-02-12 04:26:16
# local_time=2013-02-12 05:26:16 (+0100, Mitteleuropäische Zeit)
# country="Austria"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 42710601 112274367 0 0
# compatibility_mode=9217 16777214 75 4 2462724 2462724 0 0
# scanned=7
# found=0
# cleaned=0
# scan_time=134
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=193725aae21cdf45989578a008b7fd6f
# engine=13203
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-02-21 08:06:14
# local_time=2013-02-21 09:06:14 (+0100, Mitteleuropäische Zeit)
# country="Austria"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 43501399 113065165 0 0
# compatibility_mode=9217 16777214 75 4 3253522 3253522 0 0
# scanned=1216
# found=0
# cleaned=0
# scan_time=205
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=193725aae21cdf45989578a008b7fd6f
# engine=13303
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-03-05 06:57:57
# local_time=2013-03-05 07:57:57 (+0100, Mitteleuropäische Zeit)
# country="Austria"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 44577302 114141068 0 0
# compatibility_mode=9217 16777214 75 4 4329425 4329425 0 0
# scanned=53
# found=0
# cleaned=0
# scan_time=1
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=193725aae21cdf45989578a008b7fd6f
# engine=13315
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-03-06 07:56:15
# local_time=2013-03-06 08:56:15 (+0100, Mitteleuropäische Zeit)
# country="Austria"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 44667200 114230966 0 0
# compatibility_mode=9217 16777214 75 4 4419323 4419323 0 0
# scanned=1
# found=0
# cleaned=0
# scan_time=169
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=193725aae21cdf45989578a008b7fd6f
# engine=13317
# end=stopped
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-03-06 08:40:21
# local_time=2013-03-06 09:40:21 (+0100, Mitteleuropäische Zeit)
# country="Austria"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 44669846 114233612 0 0
# compatibility_mode=9217 16777214 75 4 4418369 4418369 0 0
# scanned=554
# found=1
# cleaned=1
# scan_time=1978
sh=88B04B4C0855E13DADE7089E8B83CA7B0DD877EF ft=1 fh=3a4873b03617e0f0 vn="Win32/OpenCandy application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\hmmm\Downloads\winamp563_full_emusic-7plus_en-us.exe"
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=193725aae21cdf45989578a008b7fd6f
# engine=13477
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-03-25 10:55:39
# local_time=2013-03-25 11:55:39 (+0100, Mitteleuropäische Zeit)
# country="Austria"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 46276364 115840130 0 0
# compatibility_mode=9217 16777214 75 4 6024887 6024887 0 0
# scanned=570
# found=0
# cleaned=0
# scan_time=2061
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=193725aae21cdf45989578a008b7fd6f
# engine=13537
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-04-03 11:00:54
# local_time=2013-04-03 01:00:54 (+0100, Mitteleuropäische Sommerzeit)
# country="Austria"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 47054279 116618045 0 0
# compatibility_mode=9217 16777214 75 4 6806402 6806402 0 0
# scanned=32879
# found=0
# cleaned=0
# scan_time=4916
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=193725aae21cdf45989578a008b7fd6f
# engine=13635
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-04-17 09:36:06
# local_time=2013-04-17 11:36:06 (+0100, Mitteleuropäische Sommerzeit)
# country="Austria"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 48258792 117822558 0 0
# compatibility_mode=8217 16776701 100 100 1176871 116204317 0 0
# scanned=31608
# found=0
# cleaned=0
# scan_time=3713
# nod_component=V3 Build:0x30000000
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=193725aae21cdf45989578a008b7fd6f
# engine=13659
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-04-20 05:54:25
# local_time=2013-04-20 07:54:25 (+0100, Mitteleuropäische Sommerzeit)
# country="Austria"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 48547890 118111656 0 0
# compatibility_mode=8217 16776701 100 100 1465969 116493415 0 0
# scanned=128575
# found=5
# cleaned=0
# scan_time=16961
# nod_component=V3 Build:0x30000000
sh=0DAE6AC65D344DBEB5A8DFEFDD7760F855303054 ft=0 fh=0000000000000000 vn="a variant of Win32/Bundled.Toolbar.Ask application" ac=I fn="C:\ProgramData\Win7codecs\{8CC51024-90C9-43F8-A1AE-DB87858FD4D0}\Win7codecs.msi"
sh=0DAE6AC65D344DBEB5A8DFEFDD7760F855303054 ft=0 fh=0000000000000000 vn="a variant of Win32/Bundled.Toolbar.Ask application" ac=I fn="C:\Users\All Users\Win7codecs\{8CC51024-90C9-43F8-A1AE-DB87858FD4D0}\Win7codecs.msi"
sh=9A80E0C2DDA638EBBF4A87D62A8A418C5786D27B ft=1 fh=860943ecef569b88 vn="Win32/OpenCandy application" ac=I fn="C:\Users\hmmm\AppData\Local\Temp\nsf4A6D.tmp\OCSetupHlp.dll"
sh=9A80E0C2DDA638EBBF4A87D62A8A418C5786D27B ft=1 fh=860943ecef569b88 vn="Win32/OpenCandy application" ac=I fn="C:\Users\hmmm\AppData\Local\Temp\nswB8D8.tmp\OCSetupHlp.dll"
sh=0DAE6AC65D344DBEB5A8DFEFDD7760F855303054 ft=0 fh=0000000000000000 vn="a variant of Win32/Bundled.Toolbar.Ask application" ac=I fn="C:\Windows\Installer\1d604d.msi"
|
|
21.04.2013, 18:26
| #10 |
| /// Helfer-Team | Facebook Schadlink hkmnf.promotii-rca.roFixen mit OTL
Code:
ATTFilter :OTL
:Files
C:\Users\hmmm\Downloads\winamp563_full_emusic-7plus_en-us.exe
C:\ProgramData\Win7codecs\{8CC51024-90C9-43F8-A1AE-DB87858FD4D0}\Win7codecs.msi
C:\Users\All Users\Win7codecs\{8CC51024-90C9-43F8-A1AE-DB87858FD4D0}\Win7codecs.msi
C:\Users\hmmm\AppData\Local\Temp\nsf4A6D.tmp\OCSetupHlp.dll
C:\Users\hmmm\AppData\Local\Temp\nswB8D8.tmp\OCSetupHlp.dll
Aktualisiere:
Java aktualisieren Dein Java ist nicht mehr aktuell. Älter Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.
Dann so einstellen: http://www.trojaner-board.de/105213-...tellungen.html Danach poste (kopieren und einfuegen) mir, was du hier angezeigt bekommst: http://tools.trojaner-board.de/plugincheck.html Java deaktivieren Aufgrund derezeitigen Sicherheitsluecke: http://www.trojaner-board.de/122961-...ktivieren.html Danach poste mir (kopieren und einfuegen), was du hier angezeigt bekommst: http://tools.trojaner-board.de/plugincheck.html |
|
23.04.2013, 09:48
| #11 |
| | Facebook Schadlink hkmnf.promotii-rca.roCode:
ATTFilter ========== OTL ==========
========== FILES ==========
File\Folder C:\Users\hmmm\Downloads\winamp563_full_emusic-7plus_en-us.exe not found.
C:\ProgramData\Win7codecs\{8CC51024-90C9-43F8-A1AE-DB87858FD4D0}\Win7codecs.msi moved successfully.
File\Folder C:\Users\All Users\Win7codecs\{8CC51024-90C9-43F8-A1AE-DB87858FD4D0}\Win7codecs.msi not found.
C:\Users\hmmm\AppData\Local\Temp\nsf4A6D.tmp\OCSetupHlp.dll moved successfully.
C:\Users\hmmm\AppData\Local\Temp\nswB8D8.tmp\OCSetupHlp.dll moved successfully.
OTL by OldTimer - Version 3.2.69.0 log created on 04222013_220613
|
|
23.04.2013, 11:50
| #12 |
| /// Helfer-Team | Facebook Schadlink hkmnf.promotii-rca.ro Plugincheck? |
|
24.04.2013, 02:45
| #13 | |
| | Facebook Schadlink hkmnf.promotii-rca.roZitat:
Firefox: Firefox 20.0 ist aktuell Flash 11,4,402,287 ist veraltet! Aktualisieren Sie bitte auf die neueste Version!(update ich gerade) Java ist nicht Installiert oder nicht aktiviert. Adobe Reader 11,0,2,0 ist aktuell. Opera: Opera 12.15 ist aktuell <div id="sec-app"></div> <div class="sec"><ul><li><a class="sec-inf" href="#"></a><ul class="children">Aktivieren Sie bitte JavaScript zur Überpüfung Ihrer Flash Version.</ul></li></ul></div> bei Opera lässt es sich(für mich) nicht anders anzeigen Geändert von blackened (24.04.2013 um 02:51 Uhr) |
|
24.04.2013, 13:39
| #14 |
| /// Helfer-Team | Facebook Schadlink hkmnf.promotii-rca.ro Sehr gut! damit bist Du sauber und entlassen!  adwCleaner entfernen
Tool-Bereinigung Die Reihenfolge ist hier entscheidend.
Zurücksetzen der Sicherheitszonen Lasse die Sicherheitszonen wieder zurücksetzen, da diese manipuliert wurden um den Browser für weitere Angriffe zu öffnen. Gehe dabei so vor: http://www.trojaner-board.de/111805-...ecksetzen.html Systemwiederherstellungen leeren Damit der Rechner nicht mit einer infizierten Systemwiederherstellung erneut infiziert werden kann, muessen wir diese leeren. Dazu schalten wir sie einmal aus und dann wieder ein: Systemwiederherstellung deaktivieren Tutorial fuer Windows XP, Windows Vista, Windows 7 Danach wieder aktivieren. Lektuere zum abarbeiten: http://www.trojaner-board.de/90880-d...tallation.html http://www.trojaner-board.de/105213-...tellungen.html PluginCheck http://www.trojaner-board.de/96344-a...-rechners.html Secunia Online Software Inspector http://www.trojaner-board.de/71715-k...iendungen.html http://www.trojaner-board.de/83238-a...sschalten.html http://www.trojaner-board.de/109844-...ren-seite.html PC wird immer langsamer - was tun? |
|
24.04.2013, 20:48
| #15 |
| | Facebook Schadlink hkmnf.promotii-rca.ro Vielen herzlichen Dank für die ganze Hilfe, am Anfang des Monats werd ich euch bisschen was zukommen lassen. |
|
| Themen zu Facebook Schadlink hkmnf.promotii-rca.ro |
| autorun, error, failed, firefox, flash player, frage, free download, ftp, iexplore.exe, install.exe, installation, microsoft office starter 2010, mozilla, object, plug-in, registry, richtlinie, rundll, safer networking, schadlink, security, updates, win32/bundled.toolbar.ask, win32/installcore.d, win32/toolbar.searchsuite, windows, wlan, wrapper, wscript.exe |
Textbox. 
Linear-Darstellung
