![]() |
|
Log-Analyse und Auswertung: Firefox extrem langsamWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
![]() | #1 |
![]() ![]() | ![]() Firefox extrem langsam Hi, ![]() Gruß Käse [CODE]GMER 2.1.19163 - hxxp://www.gmer.net Rootkit scan 2013-11-30 02:07:59 Windows 5.1.2600 Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 Hitachi_HTS541612J9SA00 rev.SBDOC70P 111,79GB Running: gmer_2.1.19163.exe; Driver: C:\DOKUME~1\Mama\LOKALE~1\Temp\ffrirpob.sys ---- Kernel code sections - GMER 2.1 ---- .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xF674D3C0, 0x84E2FA, 0xE8000020] ---- User code sections - GMER 2.1 ---- .text C:\WINDOWS\system32\SearchIndexer.exe[1108] kernel32.dll!WriteFile 7C8112FF 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL .text C:\Programme\Mozilla Firefox\firefox.exe[2752] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 0162E210 C:\Programme\Mozilla Firefox\xul.dll .text C:\Programme\Mozilla Firefox\firefox.exe[2752] kernel32.dll!lstrlenW + 43 7C809AEC 7 Bytes JMP 01DF22CD C:\Programme\Mozilla Firefox\xul.dll .text C:\Programme\Mozilla Firefox\firefox.exe[2752] kernel32.dll!MapViewOfFileEx + 6A 7C80B9A0 7 Bytes JMP 01DF22AA C:\Programme\Mozilla Firefox\xul.dll .text C:\Programme\Mozilla Firefox\firefox.exe[2752] kernel32.dll!ValidateLocale + B1C8 7C8449C8 7 Bytes JMP 01632C10 C:\Programme\Mozilla Firefox\xul.dll .text C:\Programme\Mozilla Firefox\firefox.exe[2752] USER32.dll!GetWindowInfo 7E37C49C 5 Bytes JMP 01D0F425 C:\Programme\Mozilla Firefox\xul.dll .text C:\Programme\Mozilla Firefox\firefox.exe[2752] GDI32.dll!SetDIBitsToDevice + 20A 77EF9E14 7 Bytes JMP 01DF222B C:\Programme\Mozilla Firefox\xul.dll ---- Devices - GMER 2.1 ---- Device Fastfat.sys AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys Device mrxsmb.sys ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0018f3b86617 Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0018f3b86617 (not active ControlSet) ---- EOF - GMER 2.1 ---- [/COTL Extras logfile created on: 30.11.2013 15:51:53 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = D:\Downloads Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1023,29 Mb Total Physical Memory | 197,56 Mb Available Physical Memory | 19,31% Memory free 2,40 Gb Paging File | 1,64 Gb Available in Paging File | 68,25% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 66,02 Gb Total Space | 38,56 Gb Free Space | 58,41% Space Free | Partition Type: FAT32 Drive D: | 43,88 Gb Total Space | 26,11 Gb Free Space | 59,50% Space Free | Partition Type: FAT32 Computer Name: BILLYRUBIN | User Name: Mama | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* htmlfile [edit] -- Reg Error: Key error. piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- Reg Error: Value error. Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 1 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation) "C:\Programme\Skype\Phone\Skype.exe" = C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.) "C:\Programme\Spybot - Search & Destroy 2\SDTray.exe" = C:\Programme\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.) "C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.) "C:\Programme\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Programme\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.) "C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0067D0DA-6EE3-48A0-BBAF-0DB18C916EDF}" = Brother HL-2030 "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = LG CyberLink YouCam "{03F1CC67-5BD8-4C36-8394-76311B2AE69A}" = ArcSoft PhotoStudio 5 "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}" = OpenOffice 4.0.1 "{0CD47142-BA4F-46B0-AA92-2675864928B8}" = Microsoft Security Client "{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView "{139B0FFA-187E-4BA1-BCA6-6B56B2B6AB8C}" = ATK Media "{17E2F183-BAC4-4D01-BD7A-59F781E17EFA}" = REALTEK PCIE NIC Driver "{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = LifeFrame2 "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = LG Power Tools "{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe "{26A24AE4-039D-4CA4-87B4-2F83216045FF}" = Java(TM) 6 Update 45 "{26A24AE4-039D-4CA4-87B4-2F83217040FF}" = Java 7 Update 45 "{2A8CF485-5A4D-4C7D-8ACF-4AB98914D529}" = Infineon TPM Professional Package "{3193DDB1-8F15-43DA-85D5-4796BF645914}" = Steuer-Software 2013 "{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = LG CyberLink Power2Go "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.7 "{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 "{6249C22D-E6A8-407B-BA8B-40298848ED94}" = OmniPage SE "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{83F73CB1-7705-49D1-9852-84D839CA2A45}" = Wireless Console 2 "{84481A87-2316-4923-8FAB-3BA8CA29323D}" = WinPatrol "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr "{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp "{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz "{90CC4231-94AC-45CD-991A-0253BFAC0650}" = mDrWiFi "{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195 "{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{99E66BC9-E4B6-485F-ABFC-31EFCE36DFDF}" = Microsoft Keyboard Layout Creator 1.4 "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML "{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser "{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.04) - Deutsch "{ADD5DB49-72CF-11D8-9D75-000129760D75}" = LG CyberLink PowerBackup "{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}" = AAVUpdateManager "{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy "{BCE46757-7674-4416-BEDB-68205A60409E}" = Canon CanoScan Toolbox 4.1 "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU "{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LG CyberLink LabelPrint "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D3E2B714-EE85-44A7-80E9-BF0FF21E7F02}" = Kobold VR-Updater "{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update "{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore "{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F19178B7-F232-4E97-8511-E4D37A339E9C}" = Steuer-Software 2012 "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe "7-Zip" = 7-Zip 9.20 "CAL" = Canon Camera Access Library "CameraWindowDC8" = Canon Utilities CameraWindow DC 8 "CameraWindowLauncher" = Canon Utilities CameraWindow Launcher "CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX "Canon MOV Decoder" = Canon MOV Decoder "Canon MOV Encoder" = Canon MOV Encoder "CCleaner" = CCleaner "DivX Setup" = DivX-Setup "ie8" = Windows Internet Explorer 8 "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = LG CyberLink YouCam "InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = LG Power Tools "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = LG CyberLink Power2Go "InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LG CyberLink LabelPrint "IrfanView" = IrfanView (remove only) "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300 "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Microsoft Security Client" = Microsoft Security Essentials "Microsoft.Net.Client.3.5" = Microsoft .NET Framework Client Profile "Microsoft.Net.Client.3.5.LangPack.deu" = Microsoft .NET Framework Client Profile Language Pack - DEU "MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX "Mozilla Firefox 25.0.1 (x86 de)" = Mozilla Firefox 25.0.1 (x86 de) "Mozilla Thunderbird 24.1.1 (x86 de)" = Mozilla Thunderbird 24.1.1 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "MyCamera" = Canon Utilities MyCamera "MyCamera Download Plugin" = CANON iMAGE GATEWAY MyCamera Download Plugin "NVIDIA Drivers" = NVIDIA Drivers "OpenSource Flash Video Splitter" = OpenSource Flash Video Splitter 1.0.0.5 "PDF4Free_is1" = PDF4Free 3.0 "PhotoStitch" = Canon Utilities PhotoStitch "Picasa 3" = Picasa 3 "ProInst" = Intel(R) PROSet/Wireless Software "SMSERIAL" = Motorola SM56 Speakerphone Modem "SynTPDeinstKey" = Synaptics Pointing Device Driver "USB2.0 1.3M WebCam" = USB2.0 1.3M WebCam "VLC media player" = VLC media player 2.1.0 "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "ZoomBrowser EX" = Canon Utilities ZoomBrowser EX "ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{4f943a49-36ba-46e8-a873-4da859ce4a92}" = snapdo "Audio Converter Packages" = Audio Converter Packages "DigitalSite" = Update for Audio Converter ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 29.11.2013 18:17:16 | Computer Name = BILLYRUBIN | Source = MSDTC Client | ID = 4427 Description = Fehler beim Initialisieren der benötigten Namensobjekte. Fehler: d:\comxp_sp3\com\com1x\dtc\dtc\msdtcprx\src\dtcinit.cpp:215, Pid: 1484 No Callstack, CmdLine: C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC7923 Error - 29.11.2013 18:17:16 | Computer Name = BILLYRUBIN | Source = COM+ | ID = 135763 Description = Transaktionen, die zur Unterstützung von Transaktionskomponenten erforderlich sind, konnten von der Laufzeitumgebung nicht initialisiert werden. Stellen Sie sicher, dass MS DTC ausgeführt wird.(DtcGetTransactionManagerEx(): hr = 0x8004d02 Error - 29.11.2013 18:17:16 | Computer Name = BILLYRUBIN | Source = MSDTC Client | ID = 4427 Description = Fehler beim Initialisieren der benötigten Namensobjekte. Fehler: d:\comxp_sp3\com\com1x\dtc\dtc\msdtcprx\src\dtcinit.cpp:215, Pid: 1484 No Callstack, CmdLine: C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC7923 Error - 29.11.2013 18:20:02 | Computer Name = BILLYRUBIN | Source = MPSampleSubmission | ID = 5000 Description = EventType mptelemetry, P1 unspecified, P2 hardeningtelemetry, P3 hardeningtelemetrydisablertp, P4 4.4.304.0, P5 unspecified, P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10 NIL. Error - 29.11.2013 18:26:14 | Computer Name = BILLYRUBIN | Source = IFXWlxEN | ID = 2687344 Description = Failed to create instance of IWlxEvent interface. Error - 29.11.2013 18:26:41 | Computer Name = BILLYRUBIN | Source = SecurityCenter | ID = 1802 Description = Das Windows-Sicherheitscenter konnte keine Ereignisabfragen mit der WMI herstellen, um Antivirus- und Firewallprogramme von Drittanbietern zu überwachen. Error - 29.11.2013 18:27:02 | Computer Name = BILLYRUBIN | Source = MPSampleSubmission | ID = 5000 Description = EventType mptelemetry, P1 unspecified, P2 hardeningtelemetry, P3 hardeningtelemetrydisablertp, P4 4.4.304.0, P5 unspecified, P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10 NIL. Error - 29.11.2013 20:56:00 | Computer Name = BILLYRUBIN | Source = MPSampleSubmission | ID = 5000 Description = EventType mptelemetry, P1 unspecified, P2 hardeningtelemetry, P3 hardeningtelemetrydisablertp, P4 4.4.304.0, P5 unspecified, P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10 NIL. Error - 30.11.2013 10:27:00 | Computer Name = BILLYRUBIN | Source = IFXWlxEN | ID = 2687344 Description = Failed to create instance of IWlxEvent interface. Error - 30.11.2013 10:27:25 | Computer Name = BILLYRUBIN | Source = SecurityCenter | ID = 1802 Description = Das Windows-Sicherheitscenter konnte keine Ereignisabfragen mit der WMI herstellen, um Antivirus- und Firewallprogramme von Drittanbietern zu überwachen. [ System Events ] Error - 28.11.2013 11:08:43 | Computer Name = BILLYRUBIN | Source = DCOM | ID = 10005 Description = Bei DCOM ist der Fehler "%1058" aufgetreten, als der Dienst "IFXSpMgtSrv" mit den Argumenten "-Service" gestartet wurde, um den folgenden Server zu verwenden: {FBCD9C6A-72CB-47BB-99DD-2317551491DE} Error - 28.11.2013 19:28:19 | Computer Name = BILLYRUBIN | Source = DCOM | ID = 10005 Description = Bei DCOM ist der Fehler "%1058" aufgetreten, als der Dienst "IFXSpMgtSrv" mit den Argumenten "-Service" gestartet wurde, um den folgenden Server zu verwenden: {FBCD9C66-72CB-47BB-99DD-2317551491DE} Error - 28.11.2013 21:40:00 | Computer Name = BILLYRUBIN | Source = DCOM | ID = 10005 Description = Bei DCOM ist der Fehler "%1058" aufgetreten, als der Dienst "IFXSpMgtSrv" mit den Argumenten "-Service" gestartet wurde, um den folgenden Server zu verwenden: {FBCD9C6A-72CB-47BB-99DD-2317551491DE} Error - 28.11.2013 21:41:23 | Computer Name = BILLYRUBIN | Source = DCOM | ID = 10005 Description = Bei DCOM ist der Fehler "%1058" aufgetreten, als der Dienst "IFXSpMgtSrv" mit den Argumenten "-Service" gestartet wurde, um den folgenden Server zu verwenden: {FBCD9C66-72CB-47BB-99DD-2317551491DE} Error - 29.11.2013 17:10:03 | Computer Name = BILLYRUBIN | Source = DCOM | ID = 10005 Description = Bei DCOM ist der Fehler "%1058" aufgetreten, als der Dienst "IFXSpMgtSrv" mit den Argumenten "-Service" gestartet wurde, um den folgenden Server zu verwenden: {FBCD9C6A-72CB-47BB-99DD-2317551491DE} Error - 29.11.2013 17:11:28 | Computer Name = BILLYRUBIN | Source = DCOM | ID = 10005 Description = Bei DCOM ist der Fehler "%1058" aufgetreten, als der Dienst "IFXSpMgtSrv" mit den Argumenten "-Service" gestartet wurde, um den folgenden Server zu verwenden: {FBCD9C66-72CB-47BB-99DD-2317551491DE} Error - 29.11.2013 18:24:53 | Computer Name = BILLYRUBIN | Source = DCOM | ID = 10005 Description = Bei DCOM ist der Fehler "%1058" aufgetreten, als der Dienst "IFXSpMgtSrv" mit den Argumenten "-Service" gestartet wurde, um den folgenden Server zu verwenden: {FBCD9C6A-72CB-47BB-99DD-2317551491DE} Error - 29.11.2013 18:26:14 | Computer Name = BILLYRUBIN | Source = DCOM | ID = 10005 Description = Bei DCOM ist der Fehler "%1058" aufgetreten, als der Dienst "IFXSpMgtSrv" mit den Argumenten "-Service" gestartet wurde, um den folgenden Server zu verwenden: {FBCD9C66-72CB-47BB-99DD-2317551491DE} Error - 29.11.2013 22:14:32 | Computer Name = BILLYRUBIN | Source = DCOM | ID = 10005 Description = Bei DCOM ist der Fehler "%1058" aufgetreten, als der Dienst "IFXSpMgtSrv" mit den Argumenten "-Service" gestartet wurde, um den folgenden Server zu verwenden: {FBCD9C6A-72CB-47BB-99DD-2317551491DE} Error - 30.11.2013 10:27:00 | Computer Name = BILLYRUBIN | Source = DCOM | ID = 10005 Description = Bei DCOM ist der Fehler "%1058" aufgetreten, als der Dienst "IFXSpMgtSrv" mit den Argumenten "-Service" gestartet wurde, um den folgenden Server zu verwenden: {FBCD9C66-72CB-47BB-99DD-2317551491DE} < End of report > [CODE]OTL logfile created on: 30.11.2013 15:51:53 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = D:\Downloads Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1023,29 Mb Total Physical Memory | 197,56 Mb Available Physical Memory | 19,31% Memory free 2,40 Gb Paging File | 1,64 Gb Available in Paging File | 68,25% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 66,02 Gb Total Space | 38,56 Gb Free Space | 58,41% Space Free | Partition Type: FAT32 Drive D: | 43,88 Gb Total Space | 26,11 Gb Free Space | 59,50% Space Free | Partition Type: FAT32 Computer Name: BILLYRUBIN | User Name: Mama | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - D:\Downloads\OTL.exe (OldTimer Tools) PRC - D:\Downloads\Defogger.exe () PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft Security Client\msseces.exe (Microsoft Corporation) PRC - C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.) PRC - C:\Programme\Java\jre7\bin\jqs.exe (Oracle Corporation) PRC - C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\Programme\Canon\CAL\CALMAIN.exe (Canon Inc.) PRC - C:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe () PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - c:\Programme\Infineon\Security Platform Software\PSDsrvc.EXE (Infineon Technologies AG) ========== Modules (No Company Name) ========== MOD - D:\Downloads\Defogger.exe () MOD - C:\Programme\Mozilla Firefox\mozjs.dll () MOD - C:\Programme\Spybot - Search & Destroy 2\snlFileFormats150.bpl () MOD - C:\Programme\Spybot - Search & Destroy 2\snlThirdParty150.bpl () MOD - C:\Programme\Spybot - Search & Destroy 2\DEC150.bpl () MOD - C:\Programme\Spybot - Search & Destroy 2\sqlite3.dll () MOD - C:\Programme\Spybot - Search & Destroy 2\av\BDSmartDB.dll () MOD - \\?\C:\Programme\Spybot - Search & Destroy 2\av\avxdisk.dll () MOD - C:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe () ========== Services (SafeList) ========== SRV - (SDWSCService) -- C:\Programme\Spybot File not found SRV - (SDUpdateService) -- C:\Programme\Spybot File not found SRV - (SDScannerService) -- C:\Programme\Spybot File not found SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (MsMpSvc) -- C:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) SRV - (JavaQuickStarterService) -- C:\Programme\Java\jre7\bin\jqs.exe (Oracle Corporation) SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies) SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (CCALib8) -- C:\Programme\Canon\CAL\CALMAIN.exe (Canon Inc.) SRV - (AAV UpdateService) -- C:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe () SRV - (PersonalSecureDriveService) -- c:\Programme\Infineon\Security Platform Software\PSDsrvc.EXE (Infineon Technologies AG) SRV - (IDriverT) -- c:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation) ========== Driver Services (SafeList) ========== DRV - (WDICA) -- File not found DRV - (WDC_SAM) -- system32\DRIVERS\wdcsam.sys File not found DRV - (SYMIDSCO) -- C:\PROGRA~1\GEMEIN~1\SYMANT~1\SymcData\idsdefs\20050901.036\symidsco.sys File not found DRV - (StarOpen) -- File not found DRV - (PDRFRAME) -- File not found DRV - (PDRELI) -- File not found DRV - (PDFRAME) -- File not found DRV - (PDCOMP) -- File not found DRV - (PCIDump) -- File not found DRV - (lbrtfdc) -- File not found DRV - (i2omgmt) -- File not found DRV - (Changer) -- File not found DRV - (IntcAzAudAddService) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.) DRV - (Monfilt) -- C:\WINDOWS\system32\drivers\Monfilt.sys (Creative Technology Ltd.) DRV - (Ambfilt) -- C:\WINDOWS\system32\drivers\Ambfilt.sys (Creative) DRV - (DrvAgent32) -- C:\WINDOWS\system32\drivers\DrvAgent32.sys (Phoenix Technologies) DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation ) DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation ) DRV - (Btcsrusb) -- C:\WINDOWS\system32\drivers\btcusb.sys (IVT Corporation.) DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (amdkmafd) -- C:\WINDOWS\system32\drivers\amdkmafd.sys (Advanced Micro Devices, Inc.) DRV - (w39n51) -- C:\WINDOWS\system32\drivers\bzeek.sys (BzeekLand LTD.) DRV - (MxEFUF) -- C:\WINDOWS\system32\drivers\MxEFUF32.sys (Matrox Graphics Inc.) DRV - (NETwLx32) -- C:\WINDOWS\system32\drivers\NETwLx32.sys (Intel Corporation) DRV - (smserial) -- C:\WINDOWS\system32\drivers\smserial.sys (Motorola Inc.) DRV - (rimsptsk) -- C:\WINDOWS\system32\drivers\rimsptsk.sys (REDC) DRV - (rimmptsk) -- C:\WINDOWS\system32\drivers\rimmptsk.sys (REDC) DRV - (MTsensor) -- C:\WINDOWS\system32\drivers\ATKACPI.sys () DRV - (s125mgmt) -- C:\WINDOWS\system32\drivers\s125mgmt.sys (MCCI Corporation) DRV - (s125obex) -- C:\WINDOWS\system32\drivers\s125obex.sys (MCCI Corporation) DRV - (s125mdm) -- C:\WINDOWS\system32\drivers\s125mdm.sys (MCCI Corporation) DRV - (s125mdfl) -- C:\WINDOWS\system32\drivers\s125mdfl.sys (MCCI Corporation) DRV - (s125bus) -- C:\WINDOWS\system32\drivers\s125bus.sys (MCCI Corporation) DRV - (SynMini) -- C:\WINDOWS\system32\drivers\SynMini.sys () DRV - (SynScan) -- C:\WINDOWS\system32\drivers\SynScan.sys () DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation) DRV - (PersonalSecureDrive) -- C:\WINDOWS\system32\drivers\psd.sys (Infineon Technologies AG) DRV - (IFXTPM) -- C:\WINDOWS\system32\drivers\ifxtpm.sys (Infineon Technologies AG) DRV - (STAC97) -- C:\WINDOWS\system32\drivers\STAC97.sys (SigmaTel, Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = https://www.google.de/ [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 3C B3 17 06 FD 6B CE 01 [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com IE - HKCU\..\SearchScopes,DefaultScope = IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "about:home" FF - prefs.js..extensions.enabledAddons: %7BDDC359D1-844A-42a7-9AA1-88A850A938A8%7D:2.0.16 FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20131118 FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.8.6 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:25.0.1 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Programme\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Programme\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Programme\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: File not found FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.0: C:\Programme\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.1.1\extensions\\Components: C:\Programme\Mozilla Thunderbird\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.1.1\extensions\\Plugins: C:\Programme\Mozilla Thunderbird\plugins [2013.11.22 19:40:22 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Mama\Anwendungsdaten\Mozilla\Extensions [2013.11.22 19:45:30 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Mama\Anwendungsdaten\Mozilla\Firefox\Profiles\tehivg94.default\extensions [2013.11.27 23:16:32 | 000,000,000 | ---D | M] (WOT) -- C:\Dokumente und Einstellungen\Mama\Anwendungsdaten\Mozilla\Firefox\Profiles\tehivg94.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2013.11.22 19:45:30 | 000,915,554 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Mama\Anwendungsdaten\Mozilla\Firefox\Profiles\tehivg94.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013.11.22 19:48:26 | 000,714,654 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Mama\Anwendungsdaten\Mozilla\Firefox\Profiles\tehivg94.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2013.11.28 00:19:32 | 000,534,885 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Mama\Anwendungsdaten\Mozilla\Firefox\Profiles\tehivg94.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013.11.28 00:13:08 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\browser\extensions [2013.11.28 00:13:08 | 000,000,000 | ---D | M] (Default) -- C:\Programme\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} O1 HOSTS File: ([2013.11.29 02:28:02 | 000,510,934 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 mediaplayer.browserupdater.org O1 - Hosts: 127.0.0.1 www.judgeporn.com O1 - Hosts: 127.0.0.1 www.realgfporn.com O1 - Hosts: 127.0.0.1 www.x3xtube.com O1 - Hosts: 127.0.0.1 08sr.combineads.info O1 - Hosts: 127.0.0.1 08srvr.combineads.info O1 - Hosts: 127.0.0.1 12srvr.combineads.info O1 - Hosts: 127.0.0.1 2010-fr.com O1 - Hosts: 127.0.0.1 2012-new.biz O1 - Hosts: 127.0.0.1 212link.com O1 - Hosts: 127.0.0.1 2319825.ourtoolbar.com O1 - Hosts: 127.0.0.1 24h00business.com O1 - Hosts: 127.0.0.1 a.daasafterdusk.com O1 - Hosts: 127.0.0.1 ad.adn360.com O1 - Hosts: 127.0.0.1 adeartss.eu O1 - Hosts: 127.0.0.1 adesoeasy.eu O1 - Hosts: 127.0.0.1 adf.girldatesforfree.net O1 - Hosts: 127.0.0.1 adm.soft365.com O1 - Hosts: 127.0.0.1 adomicileavail.googlepages.com O1 - Hosts: 127.0.0.1 ads7.complexadveising.com O1 - Hosts: 127.0.0.1 ads.aff.co O1 - Hosts: 127.0.0.1 ads.alpha00001.com O1 - Hosts: 127.0.0.1 ads.cloud4ads.com O1 - Hosts: 127.0.0.1 ads.eorezo.com O1 - Hosts: 127.0.0.1 ads.hooqy.com O1 - Hosts: 17406 more lines... O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found. O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [MSC] c:\Programme\Microsoft Security Client\msseces.exe (Microsoft Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_45-windows-i586.cab (Java Plug-in 10.45.2) O16 - DPF: {CAFEEFAC-0016-0000-0045-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_45-windows-i586.cab (Java Plug-in 1.6.0_45) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_45-windows-i586.cab (Java Plug-in 10.45.2) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 83.169.184.161 83.169.184.225 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{41CED0F9-0A35-44E1-AC1D-A2175492F8E6}: DhcpNameServer = 83.169.184.161 83.169.184.225 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\IfxWlxEN: DllName - (IfxWlxEN.dll) - C:\WINDOWS\System32\IfxWlxEN.dll (Infineon Technologies AG) O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: O24 - Desktop BackupWallPaper: O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Programme\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010.09.03 17:30:50 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ] O33 - MountPoints2\{2f7b4940-cb95-11e1-a442-0018de8e6662}\Shell - "" = AutoRun O33 - MountPoints2\{2f7b4940-cb95-11e1-a442-0018de8e6662}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{2f7b4940-cb95-11e1-a442-0018de8e6662}\Shell\AutoRun\command - "" = F:\start.exe O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (sdnclean.exe) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013.11.30 02:55:56 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Mama\Recent [2013.11.30 02:54:44 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\McAfee [2013.11.30 02:50:42 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Adobe [2013.11.30 02:50:42 | 000,000,000 | ---D | C] -- C:\Programme\Adobe [2013.11.29 21:53:57 | 000,000,000 | ---D | C] -- C:\FRST [2013.11.24 22:31:52 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Spybot - Search & Destroy 2 [2013.11.24 22:31:33 | 000,018,968 | ---- | C] (Safer Networking Limited) -- C:\WINDOWS\System32\sdnclean.exe [2013.11.24 22:31:05 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy [2013.11.24 22:30:30 | 000,000,000 | ---D | C] -- C:\Programme\Spybot - Search & Destroy 2 [2013.11.24 19:22:11 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Keyboard Layout Creator 1.4 [2013.11.24 00:24:02 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Mama\Anwendungsdaten\WinPatrol [2013.11.24 00:23:52 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\WinPatrol [2013.11.24 00:23:47 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\InstallMate [2013.11.24 00:23:47 | 000,000,000 | ---D | C] -- C:\Programme\BillP Studios [2013.11.22 23:50:56 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Thunderbird [2013.11.22 19:39:51 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Maintenance Service [2013.11.22 19:39:51 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Mozilla [2013.11.22 19:39:14 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Firefox [2013.11.22 02:34:40 | 000,042,577 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bckgzm.exe [2013.11.22 02:34:39 | 001,817,687 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bckgres.dll [2013.11.22 02:34:39 | 000,753,236 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rvseres.dll [2013.11.22 02:34:39 | 000,082,501 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bckg.dll [2013.11.22 02:34:39 | 000,048,706 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rvse.dll [2013.11.22 02:34:39 | 000,042,575 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chkrzm.exe [2013.11.22 02:34:39 | 000,042,574 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rvsezm.exe [2013.11.22 02:34:38 | 002,178,131 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shvlres.dll [2013.11.22 02:34:38 | 001,175,635 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hrtzres.dll [2013.11.22 02:34:38 | 000,781,397 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chkrres.dll [2013.11.22 02:34:38 | 000,066,113 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shvl.dll [2013.11.22 02:34:38 | 000,057,409 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hrtz.dll [2013.11.22 02:34:38 | 000,042,573 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shvlzm.exe [2013.11.22 02:34:38 | 000,042,573 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hrtzzm.exe [2013.11.22 02:34:38 | 000,040,515 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chkr.dll [2013.11.22 02:34:37 | 001,042,515 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cmnresm.dll [2013.11.22 02:34:37 | 000,217,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cmnclim.dll [2013.11.22 02:34:37 | 000,113,222 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zoneclim.dll [2013.11.22 02:34:37 | 000,041,029 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zcorem.dll [2013.11.22 02:34:37 | 000,032,339 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\uniansi.dll [2013.11.22 02:34:37 | 000,029,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\znetm.dll [2013.11.22 02:34:37 | 000,013,894 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zonelibm.dll [2013.11.22 02:34:37 | 000,004,677 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zeeverm.dll [2013.11.22 02:34:36 | 000,036,937 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zclientm.exe [2013.11.22 02:34:36 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\write.exe [2013.11.22 02:34:36 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\write.exe [2013.11.22 02:34:23 | 000,139,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sndvol32.exe [2013.11.22 02:34:23 | 000,139,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sndvol32.exe [2013.11.22 02:34:22 | 000,232,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avtapi.dll [2013.11.22 02:34:22 | 000,232,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\avtapi.dll [2013.11.22 02:34:22 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avwav.dll [2013.11.22 02:34:22 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\avwav.dll [2013.11.22 02:34:22 | 000,044,544 | ---- | C] (Hilgraeve, Inc.) -- C:\WINDOWS\System32\hticons.dll [2013.11.22 02:34:22 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avmeter.dll [2013.11.22 02:34:22 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\avmeter.dll [2013.11.22 02:34:22 | 000,013,312 | ---- | C] (Hilgraeve, Inc.) -- C:\WINDOWS\System32\dllcache\htrn_jis.dll [2013.11.22 02:34:21 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\winchat.exe [2013.11.22 02:34:21 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winchat.exe [2013.11.22 02:34:14 | 000,683,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\getuname.dll [2013.11.22 02:34:14 | 000,683,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\getuname.dll [2013.11.22 02:34:13 | 000,114,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\calc.exe [2013.11.22 02:34:13 | 000,114,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\calc.exe [2013.11.22 02:34:13 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\charmap.exe [2013.11.22 02:34:13 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\charmap.exe [2013.11.22 02:34:12 | 000,120,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\winmine.exe [2013.11.22 02:34:12 | 000,120,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winmine.exe [2013.11.22 02:34:12 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sol.exe [2013.11.22 02:34:12 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sol.exe [2013.11.22 02:34:11 | 000,128,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mshearts.exe [2013.11.22 02:34:11 | 000,128,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshearts.exe [2013.11.22 02:34:11 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\freecell.exe [2013.11.22 02:34:11 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\freecell.exe [2013.11.21 15:43:59 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Mama\Anwendungsdaten\Mozilla [2013.11.21 02:52:12 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Mama\Lokale Einstellungen\Anwendungsdaten\Secunia PSI [2013.11.19 23:41:15 | 000,000,000 | ---D | C] -- C:\Programme\msn gaming zone [2013.11.19 18:10:01 | 021,896,408 | ---- | C] (Microsoft Corporation) -- C:\Programme\Windows-KB890830-V5.6.exe [2013.11.19 00:30:25 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes' Anti-Malware (portable) [2013.11.19 00:18:03 | 000,047,064 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamchameleon.sys [2013.11.17 23:56:39 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Mama\Lokale Einstellungen\Anwendungsdaten\Google [2013.11.17 23:51:57 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware [2013.11.17 23:51:44 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2013.11.17 23:51:43 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2013.11.17 01:34:47 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\CCleaner [2013.11.17 01:34:38 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner [2013.11.16 02:05:03 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Mama\Lokale Einstellungen\Anwendungsdaten\Sun [2013.11.16 01:46:57 | 000,000,000 | ---D | C] -- C:\Programme\Uninstaller [2013.11.12 22:39:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT [2013.11.09 12:55:46 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Mama\Lokale Einstellungen\Anwendungsdaten\Thunderbird [2013.11.08 23:20:57 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Mama\Lokale Einstellungen\Anwendungsdaten\Identities [2013.11.08 22:57:47 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Mama\Lokale Einstellungen\Anwendungsdaten\Temp [2013.11.08 22:57:47 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Mama\Lokale Einstellungen\Anwendungsdaten\Adobe [2013.11.08 22:41:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Mama\Lokale Einstellungen\Anwendungsdaten\Mozilla [5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.11.30 15:46:12 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\Mama\defogger_reenable [2013.11.30 15:36:54 | 000,000,358 | -H-- | M] () -- C:\WINDOWS\tasks\MpIdleTask.job [2013.11.30 15:27:18 | 000,000,636 | ---- | M] () -- C:\WINDOWS\tasks\Check for updates (Spybot - Search & Destroy).job [2013.11.30 15:26:52 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2013.11.30 03:14:42 | 000,000,012 | ---- | M] () -- C:\WINDOWS\bthservsdp.dat [2013.11.30 02:52:04 | 000,001,618 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Adobe Reader XI.lnk [2013.11.29 23:15:48 | 000,001,919 | ---- | M] () -- C:\WINDOWS\epplauncher.mif [2013.11.28 01:32:28 | 000,000,558 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\CCleaner.lnk [2013.11.27 23:12:42 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2013.11.27 00:31:22 | 000,000,608 | ---- | M] () -- C:\WINDOWS\tasks\Refresh immunization (Spybot - Search & Destroy).job [2013.11.26 23:54:42 | 000,013,915 | ---- | M] () -- C:\Dokumente und Einstellungen\Mama\Desktop\rede.odt [2013.11.25 23:16:46 | 000,029,133 | ---- | M] () -- C:\Dokumente und Einstellungen\Mama\Desktop\floskeln.odt [2013.11.24 22:32:18 | 000,000,438 | ---- | M] () -- C:\WINDOWS\tasks\Scan the system (Spybot - Search & Destroy).job [2013.11.22 22:02:18 | 000,148,400 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2013.11.22 02:34:52 | 000,520,176 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2013.11.22 02:34:52 | 000,475,100 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2013.11.22 02:34:52 | 000,102,720 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2013.11.22 02:34:52 | 000,077,314 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2013.11.21 01:23:36 | 000,047,064 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamchameleon.sys [2013.11.19 18:10:18 | 021,896,408 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows-KB890830-V5.6.exe [2013.11.19 11:21:30 | 000,230,048 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe [2013.11.08 23:02:00 | 000,002,670 | ---- | M] () -- D:\cc_20131108_230139.reg [2013.11.08 23:01:06 | 000,519,678 | ---- | M] () -- C:\WINDOWS\System32\prfh0407.dat [2013.11.08 23:01:06 | 000,102,426 | ---- | M] () -- C:\WINDOWS\System32\prfc0407.dat [2013.11.08 22:12:54 | 083,705,178 | ---- | M] () -- D:\backup.reg [2013.11.05 00:21:12 | 000,027,426 | ---- | M] () -- D:\ausgeschnitten.odt [2013.11.04 00:22:46 | 000,012,140 | ---- | M] () -- D:\Raum.odt [5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.11.30 15:46:11 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Mama\defogger_reenable [2013.11.30 02:52:03 | 000,001,804 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Adobe Reader XI.lnk [2013.11.30 02:52:03 | 000,001,618 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Adobe Reader XI.lnk [2013.11.25 23:16:42 | 000,029,133 | ---- | C] () -- C:\Dokumente und Einstellungen\Mama\Desktop\floskeln.odt [2013.11.24 22:32:17 | 000,000,438 | ---- | C] () -- C:\WINDOWS\tasks\Scan the system (Spybot - Search & Destroy).job [2013.11.24 22:32:16 | 000,000,636 | ---- | C] () -- C:\WINDOWS\tasks\Check for updates (Spybot - Search & Destroy).job [2013.11.24 22:32:16 | 000,000,608 | ---- | C] () -- C:\WINDOWS\tasks\Refresh immunization (Spybot - Search & Destroy).job [2013.11.24 22:31:54 | 000,001,710 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Spybot-S&D Start Center.lnk [2013.11.24 00:56:36 | 000,013,915 | ---- | C] () -- C:\Dokumente und Einstellungen\Mama\Desktop\rede.odt [2013.11.22 22:12:25 | 000,000,358 | -H-- | C] () -- C:\WINDOWS\tasks\MpIdleTask.job [2013.11.22 19:39:52 | 000,000,606 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Mozilla Firefox.lnk [2013.11.22 02:34:15 | 000,065,978 | ---- | C] () -- C:\WINDOWS\Seifenblase.bmp [2013.11.22 02:34:15 | 000,065,954 | ---- | C] () -- C:\WINDOWS\Präriewind.bmp [2013.11.22 02:34:15 | 000,065,832 | ---- | C] () -- C:\WINDOWS\Santa Fe-Stuck.bmp [2013.11.22 02:34:15 | 000,026,680 | ---- | C] () -- C:\WINDOWS\Fächer.bmp [2013.11.22 02:34:15 | 000,026,582 | ---- | C] () -- C:\WINDOWS\Granit.bmp [2013.11.22 02:34:15 | 000,017,362 | ---- | C] () -- C:\WINDOWS\Rhododendron.bmp [2013.11.22 02:34:15 | 000,017,336 | ---- | C] () -- C:\WINDOWS\Angler.bmp [2013.11.22 02:34:15 | 000,017,062 | ---- | C] () -- C:\WINDOWS\Kaffeetasse.bmp [2013.11.22 02:34:15 | 000,016,730 | ---- | C] () -- C:\WINDOWS\Feder.bmp [2013.11.22 02:34:15 | 000,009,522 | ---- | C] () -- C:\WINDOWS\Zapotek.bmp [2013.11.22 02:34:15 | 000,001,272 | ---- | C] () -- C:\WINDOWS\Blaue Spitzen 16.bmp [2013.11.17 01:34:47 | 000,000,558 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\CCleaner.lnk [2013.11.08 23:01:55 | 000,002,670 | ---- | C] () -- D:\cc_20131108_230139.reg [2013.11.08 22:56:52 | 000,519,678 | ---- | C] () -- C:\WINDOWS\System32\prfh0407.dat [2013.11.08 22:56:51 | 000,102,426 | ---- | C] () -- C:\WINDOWS\System32\prfc0407.dat [2013.11.08 22:11:55 | 083,705,178 | ---- | C] () -- D:\backup.reg [2013.11.05 00:21:10 | 000,027,426 | ---- | C] () -- D:\ausgeschnitten.odt [2013.11.04 00:22:44 | 000,012,140 | ---- | C] () -- D:\Raum.odt [2013.11.02 02:17:23 | 000,148,400 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2013.10.20 00:08:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin [2013.10.14 00:10:48 | 000,025,816 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTAIODAT.DAT [2013.10.06 23:34:05 | 000,000,006 | ---- | C] () -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\WBPU-TTL.DAT [2013.10.06 23:34:04 | 000,000,096 | ---- | C] () -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\WB.CFG [2013.10.06 00:10:09 | 002,816,504 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data [2013.07.09 00:54:15 | 000,002,494 | ---- | C] () -- C:\WINDOWS\System32\ASOROSet.bin [2013.03.13 01:23:15 | 000,000,064 | ---- | C] () -- C:\WINDOWS\GPlrLanc.dat [2012.11.06 00:55:58 | 000,017,136 | ---- | C] () -- C:\WINDOWS\System32\sasnative32.exe [2012.10.03 23:45:56 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\drivers\jmejcbwv.dat [2012.09.21 00:59:56 | 000,000,012 | ---- | C] () -- C:\WINDOWS\bthservsdp.dat [2012.08.08 16:12:54 | 000,000,313 | ---- | C] () -- C:\WINDOWS\BRDIAG.INI [2012.08.08 16:12:54 | 000,000,141 | ---- | C] () -- C:\WINDOWS\BRVIDEO.INI [2012.08.08 16:12:54 | 000,000,023 | ---- | C] () -- C:\WINDOWS\Brownie.ini [2012.08.08 16:12:45 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\BROSNMP.DLL [2012.08.08 16:12:45 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\BRGSRC32.DLL [2012.08.08 16:12:45 | 000,004,608 | ---- | C] () -- C:\WINDOWS\System32\BRGSRC16.DLL [2012.08.08 16:12:44 | 000,008,975 | ---- | C] () -- C:\WINDOWS\HL-2030.INI [2012.08.08 13:25:06 | 000,000,012 | ---- | C] () -- C:\Dokumente und Einstellungen\Mama\lpd2 [2012.07.31 11:55:45 | 000,000,075 | ---- | C] () -- C:\Dokumente und Einstellungen\Mama\verkleinerer.set [2012.07.11 22:22:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\lgfwup.ini [2012.02.16 16:18:30 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2012.01.06 23:44:06 | 000,000,136 | ---- | C] () -- C:\Dokumente und Einstellungen\Mama\ltp2 [2011.09.02 00:13:49 | 000,000,018 | ---- | C] () -- C:\Dokumente und Einstellungen\Mama\Anwendungsdaten\sys386ll.dat [2011.09.02 00:02:58 | 000,000,010 | ---- | C] () -- C:\Dokumente und Einstellungen\Mama\Anwendungsdaten\hhxprot5 ========== ZeroAccess Check ========== [2013.09.18 00:20:06 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2012.08.30 22:28:08 | 001,510,400 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009.02.09 12:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008.04.14 07:52:34 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both < End of report > [/CGMER 2.1.19163 - hxxp://www.gmer.net Rootkit scan 2013-11-30 02:07:59 Windows 5.1.2600 Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 Hitachi_HTS541612J9SA00 rev.SBDOC70P 111,79GB Running: gmer_2.1.19163.exe; Driver: C:\DOKUME~1\Mama\LOKALE~1\Temp\ffrirpob.sys ---- Kernel code sections - GMER 2.1 ---- .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xF674D3C0, 0x84E2FA, 0xE8000020] ---- User code sections - GMER 2.1 ---- .text C:\WINDOWS\system32\SearchIndexer.exe[1108] kernel32.dll!WriteFile 7C8112FF 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL .text C:\Programme\Mozilla Firefox\firefox.exe[2752] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 0162E210 C:\Programme\Mozilla Firefox\xul.dll .text C:\Programme\Mozilla Firefox\firefox.exe[2752] kernel32.dll!lstrlenW + 43 7C809AEC 7 Bytes JMP 01DF22CD C:\Programme\Mozilla Firefox\xul.dll .text C:\Programme\Mozilla Firefox\firefox.exe[2752] kernel32.dll!MapViewOfFileEx + 6A 7C80B9A0 7 Bytes JMP 01DF22AA C:\Programme\Mozilla Firefox\xul.dll .text C:\Programme\Mozilla Firefox\firefox.exe[2752] kernel32.dll!ValidateLocale + B1C8 7C8449C8 7 Bytes JMP 01632C10 C:\Programme\Mozilla Firefox\xul.dll .text C:\Programme\Mozilla Firefox\firefox.exe[2752] USER32.dll!GetWindowInfo 7E37C49C 5 Bytes JMP 01D0F425 C:\Programme\Mozilla Firefox\xul.dll .text C:\Programme\Mozilla Firefox\firefox.exe[2752] GDI32.dll!SetDIBitsToDevice + 20A 77EF9E14 7 Bytes JMP 01DF222B C:\Programme\Mozilla Firefox\xul.dll ---- Devices - GMER 2.1 ---- Device Fastfat.sys AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys Device mrxsmb.sys ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0018f3b86617 Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0018f3b86617 (not active ControlSet) ---- EOF - GMER 2.1 ---- ODE]ODE] |