| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: System Care Antivirus auf VistaWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
30.04.2013, 17:20
| #1 |
| |  System Care Antivirus auf Vista Hallo, ich habe mir gestern am 29.04.2013 den Trojaner "System Care Antivirus" auf meinem Vista-Laptop eingefangen. Ich konnte keine .exe Dateien öffnen und der Trojaner hat mir angezeigt, dass mein gesamter Laptop mit Viren verseucht sei und ich das Programm kaufen solle. Heute habe ich im abgesicherten Modus mit " Malwarebytes Anti-Malware " einen Scan durchgeführt, bei welchem fünf Objekte gefunden wurden. Diese habe ich entfernt, jedoch bin ich mir unsicher, ob es wirklich etwas gebracht hat. Zumindest kann ich den Laptop im normalen Modus starten und alles wieder normal benutzen; der Trojaner ist nicht mehr sichtbar. Danach habe ich erneut einen Scan durchgeführt; diese fünf Objekte wurden aber nicht wieder gefunden. Ich werde die drei Logs anhängen. Später habe ich dann die Schritte des Forums befolgt. Ich hoffe, ihr könnt mir helfen. Vielen Dank im Voraus, Nadine Hier die Malwarebytes-Logs: Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.04.30.02 Windows Vista x86 NTFS (Abgesichertenmodus/Netzwerkfähig) Internet Explorer 7.0.6000.16982 Nadine :: MEINPC [Administrator] 30.04.2013 10:47:00 mbam-log-2013-04-30 (10-47-00).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 201120 Laufzeit: 7 Minute(n), 20 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 2 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055FD26D-3A88-4e15-963D-DC8493744B1D} (Trojan.BHO) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{055FD26D-3A88-4e15-963D-DC8493744B1D} (Trojan.BHO) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce|F00ADA6E5B9533650000F009EA69382C (Trojan.FakeAlert) -> Daten: C:\ProgramData\F00ADA6E5B9533650000F009EA69382C\F00ADA6E5B9533650000F009EA69382C.exe -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 2 C:\ProgramData\F00ADA6E5B9533650000F009EA69382C\F00ADA6E5B9533650000F009EA69382C.exe (Trojan.FakeAlert) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Nadine\AppData\Local\Temp\~tmp2732041668837607612.exe (Trojan.Agent.NR) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.04.30.02 Windows Vista x86 NTFS (Abgesichertenmodus/Netzwerkfähig) Internet Explorer 7.0.6000.16982 Nadine :: MEINPC [Administrator] 30.04.2013 10:47:00 MBAM-log-2013-04-30 (11-01-37).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 201120 Laufzeit: 7 Minute(n), 20 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 2 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055FD26D-3A88-4e15-963D-DC8493744B1D} (Trojan.BHO) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{055FD26D-3A88-4e15-963D-DC8493744B1D} (Trojan.BHO) -> Keine Aktion durchgeführt. Infizierte Registrierungswerte: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce|F00ADA6E5B9533650000F009EA69382C (Trojan.FakeAlert) -> Daten: C:\ProgramData\F00ADA6E5B9533650000F009EA69382C\F00ADA6E5B9533650000F009EA69382C.exe -> Keine Aktion durchgeführt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 2 C:\ProgramData\F00ADA6E5B9533650000F009EA69382C\F00ADA6E5B9533650000F009EA69382C.exe (Trojan.FakeAlert) -> Keine Aktion durchgeführt. C:\Users\Nadine\AppData\Local\Temp\~tmp2732041668837607612.exe (Trojan.Agent.NR) -> Keine Aktion durchgeführt. (Ende) Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.04.30.02 Windows Vista x86 NTFS (Abgesichertenmodus/Netzwerkfähig) Internet Explorer 7.0.6000.16982 Nadine :: MEINPC [Administrator] 30.04.2013 11:23:20 mbam-log-2013-04-30 (11-23-20).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 201183 Laufzeit: 7 Minute(n), 36 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter OTL logfile created on: 30.04.2013 13:13:07 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Nadine Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation Internet Explorer (Version = 7.0.6000.16982) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,27 Gb Available Physical Memory | 63,70% Memory free 4,20 Gb Paging File | 3,19 Gb Available in Paging File | 75,94% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 212,88 Gb Total Space | 50,77 Gb Free Space | 23,85% Space Free | Partition Type: NTFS Drive D: | 20,00 Gb Total Space | 10,50 Gb Free Space | 52,52% Space Free | Partition Type: FAT32 Computer Name: MEINPC | User Name: Nadine | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.04.30 13:10:57 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Nadine\OTL.exe PRC - [2013.03.30 19:27:25 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2013.03.30 19:25:57 | 000,079,584 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2013.03.30 19:25:44 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2013.03.30 19:25:41 | 000,345,312 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.08.22 18:29:39 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2012.08.22 18:16:19 | 001,232,896 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe PRC - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011.12.30 08:39:10 | 004,889,032 | ---- | M] (SafeNet Inc.) -- C:\Windows\System32\hasplms.exe PRC - [2009.03.05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy\TeaTimer.exe PRC - [2007.12.05 05:31:48 | 004,710,400 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2007.08.16 11:31:40 | 001,681,408 | ---- | M] (Buhl Data Service GmbH) -- C:\Programme\Sceneo\AbsolutTV\Services\PVR\pvrservice.exe PRC - [2007.07.12 17:36:12 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe PRC - [2007.07.12 17:36:10 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe PRC - [2007.04.19 13:11:08 | 000,016,384 | ---- | M] (Empolis GmbH) -- C:\Programme\Medion\MEDIONbox\Program\GCS.exe PRC - [2007.02.25 22:55:18 | 000,125,048 | ---- | M] (TOSHIBA CORPORATION) -- C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe PRC - [2006.11.02 11:44:59 | 000,068,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe PRC - [2001.11.12 14:31:48 | 000,020,480 | ---- | M] (X10) -- C:\Programme\Common Files\X10\Common\X10nets.exe ========== Modules (No Company Name) ========== MOD - [2006.05.07 18:28:48 | 000,057,451 | ---- | M] () -- C:\Programme\ICQLite\ICQLiteShell.dll ========== Services (SafeList) ========== SRV - [2013.04.03 15:58:42 | 000,116,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.03.30 19:27:25 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2013.03.30 19:25:44 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.12.30 08:39:10 | 004,889,032 | ---- | M] (SafeNet Inc.) [Auto | Running] -- C:\Windows\System32\hasplms.exe -- (hasplms) SRV - [2007.12.03 09:51:15 | 000,265,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007.08.16 11:31:40 | 001,681,408 | ---- | M] (Buhl Data Service GmbH) [Auto | Running] -- C:\Programme\Sceneo\AbsolutTV\Services\PVR\pvrservice.exe -- (srvcPVR) SRV - [2007.07.12 17:36:12 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) SRV - [2007.04.19 13:11:06 | 000,036,864 | ---- | M] (Empolis GmbH) [Auto | Stopped] -- c:\Programme\Common Files\Gnab\Service\ServiceController.exe -- (GnabService) SRV - [2007.02.25 22:55:18 | 000,125,048 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service) SRV - [2006.11.02 14:36:04 | 000,895,488 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2006.10.26 20:49:34 | 000,441,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2006.10.26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) SRV - [2005.11.17 16:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Programme\ALDI Foto Service Nord\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance) SRV - [2001.11.12 14:31:48 | 000,020,480 | ---- | M] (X10) [Auto | Running] -- C:\Programme\Common Files\X10\Common\X10nets.exe -- (x10nets) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive) DRV - [2013.03.30 19:27:34 | 000,135,136 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2013.03.30 19:27:34 | 000,084,744 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2013.03.30 19:27:34 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2013.02.25 14:12:19 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2011.10.04 14:03:48 | 000,367,560 | ---- | M] (SafeNet Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\aksfridge.sys -- (aksfridge) DRV - [2011.08.10 15:05:24 | 000,596,424 | ---- | M] (SafeNet Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\hardlock.sys -- (hardlock) DRV - [2009.11.12 14:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen) DRV - [2008.08.26 06:45:00 | 000,067,072 | ---- | M] (SCM Microsystems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SPR3322K.sys -- (SPR3322K) DRV - [2007.10.24 00:03:00 | 007,629,664 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2007.07.31 12:58:18 | 000,908,896 | ---- | M] (NXP Semiconductors Germany GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PhilCap.sys -- (PhilCap) DRV - [2007.06.26 14:44:22 | 000,131,584 | ---- | M] (Genesys Logic, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\USBGENE.sys -- (DCamUSBGene) DRV - [2007.06.11 15:25:28 | 000,041,856 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfusb.sys -- (Tosrfusb) DRV - [2007.05.24 15:27:30 | 000,064,000 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\tosrfcom.sys -- (Tosrfcom) DRV - [2007.04.24 14:20:06 | 000,113,920 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfbd.sys -- (tosrfbd) DRV - [2007.03.05 22:28:00 | 000,076,288 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) DRV - [2007.03.01 17:53:10 | 000,073,728 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Tosrfhid.sys -- (Tosrfhid) DRV - [2007.01.22 11:43:26 | 000,053,376 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TosRfSnd.sys -- (TosRfSnd) DRV - [2006.11.30 16:18:18 | 000,027,416 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\x10ufx2.sys -- (XUIF) DRV - [2006.11.20 18:55:16 | 000,036,480 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfbnp.sys -- (tosrfbnp) DRV - [2006.11.17 11:31:04 | 000,013,976 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10hid.sys -- (X10Hid) DRV - [2006.11.02 09:41:50 | 000,983,552 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2006.11.02 09:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300) DRV - [2006.10.10 20:33:00 | 000,041,600 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosporte.sys -- (tosporte) DRV - [2006.05.01 13:16:22 | 000,061,600 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SE2Ebus.sys -- (SE2Ebus) DRV - [2005.07.11 19:58:00 | 000,003,712 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Toshidpt.sys -- (toshidpt) DRV - [2005.01.06 14:42:00 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfnds.sys -- (tosrfnds) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/ IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = {6552C7DD-90A4-4387-B795-F8F96747DE19} IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA IE - HKCU\..\SearchScopes\{BE9654C9-9D79-42ec-B55A-3CAEB12DBF58}: "URL" = hxxp://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.suggest.enabled: false FF - prefs.js..browser.search.update: false FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.t-online.de" FF - prefs.js..extensions.enabledAddons: stealthyextension@gmail.com:2.3.3 FF - prefs.js..extensions.enabledAddons: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:12.6 FF - prefs.js..extensions.enabledAddons: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.68 FF - prefs.js..extensions.enabledAddons: {8AA36F4F-6DC7-4c06-77AF-5035170634FE}:2013.01.16 FF - prefs.js..extensions.enabledItems: dvscontextmenuy@dvdvideosoft.com:1.0 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:4.6.3 FF - prefs.js..extensions.enabledItems: noiatabs@sonco.com:1.4.0 FF - prefs.js..extensions.enabledItems: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.49 FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94 FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94 FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=" FF - prefs.js..network.proxy.http: "190.0.58.58" FF - prefs.js..network.proxy.http_port: 8080 FF - prefs.js..network.proxy.no_proxies_on: "localhost, 127.0.0.1, stealthy.co" FF - prefs.js..network.proxy.share_proxy_settings: true FF - prefs.js..network.proxy.type: 0 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.448: C:\Program Files\VistaCodecPack\rm\browser\plugins\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}: C:\Program Files\Common Files\DVDVideoSoft\plugins\ff\ FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{8AA36F4F-6DC7-4c06-77AF-5035170634FE}: C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2013.04.10 15:09:25 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.03.18 00:52:01 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.03.18 00:52:01 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.04.03 15:58:23 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2013.04.03 15:58:29 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.03.18 00:52:01 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.03.18 00:52:01 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.04.03 15:58:23 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2013.04.03 15:58:29 | 000,000,000 | ---D | M] [2010.02.19 19:34:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nadine\AppData\Roaming\mozilla\Extensions [2010.01.03 18:41:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nadine\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2013.01.19 22:57:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nadine\AppData\Roaming\mozilla\Firefox\Profiles\e927lpq3.default\extensions [2012.08.26 16:35:11 | 000,184,864 | ---- | M] () (No name found) -- C:\Users\Nadine\AppData\Roaming\mozilla\firefox\profiles\e927lpq3.default\extensions\stealthyextension@gmail.com.xpi [2012.08.26 16:35:09 | 000,084,548 | ---- | M] () (No name found) -- C:\Users\Nadine\AppData\Roaming\mozilla\firefox\profiles\e927lpq3.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}.xpi [2012.08.26 16:35:25 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Nadine\AppData\Roaming\mozilla\firefox\profiles\e927lpq3.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.08.26 16:35:14 | 000,138,614 | ---- | M] () (No name found) -- C:\Users\Nadine\AppData\Roaming\mozilla\firefox\profiles\e927lpq3.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2012.08.26 16:33:59 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2010.01.21 20:49:59 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2012.07.30 20:11:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2013.04.10 15:09:25 | 000,000,000 | ---D | M] (Citavi Picker) -- C:\PROGRAMDATA\SWISS ACADEMIC SOFTWARE\CITAVI PICKER\FIREFOX [2012.10.28 19:52:29 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.07.14 02:45:08 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.10.28 19:52:26 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.07.14 02:45:08 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.07.14 02:45:08 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.07.14 02:45:08 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.07.14 02:45:07 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (DVDVideoSoft WebPageAdjuster Class) - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll File not found O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation) O4 - HKLM..\Run: [MSConfig] C:\Windows\System32\msconfig.exe (Microsoft Corporation) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [SynTPStart] C:\Programme\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O8 - Extra context menu item: Free YouTube Download - C:\Program Files\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm File not found O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Program Files\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm File not found O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Save YouTube Video as MP3 - res://C:\Program Files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP3.htm File not found O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe File not found O9 - Extra 'Tools' menuitem : ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe File not found O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O9 - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll File not found O9 - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll File not found O13 - gopher Prefix: missing O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1196839374280 (MUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03) O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 10.7.2) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.179.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{91F79B75-39A0-4DF4-8738-A796CFFD044A}: DhcpNameServer = 192.168.3.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BC007ABC-3C0C-49A3-B143-4E67BF6BCA89}: DhcpNameServer = 192.168.179.1 O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Common Files\microsoft shared\Web Folders\PKMCDO.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - File not found O24 - Desktop WallPaper: C:\Users\Nadine\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Nadine\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{06ccd367-ef84-11dc-a840-001060d11aa2}\Shell\AutoRun\command - "" = G:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\recycle.exe O33 - MountPoints2\{06ccd367-ef84-11dc-a840-001060d11aa2}\Shell\open\command - "" = G:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\recycle.exe O33 - MountPoints2\{5ff9e8be-4ed0-11df-bf34-0040d0e4dd92}\Shell - "" = AutoRun O33 - MountPoints2\{5ff9e8be-4ed0-11df-bf34-0040d0e4dd92}\Shell\AutoRun\command - "" = G:\LaunchU3.exe O33 - MountPoints2\{87f346d3-1a56-11df-bad1-0040d0e4dd92}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL autorun.exe O33 - MountPoints2\{a823fb8f-296c-11e0-9680-0040d0e4dd92}\Shell - "" = AutoRun O33 - MountPoints2\{a823fb8f-296c-11e0-9680-0040d0e4dd92}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a O33 - MountPoints2\{eef0b596-8ec4-11dd-803a-001060d11aa2}\Shell - "" = AutoRun O33 - MountPoints2\{eef0b596-8ec4-11dd-803a-001060d11aa2}\Shell\AutoRun\command - "" = H:\LaunchU3.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013.04.30 13:10:55 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Nadine\OTL.exe [2013.04.30 10:46:04 | 000,000,000 | ---D | C] -- C:\Users\Nadine\AppData\Roaming\Malwarebytes [2013.04.30 10:45:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.04.30 10:45:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.04.30 10:45:54 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2013.04.30 10:45:54 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2013.04.30 10:44:41 | 010,285,040 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Nadine\mbam-setup-1.75.0.1300.exe [2013.04.29 23:50:15 | 000,000,000 | ---D | C] -- C:\ProgramData\F00ADA6E5B9533650000F009EA69382C [2013.04.10 15:55:18 | 000,000,000 | ---D | C] -- C:\Users\Nadine\AppData\Roaming\Swiss Academic Software [2013.04.10 15:55:18 | 000,000,000 | ---D | C] -- C:\Users\Nadine\Documents\Citavi 3 [2013.04.10 15:09:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citavi 3 [2013.04.10 15:07:32 | 000,000,000 | ---D | C] -- C:\Program Files\Citavi 3 [2013.04.10 15:02:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Swiss Academic Software [2013.04.03 15:58:23 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird [2013.01.31 23:24:31 | 005,076,855 | ---- | C] (XMedia Recode ) -- C:\Users\Nadine\XMediaRecode3141_setup.exe [2012.11.23 23:14:10 | 024,842,968 | ---- | C] (DVDVideoSoft Ltd. ) -- C:\Users\Nadine\FreeYouTubeToMP3Converter.exe [2012.10.23 00:32:02 | 000,853,513 | ---- | C] (e-merge GmbH) -- C:\Users\Nadine\mrsetup.exe [2012.10.20 15:26:01 | 021,415,874 | ---- | C] (Audacity Team ) -- C:\Users\Nadine\audacity-win-2.0.2.exe [2012.10.20 15:25:06 | 005,152,896 | ---- | C] (Canneverbe Limited ) -- C:\Users\Nadine\cdbxp_setup_4.4.2.3442_minimal.exe [2012.08.31 14:19:03 | 000,894,952 | ---- | C] (Oracle Corporation) -- C:\Users\Nadine\jxpiinstall.exe [2012.08.27 16:39:37 | 023,652,248 | ---- | C] (DVDVideoSoft Ltd. ) -- C:\Users\Nadine\FreeYouTubeDownload.exe [2012.08.26 16:30:34 | 016,660,184 | ---- | C] (Mozilla) -- C:\Users\Nadine\Firefox_Setup_14.0.1.exe [2012.07.21 21:46:32 | 014,593,325 | ---- | C] (Andrea Vacondio) -- C:\Users\Nadine\pdfsam-win-v2_2_1.exe [2012.01.14 19:16:24 | 040,437,664 | ---- | C] (Apple Inc.) -- C:\Users\Nadine\QuickTimeInstaller.exe [2011.10.04 19:13:52 | 001,081,480 | ---- | C] (Skype Technologies S.A.) -- C:\Users\Nadine\SkypeSetup.exe [2011.08.02 19:46:49 | 002,959,376 | ---- | C] (Microsoft Corporation) -- C:\Users\Nadine\dotnetfx35setup.exe [2011.03.21 23:12:32 | 002,406,717 | ---- | C] (Andreas Jellinghaus ) -- C:\Users\Nadine\scb-0.10.exe [2011.03.21 22:59:57 | 002,016,013 | ---- | C] (OpenSC Project ) -- C:\Users\Nadine\OpenSC-0.12.0.win32.exe [2010.04.18 20:28:09 | 000,562,848 | ---- | C] (Google Inc.) -- C:\Users\Nadine\GoogleEarthSetup.exe [2010.04.09 19:28:52 | 023,341,560 | ---- | C] (Any-Video-Converter.com ) -- C:\Users\Nadine\avc-free.exe [2010.04.09 19:01:08 | 022,889,183 | ---- | C] (Shark007) -- C:\Users\Nadine\VistaCodecs_v567.exe [2010.01.03 18:38:44 | 008,839,520 | ---- | C] (Mozilla) -- C:\Users\Nadine\Thunderbird_Setup_3.0.exe [2010.01.03 16:01:32 | 005,865,064 | ---- | C] (SweetIM Technologies Lt) -- C:\Users\Nadine\SweetImSetup.exe [2009.12.02 21:45:33 | 004,274,696 | ---- | C] (Adobe Systems Inc.) -- C:\Users\Nadine\Shockwave_Installer_Slim.exe [2009.10.22 13:10:07 | 001,066,456 | ---- | C] (Piriform Ltd) -- C:\Users\Nadine\ccsetup224_slim.exe [2009.06.09 16:59:32 | 001,012,704 | ---- | C] (Noteworthy Software, Inc.) -- C:\Users\Nadine\setup_nwc2_demo.exe [2009.06.06 17:27:46 | 005,566,192 | ---- | C] (labDV ) -- C:\Users\Nadine\DVDx_2_20_setup.exe [2008.07.15 17:53:07 | 015,083,520 | ---- | C] (Safer Networking Limited ) -- C:\Users\Nadine\spybotsd160.exe ========== Files - Modified Within 30 Days ========== [2013.04.30 13:10:57 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Nadine\OTL.exe [2013.04.30 13:08:52 | 000,000,000 | ---- | M] () -- C:\Users\Nadine\defogger_reenable [2013.04.30 13:07:04 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.04.30 13:06:31 | 000,050,477 | ---- | M] () -- C:\Users\Nadine\Defogger.exe [2013.04.30 12:43:18 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2013.04.30 12:43:18 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2013.04.30 11:48:31 | 000,651,350 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.04.30 11:48:31 | 000,618,470 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.04.30 11:48:31 | 000,121,114 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.04.30 11:48:31 | 000,107,614 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.04.30 11:44:42 | 000,027,934 | ---- | M] () -- C:\Users\Nadine\AppData\Roaming\nvModes.001 [2013.04.30 11:43:30 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.04.30 11:43:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.04.30 11:43:10 | 2145,837,056 | -HS- | M] () -- C:\hiberfil.sys [2013.04.30 11:26:33 | 000,229,888 | ---- | M] () -- C:\Users\Nadine\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2013.04.30 11:16:37 | 000,000,356 | ---- | M] () -- C:\Windows\tasks\{98E2824C-5377-49FF-8D1F-181C7793FD2A}.job [2013.04.30 11:13:10 | 000,002,379 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk [2013.04.30 11:10:24 | 000,001,356 | ---- | M] () -- C:\Users\Nadine\AppData\Local\d3d9caps.dat [2013.04.30 10:45:56 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.04.30 10:44:41 | 010,285,040 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Nadine\mbam-setup-1.75.0.1300.exe [2013.04.30 10:22:10 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2013.04.30 09:59:05 | 000,027,934 | ---- | M] () -- C:\Users\Nadine\AppData\Roaming\nvModes.dat [2013.04.29 23:57:48 | 000,020,549 | ---- | M] () -- C:\Users\Nadine\Desktop\Recherche.odt [2013.04.29 23:57:48 | 000,000,096 | -H-- | M] () -- C:\Users\Nadine\Desktop\.~lock.Recherche.odt# [2013.04.29 19:05:34 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{9ADB12DD-3140-4893-BBC5-4A3DD1105517}.job [2013.04.18 17:17:54 | 000,019,248 | ---- | M] () -- C:\Users\Nadine\Desktop\Kündigung Wohnung.odt [2013.04.10 15:09:26 | 000,001,840 | ---- | M] () -- C:\Users\Public\Desktop\Citavi 3.lnk [2013.04.10 14:27:16 | 073,427,800 | ---- | M] () -- C:\Users\Nadine\CitaviSetup.exe [2013.04.04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys ========== Files Created - No Company Name ========== [2013.04.30 13:08:52 | 000,000,000 | ---- | C] () -- C:\Users\Nadine\defogger_reenable [2013.04.30 13:06:30 | 000,050,477 | ---- | C] () -- C:\Users\Nadine\Defogger.exe [2013.04.30 11:43:10 | 2145,837,056 | -HS- | C] () -- C:\hiberfil.sys [2013.04.30 11:16:37 | 000,000,356 | ---- | C] () -- C:\Windows\tasks\{98E2824C-5377-49FF-8D1F-181C7793FD2A}.job [2013.04.30 10:45:56 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.04.29 22:51:02 | 000,000,096 | -H-- | C] () -- C:\Users\Nadine\Desktop\.~lock.Recherche.odt# [2013.04.29 22:51:00 | 000,020,549 | ---- | C] () -- C:\Users\Nadine\Desktop\Recherche.odt [2013.04.15 21:16:21 | 000,019,248 | ---- | C] () -- C:\Users\Nadine\Desktop\Kündigung Wohnung.odt [2013.04.10 15:09:26 | 000,001,840 | ---- | C] () -- C:\Users\Public\Desktop\Citavi 3.lnk [2013.04.10 14:22:44 | 073,427,800 | ---- | C] () -- C:\Users\Nadine\CitaviSetup.exe [2013.02.25 13:51:33 | 002,086,240 | ---- | C] () -- C:\Users\Nadine\avira_free_antivirus.exe [2013.02.01 16:33:06 | 447,479,568 | ---- | C] () -- C:\Users\Nadine\CL.2418_GM4_Trial_VDE121106-02.exe [2013.01.31 23:12:19 | 051,126,784 | ---- | C] () -- C:\Users\Nadine\wz170-32gev.msi [2013.01.28 01:01:55 | 000,527,423 | ---- | C] ( ) -- C:\Users\Nadine\Lame_v3.99.3_for_Windows.exe [2013.01.28 01:01:01 | 000,251,234 | ---- | C] () -- C:\Users\Nadine\Lame_Library_v3.98.2_for_Audacity_on_OSX.dmg [2012.10.31 22:49:14 | 001,280,956 | ---- | C] () -- C:\Users\Nadine\happy_install.exe [2012.10.23 00:53:40 | 000,000,910 | ---- | C] () -- C:\Windows\XLMSoft.ini [2012.10.01 19:06:55 | 152,249,762 | ---- | C] () -- C:\Users\Nadine\Apache_OpenOffice_incubating_3.4.1_Win_x86_install_de.exe [2012.08.23 20:50:28 | 000,025,165 | ---- | C] () -- C:\Users\Nadine\AppData\Roaming\UserTile.png [2012.08.06 17:55:18 | 022,617,148 | ---- | C] () -- C:\Users\Nadine\vlc-2.0.3-win32.exe [2012.04.04 14:07:42 | 168,166,968 | ---- | C] () -- C:\Users\Nadine\OOo_3.3.0_Win_x86_install-wJRE_de.exe [2012.01.29 21:53:14 | 087,262,320 | ---- | C] () -- C:\Users\Nadine\avira_free_antivirus_de.exe [2010.10.18 11:56:12 | 000,611,613 | ---- | C] () -- C:\Users\Nadine\SecureW2_Personal_Client_206_UniGi_20091021.exe [2010.07.15 18:50:06 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010.05.12 12:25:19 | 020,483,048 | ---- | C] () -- C:\Users\Nadine\Sun_ODF_Template_Pack2_de.oxt [2010.04.05 19:23:51 | 000,000,322 | ---- | C] () -- C:\Users\Nadine\mp4toavi.ini [2010.02.24 21:14:09 | 003,421,451 | ---- | C] () -- C:\Users\Nadine\odf-converter-integrator-0.2.3-installer.exe [2009.12.31 17:48:16 | 000,001,024 | ---- | C] () -- C:\Users\Nadine\.rnd [2009.12.30 18:32:26 | 000,001,356 | ---- | C] () -- C:\Users\Nadine\AppData\Local\d3d9caps.dat [2009.11.26 20:20:01 | 000,899,414 | ---- | C] () -- C:\Users\Nadine\SetupDVDDecrypter_3.5.4.0.exe [2009.08.24 00:13:01 | 000,027,934 | ---- | C] () -- C:\Users\Nadine\AppData\Roaming\nvModes.001 [2009.08.24 00:13:00 | 000,027,934 | ---- | C] () -- C:\Users\Nadine\AppData\Roaming\nvModes.dat [2008.11.10 22:14:46 | 000,204,073 | ---- | C] () -- C:\Users\Nadine\DataRecovery_EN.zip [2008.11.10 22:08:05 | 025,093,328 | ---- | C] () -- C:\Users\Nadine\antivir_workstation8.1.0.331_winu_de_h.exe [2008.03.12 21:41:48 | 000,000,214 | ---- | C] () -- C:\Users\Nadine\AppData\Roaming\default.pls [2008.02.18 20:57:52 | 050,712,703 | ---- | C] () -- C:\Users\Nadine\23000 Guitar Pro Tabs - My Songbook.zip [2008.02.02 18:36:10 | 000,000,000 | ---- | C] () -- C:\Users\Nadine\AppData\Roaming\sversion.ini [2008.01.21 19:01:05 | 000,002,188 | ---- | C] () -- C:\Users\Nadine\AppData\Roaming\wklnhst.dat [2008.01.21 18:56:41 | 000,000,094 | ---- | C] () -- C:\Users\Nadine\AppData\Local\fusioncache.dat [2008.01.21 18:56:30 | 000,000,375 | ---- | C] () -- C:\Users\Nadine\Pictures.lnk [2008.01.21 18:20:35 | 000,229,888 | ---- | C] () -- C:\Users\Nadine\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== ZeroAccess Check ========== [2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.08.22 18:32:00 | 011,315,712 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2012.08.22 18:21:44 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2006.11.02 11:46:13 | 000,348,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2010.04.09 19:32:24 | 000,000,000 | ---D | M] -- C:\Users\Nadine\AppData\Roaming\AnvSoft [2013.01.28 01:08:56 | 000,000,000 | ---D | M] -- C:\Users\Nadine\AppData\Roaming\Audacity [2009.01.28 10:12:40 | 000,000,000 | ---D | M] -- C:\Users\Nadine\AppData\Roaming\Buhl Data Service GmbH [2010.02.01 23:55:32 | 000,000,000 | ---D | M] -- C:\Users\Nadine\AppData\Roaming\Canneverbe Limited [2011.03.21 22:25:31 | 000,000,000 | ---D | M] -- C:\Users\Nadine\AppData\Roaming\Cherry [2013.03.25 23:21:26 | 000,000,000 | ---D | M] -- C:\Users\Nadine\AppData\Roaming\DVDVideoSoft [2013.02.04 21:24:12 | 000,000,000 | ---D | M] -- C:\Users\Nadine\AppData\Roaming\DVDVideoSoftIEHelpers [2008.06.09 22:35:35 | 000,000,000 | ---D | M] -- C:\Users\Nadine\AppData\Roaming\gtopala [2009.06.09 18:11:49 | 000,000,000 | ---D | M] -- C:\Users\Nadine\AppData\Roaming\Noteworthy Software [2012.04.04 19:39:23 | 000,000,000 | ---D | M] -- C:\Users\Nadine\AppData\Roaming\OpenOffice.org [2012.08.23 20:50:27 | 000,000,000 | ---D | M] -- C:\Users\Nadine\AppData\Roaming\PeerNetworking [2013.03.18 01:19:35 | 000,000,000 | ---D | M] -- C:\Users\Nadine\AppData\Roaming\PhotoScape [2008.01.21 22:18:35 | 000,000,000 | ---D | M] -- C:\Users\Nadine\AppData\Roaming\Sonavis [2008.05.10 15:41:25 | 000,000,000 | ---D | M] -- C:\Users\Nadine\AppData\Roaming\STOIK [2013.04.10 16:13:49 | 000,000,000 | ---D | M] -- C:\Users\Nadine\AppData\Roaming\Swiss Academic Software [2011.11.24 22:42:20 | 000,000,000 | ---D | M] -- C:\Users\Nadine\AppData\Roaming\Template [2010.01.03 18:41:56 | 000,000,000 | ---D | M] -- C:\Users\Nadine\AppData\Roaming\Thunderbird [2009.11.18 21:05:51 | 000,000,000 | ---D | M] -- C:\Users\Nadine\AppData\Roaming\Toshiba [2008.01.21 19:18:57 | 000,000,000 | ---D | M] -- C:\Users\Nadine\AppData\Roaming\Ulead Systems [2010.04.09 19:14:36 | 000,000,000 | ---D | M] -- C:\Users\Nadine\AppData\Roaming\VistaCodecs [2013.03.18 01:27:00 | 000,000,000 | ---D | M] -- C:\Users\Nadine\AppData\Roaming\XMedia Recode [2012.02.07 14:37:58 | 000,000,000 | ---D | M] -- C:\Users\Nadine\AppData\Roaming\Yhaty ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:DFC5A2B2 < End of report > Code:
ATTFilter OTL Extras logfile created on: 30.04.2013 13:13:07 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Nadine
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16982)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,27 Gb Available Physical Memory | 63,70% Memory free
4,20 Gb Paging File | 3,19 Gb Available in Paging File | 75,94% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 212,88 Gb Total Space | 50,77 Gb Free Space | 23,85% Space Free | Partition Type: NTFS
Drive D: | 20,00 Gb Total Space | 10,50 Gb Free Space | 52,52% Space Free | Partition Type: FAT32
Computer Name: MEINPC | User Name: Nadine | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{9F220FCE-1F96-4568-B0E2-1DB05251A593}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{A418F797-B170-49F8-A372-E6164E436FDB}" = lport=2869 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{11A9752B-9DD3-4069-A698-B04E5E186262}" = dir=in | app=c:\program files\homecinema\makedisc\makedisc.exe |
"{13CE01A1-06DC-4057-8480-55827776D201}" = dir=in | app=c:\windows\system32\hasplms.exe |
"{13E7AD4A-BFCC-4F5A-9805-68AD0A50464B}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbir.exe |
"{14B890A1-568D-4578-A397-5C9612D6F462}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1DD7DAEF-83BE-4E20-B053-6FEFBF783DDB}" = dir=in | app=c:\program files\msn messenger\msnmsgr.exe |
"{37978879-6125-4E63-8B03-F8D040113224}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbstreamerclient.exe |
"{56A9574E-04FD-45B0-9143-B8BFE444BB55}" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"{585CD4CE-3FBC-4E9B-A6F0-5AED0A00839C}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbstreamerclient.exe |
"{6FCDD6A5-98BD-4351-8129-0574451946B4}" = dir=in | app=c:\program files\homecinema\powerdvd\powerdvd.exe |
"{7A9C420A-5843-4B0B-86BC-FCAA72D45926}" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"{7CC2E197-F165-494F-9F4D-3A5497F7B771}" = dir=in | app=c:\windows\system32\hasplms.exe |
"{817013FA-6AF2-47E5-97A9-192FF93F7FF6}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orb.exe |
"{8AB7485E-E78D-4787-A74F-640334414280}" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"{B3718080-BEFE-4FE9-9020-17B02925988F}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{B40D036E-98DD-403D-A5C9-BA31E9F1BCEB}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{BBD0401B-946E-4704-A8E3-A82FEF38555F}" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"{BCAA4B2C-32C8-4B67-B788-B81EE38AAC8B}" = dir=in | app=c:\program files\msn messenger\livecall.exe |
"{C7F5B251-39DD-42F1-8436-347DCCC543A1}" = dir=in | app=c:\program files\homecinema\powerdirector\pdr.exe |
"{CA989E53-5EA9-4CCC-9D38-7B1FE65FC99B}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbtray.exe |
"{CAFD479B-74C0-4F4F-AB8E-659B9FEF1E85}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{CB071F6F-68B1-45A8-ACFC-E542185945BE}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{CEA632DA-2AFC-4A93-B177-220F442C250E}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{CF8765A7-4B47-4E92-BBD5-8DD8E638B354}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbir.exe |
"{D3A76EA0-9F2F-4404-BD0D-C7FE6DD603D9}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{DA09ED9E-2720-484C-BEE3-D1598D474D92}" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"{E074B0F7-55BC-496C-97CE-A6642CE69F4F}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orb.exe |
"{EDC2CF85-9297-400A-A14C-3F01B707AC52}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbtray.exe |
"{EEAC32AE-AB2F-405E-A0FD-9C07F26F4B23}" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{42ED0569-52A9-4C83-9F46-5A87A4178A3B}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{6004CAD2-CA80-4472-A299-257A839E0CFB}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe |
"TCP Query User{DDA6119A-8D32-4FFD-AE7B-D371EA5BDDF1}C:\program files\icqlite\icqlite.exe" = protocol=6 | dir=in | app=c:\program files\icqlite\icqlite.exe |
"TCP Query User{E9B3E9B3-F93E-4AA9-8D37-B753C213FEF6}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{F31FF8CE-1450-4E7B-928D-17C0BFCEFDF8}C:\program files\gadu-gadu\gg.exe" = protocol=6 | dir=in | app=c:\program files\gadu-gadu\gg.exe |
"UDP Query User{215217C5-F36B-450B-90EE-029EB0F1C288}C:\program files\icqlite\icqlite.exe" = protocol=17 | dir=in | app=c:\program files\icqlite\icqlite.exe |
"UDP Query User{23C74E52-250B-4321-BE6C-2CB2610CFAA2}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{60E1E0F2-C338-4E25-85EF-676268DE0927}C:\program files\gadu-gadu\gg.exe" = protocol=17 | dir=in | app=c:\program files\gadu-gadu\gg.exe |
"UDP Query User{88A6293D-9F63-45BD-A8C1-0B5907290196}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{C8B45BC7-6B77-4B5B-B1E0-CDF0E1BF32AA}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = YouCam
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{05440044-64A6-4248-A026-9745C1E9E159}" = Microsoft Encarta Enzyklopädie 2005
"{11AFE21E-B193-430D-B57A-DFF7815BB962}" = Ulead PhotoImpact 12
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 33
"{27FDF949-69CE-435A-8372-339F72336AC5}" = MEDIONbox
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3F262ADC-5AD2-48E5-A586-44315E04A9E2}" = Microsoft Picture It!-Bibliothek 10
"{3FB39BED-37C8-4E60-8E02-315B8C2B07E3}" = Genesys PC Camera Device
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{42756145-9997-4D28-809B-8756BFD00106}" = Microsoft Picture It! Foto Premium 10
"{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C73B683-B15D-4B94-AC7A-520B70C4FFE9}" = Sceneo AbsolutTV
"{54971F17-9D16-4D43-95D6-3A86E3D20EDB}" = Office-Bibliothek 4.1
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{588D9F5F-8C62-4421-BAE9-CCAA57D4E4EE}" = TVsweeper 3
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{67E4EE98-59F4-4220-89A6-A20AF5BEC689}" = Microsoft AutoRoute 2005
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{8751236B-9BF4-4EA6-B599-6FB9F3A74927}" = Sven Bomwollen
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}" = Ralink Wireless LAN
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{911B0407-6000-11D3-8CFE-0050048383C9}" = Microsoft Word 2002
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9 - Blocker
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B145EC69-66F5-11D8-9D75-000129760D75}" = MakeDisc
"{B26E3B0D-C2FA-4370-B068-7C476766F029}" = Microsoft Works
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{BDD73EB0-0485-4B79-93EC-CF2EAEFF3BAB}_is1" = OpenSC
"{C438DF2B-C5DF-4783-9CA5-9B89E501FA62}" = Works Update
"{C6A12D9B-D86A-4ee6-B980-95E4B26A2E13}" = Microsoft Works Suite-Add-Ins für Microsoft Word
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240D8}" = WinZip 17.0
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"{D5A9B7C0-8751-11D8-9D75-000129760D75}" = MediaShow
"{D8D22773-14BF-4178-A683-3DBA515C2A26}" = WISO Mein Geld 2008 Professional
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{E0091C29-DEE8-4B24-BF65-8C35B5940D77}" = Letstrade
"{E12C6653-1FF0-4686-ADB8-589C13AE761F}" = Citavi
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F7DAC756-8358-484B-928C-457F4E0E4B82}" = Cherry Smart Device Package V1.10 Build 4
"{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}" = Vista Codec Package
"{XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX}" = CyberLink YouCam
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"ANNO1602" = Anno 1602
"Any Video Converter_is1" = Any Video Converter 3.2.7
"Audacity_is1" = Audacity 2.0.2
"Avira AntiVir Desktop" = Avira Free Antivirus
"CCleaner" = CCleaner (remove only)
"DVD Decrypter" = DVD Decrypter (Remove Only)
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.12.1.320
"Guitar Pro 5_is1" = Guitar Pro 5.0
"Happyland Adventures - Xmas Edition_is1" = Happyland Adventures - Xmas Edition v1.3
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"LAME_is1" = LAME v3.99.3 (for Windows)
"Mad Robots 2004" = Mad Robots 2004
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"MEDION Fotos auf CD Nord D" = MEDION Fotos auf CD Nord
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Moorhuhn Winter-Edition" = Moorhuhn Winter-Edition
"Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de)
"Mozilla Thunderbird 17.0.5 (x86 de)" = Mozilla Thunderbird 17.0.5 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIA Drivers" = NVIDIA Drivers
"odf-converter-integrator" = odf-converter-integrator
"pdfsam" = pdfsam
"PictureItPrem_v10" = Microsoft Picture It! Foto Premium 10
"Revo Uninstaller" = Revo Uninstaller 1.94
"SecureW2 Personal Client - Distribution Edition" = SecureW2 Personal Client - Distribution Edition 2.0.6 for Windows
"Shockwave" = Shockwave
"Smart card bundle_is1" = Smart card bundle 0.10
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VLC media player" = VLC media player 2.0.3
"Wise Registry Cleaner_is1" = Wise Registry Cleaner 4 Free 4.73
"Works2005Setup" = Setup-Start von Microsoft Works 2005
"X10Hardware" = X10 Hardware(TM)
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 01.02.2012 18:25:02 | Computer Name = MeinPC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung AcroRd32.exe, Version 8.1.0.137, Zeitstempel
0x46444e37, fehlerhaftes Modul ADMPlugin.apl, Version 3.16.128.32, Zeitstempel
0x464415c4, Ausnahmecode 0x40000015, Fehleroffset 0x000aa341, Prozess-ID 0x9f0, Anwendungsstartzeit
01cce12f91ea6d50.
Error - 01.02.2012 18:53:57 | Computer Name = MeinPC | Source = VSS | ID = 8194
Description =
Error - 01.02.2012 18:58:59 | Computer Name = MeinPC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 01.02.2012 19:00:29 | Computer Name = MeinPC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 01.02.2012 19:00:32 | Computer Name = MeinPC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 01.02.2012 19:00:32 | Computer Name = MeinPC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 01.02.2012 19:00:33 | Computer Name = MeinPC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 01.02.2012 19:00:47 | Computer Name = MeinPC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 01.02.2012 19:00:47 | Computer Name = MeinPC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 09.02.2012 19:45:00 | Computer Name = MeinPC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung wmplayer.exe, Version 11.0.6000.6344, Zeitstempel
0x46e5f12e, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
Ausnahmecode 0xc0000005, Fehleroffset 0x00000000, Prozess-ID 0x3b8, Anwendungsstartzeit
01cce783fc782c18.
[ OSession Events ]
Error - 21.10.2009 15:10:20 | Computer Name = MeinPC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 3
seconds with 0 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 30.04.2013 07:26:28 | Computer Name = MeinPC | Source = Service Control Manager | ID = 7001
Description =
Error - 30.04.2013 07:26:29 | Computer Name = MeinPC | Source = Service Control Manager | ID = 7001
Description =
Error - 30.04.2013 07:26:30 | Computer Name = MeinPC | Source = Service Control Manager | ID = 7001
Description =
Error - 30.04.2013 07:26:31 | Computer Name = MeinPC | Source = Service Control Manager | ID = 7001
Description =
Error - 30.04.2013 07:26:32 | Computer Name = MeinPC | Source = Service Control Manager | ID = 7001
Description =
Error - 30.04.2013 07:26:33 | Computer Name = MeinPC | Source = Service Control Manager | ID = 7001
Description =
Error - 30.04.2013 07:26:34 | Computer Name = MeinPC | Source = Service Control Manager | ID = 7001
Description =
Error - 30.04.2013 07:26:35 | Computer Name = MeinPC | Source = Service Control Manager | ID = 7001
Description =
Error - 30.04.2013 07:26:36 | Computer Name = MeinPC | Source = Service Control Manager | ID = 7001
Description =
Error - 30.04.2013 07:26:38 | Computer Name = MeinPC | Source = Service Control Manager | ID = 7001
Description =
< End of report >
Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-04-30 17:41:09
Windows 6.0.6000 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 WDC_WD25 rev.01.0 232,89GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\Nadine\AppData\Local\Temp\pfrdypog.sys
---- System - GMER 2.1 ----
SSDT 88EA275C ZwClose
SSDT 88EA2766 ZwCreateSection
SSDT 88EA2757 ZwDuplicateObject
SSDT 88EA26F8 ZwOpenProcess
SSDT 88EA26FD ZwOpenThread
SSDT 88EA2770 ZwRequestWaitReplyPort
SSDT 88EA276B ZwSetContextThread
SSDT 88EA2775 ZwSetSecurityObject
SSDT 88EA277A ZwSystemDebugControl
SSDT 88EA2707 ZwTerminateProcess
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwCreateKey [0x82800FEC]
SSDT \SystemRoot\system32\ntkrnlpa.exe[unknown section] [82800FEC] ZwCreateKey [0x82800FEC]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwOpenKey [0x82800FF1]
SSDT \SystemRoot\system32\ntkrnlpa.exe[unknown section] [82800FF1] ZwOpenKey [0x82800FF1]
INT 0x03 \SystemRoot\system32\ntkrnlpa.exe[unknown section] 82800FFB
---- Kernel code sections - GMER 2.1 ----
.text ntkrnlpa.exe!ZwCallbackReturn + 4AD 828809B9 3 Bytes JMP A3FAD988
? System32\drivers\pxkmcr.sys Das System kann den angegebenen Pfad nicht finden. !
.text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x8C0B9360, 0x35BDD2, 0xE8000020]
.text C:\Windows\system32\drivers\aksfridge.sys section is writeable [0x9B1A5000, 0x49C57, 0xE0000020]
.init C:\Windows\system32\drivers\aksfridge.sys entry point in ".init" section [0x9B1FC224]
.init C:\Windows\system32\drivers\aksfridge.sys unknown last code section [0x9B1FC000, 0x4000, 0xE20000E0]
.text C:\Windows\system32\drivers\hardlock.sys section is writeable [0x9B114400, 0x6EED8, 0xE8000020]
.protectÿÿÿÿhardlockentry point in ".protectÿÿÿÿhardlockentry point in ".protectÿÿÿÿhardlockentry point in ".p" section [0x9B19F020] C:\Windows\system32\drivers\hardlock.sys entry point in ".protectÿÿÿÿhardlockentry point in ".protectÿÿÿÿhardlockentry point in ".p" section [0x9B19F020]
.protectÿÿÿÿhardlockunknown last code section [0x9B19EE00, 0x50BA, 0xE0000020] C:\Windows\system32\drivers\hardlock.sys unknown last code section [0x9B19EE00, 0x50BA, 0xE0000020]
---- Devices - GMER 2.1 ----
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys
---- Processes - GMER 2.1 ----
Process (*** hidden *** ) [4] 84455AB0
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001060d152bb
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001060d152bb (not active ControlSet)
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Media Center\Service\Scheduler@Heartbeat 0x90 0x08 0x94 0xD9 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{32DFCCAF-CDCB-B9EB-E809-967FEFB798B1}\Server
Reg HKLM\SOFTWARE\Classes\CLSID\{6756F499-59D5-5623-651F-331EF2AC1E01}\Server
Reg HKLM\SOFTWARE\Classes\CLSID\{6E5D5855-768C-98D6-7036-0F03FEFA6D94}\ProgID@ Aholdolo.Hochac.1????????????????????????????????
Reg HKLM\SOFTWARE\Classes\CLSID\{80B8CFCB-9C93-2457-1059-13CD273BE9DF}\Server
Reg HKLM\SOFTWARE\Classes\CLSID\{B6A930A0-A4F5-43A5-9B4E-6189A6C2B9E8}@f!s!d!d!\22!`!y!m!\24!t!t!\24!{!`!s!\30! 19583823
Reg HKLM\SOFTWARE\Classes\CLSID\{FDC6E85F-8348-AA8A-2D83-274CA2AF3ABB}\Server
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{658A89C6-BDAF-FAD7-777B-77A75BAE2492}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{658A89C6-BDAF-FAD7-777B-77A75BAE2492}@iaacicllifikmaobbc 0x6B 0x61 0x6F 0x69 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{658A89C6-BDAF-FAD7-777B-77A75BAE2492}@hakeofpfgeapngfj 0x6B 0x61 0x6F 0x69 ...
---- EOF - GMER 2.1 ----
|
Baum-Darstellung