Trojaner-Board - Facebook Schadlink hkmnf.promotii-rca.ro

Hallo,

hab beim facebook schauen leider mein Hirn ausgeschalten und blind auf ein vermeintliches Video gedrückt, das eine Freundin gepostet haben soll:

(Punkte durch Sterne ersetzt)
hkmnf*promotii-rca*ro/hewabela*php?fb_action_ids=528079687235788&fb_action_types=og*likes&fb_source=other_multiline&action_object_map=%7B%22528079687235788%22%3A17824831566 5819%7D&action_type_map=%7B%22528079687235788%22%3A%22og*likes%22%7D&action_ref_map=%5B%5D

Benutze Opera11.51 1087 für facebook, und dieses machte sofort ein neues Tab auf, welches ich unverzüglich schloss.
Machte mir bis heute keine Gedanken, jedoch postete ein Freund, der nie Videos postet das gleiche, kurz drauf meinte ein Kommentator es sei ein Virus hinter dem link.

Hier die logs von OTL und gmer

OTL.txt

Code:

OTL logfile created on: 03.04.2013 17:38:50 - Run 4

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\hmmm\Desktop

 Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.10.9200.16521)

Locale: 00000407 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy

 

1013,42 Mb Total Physical Memory | 268,32 Mb Available Physical Memory | 26,48% Memory free

1,99 Gb Paging File | 0,78 Gb Available in Paging File | 39,21% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 214,84 Gb Total Space | 144,69 Gb Free Space | 67,35% Space Free | Partition Type: NTFS

Drive D: | 17,75 Gb Total Space | 9,57 Gb Free Space | 53,90% Space Free | Partition Type: NTFS

 

Computer Name: HMMM-KA | User Name: hmmm | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2013.04.03 14:02:58 | 000,712,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SoftwareDistribution\Download\Install\AM_Delta_Patch_1.147.889.0.exe

PRC - [2013.04.03 12:45:49 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\hmmm\Desktop\OTL(1).exe

PRC - [2013.04.02 12:33:22 | 000,237,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe

PRC - [2013.02.05 17:48:44 | 000,272,248 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee Security Scan\3.0.318\SSScheduler.exe

PRC - [2013.01.27 12:11:46 | 000,295,232 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft Security Client\NisSrv.exe

PRC - [2013.01.27 12:11:46 | 000,284,304 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft Security Client\MpCmdRun.exe

PRC - [2013.01.27 12:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft Security Client\MsMpEng.exe

PRC - [2013.01.27 12:11:06 | 000,947,152 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Security Client\msseces.exe

PRC - [2013.01.02 15:10:28 | 002,448,032 | ---- | M] (Check Point Software Technologies LTD) -- C:\Programme\CheckPoint\ZoneAlarm\vsmon.exe

PRC - [2013.01.02 14:38:50 | 000,073,984 | ---- | M] (Check Point Software Technologies LTD) -- C:\Programme\CheckPoint\ZoneAlarm\zatray.exe

PRC - [2012.12.18 16:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2012.11.30 04:55:25 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe

PRC - [2012.11.23 04:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe

PRC - [2012.11.22 16:33:18 | 000,497,320 | ---- | M] (Check Point Software Technologies) -- C:\Programme\CheckPoint\ZAForceField\ISWSVC.exe

PRC - [2012.11.22 16:32:54 | 000,738,984 | ---- | M] (Check Point Software Technologies) -- C:\Programme\CheckPoint\ZAForceField\ForceField.exe

PRC - [2012.01.04 15:22:40 | 000,822,624 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE

PRC - [2011.10.01 09:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Application Virtualization Client\sftvsa.exe

PRC - [2011.10.01 09:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Application Virtualization Client\sftlist.exe

PRC - [2011.09.27 14:50:49 | 000,114,688 | ---- | M] () -- C:\Programme\Mobile Partner\Mobile Partner.exe

PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2010.10.25 10:05:52 | 000,795,648 | ---- | M] () -- C:\Programme\Control Center\CCenter.exe

PRC - [2010.09.21 14:03:14 | 001,710,464 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE

PRC - [2010.09.21 14:03:14 | 000,193,408 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE

PRC - [2010.06.07 14:24:48 | 000,289,952 | ---- | M] (Atheros Commnucations) -- C:\Programme\Atheros\Bluetooth Suite\AthBtTray.exe

PRC - [2010.06.07 14:24:34 | 000,470,176 | ---- | M] (Atheros Commnucations) -- C:\Programme\Atheros\Bluetooth Suite\BtvStack.exe

PRC - [2010.06.07 14:24:28 | 000,038,560 | ---- | M] (Atheros Commnucations) -- C:\Programme\Atheros\Bluetooth Suite\AdminService.exe

PRC - [2010.05.24 16:44:48 | 000,151,552 | ---- | M] (Atheros) -- C:\Programme\Atheros\Ath_CoexAgent.exe

PRC - [2009.01.26 15:31:16 | 002,144,088 | RHS- | M] (Safer Networking Limited) -- C:\Programme\Spybot - Search & Destroy\TeaTimer.exe

PRC - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe

 

 
 ========== Modules (No Company Name) ==========

 

MOD - [2012.11.29 23:59:32 | 000,093,696 | ---- | M] () -- C:\Programme\FileZilla FTP Client\fzshellext.dll

MOD - [2011.09.27 14:50:49 | 000,114,688 | ---- | M] () -- C:\Programme\Mobile Partner\Mobile Partner.exe

MOD - [2010.10.25 10:05:52 | 000,795,648 | ---- | M] () -- C:\Programme\Control Center\CCenter.exe

MOD - [2008.07.03 15:44:50 | 000,135,168 | ---- | M] () -- C:\Programme\Mobile Partner\LocaleMgrPlugin.dll

MOD - [2008.07.03 15:44:18 | 000,155,648 | ---- | M] () -- C:\Programme\Mobile Partner\SMSPlugin.dll

MOD - [2008.07.03 15:43:26 | 000,032,768 | ---- | M] () -- C:\Programme\Mobile Partner\NotifyServicePlugin.dll

MOD - [2008.07.03 15:41:26 | 000,057,344 | ---- | M] () -- C:\Programme\Mobile Partner\ConfigFilePlugin.dll

MOD - [2008.07.03 15:40:20 | 000,098,304 | ---- | M] () -- C:\Programme\Mobile Partner\DeviceMgrPlugin.dll

MOD - [2008.07.03 15:38:32 | 000,114,688 | ---- | M] () -- C:\Programme\Mobile Partner\NetInfoPlugin.dll

MOD - [2008.07.03 15:36:32 | 000,086,016 | ---- | M] () -- C:\Programme\Mobile Partner\DialUpPlugin.dll

MOD - [2008.07.03 15:35:40 | 000,155,648 | ---- | M] () -- C:\Programme\Mobile Partner\DeviceMgrUIPlugin.dll

MOD - [2008.05.23 16:19:36 | 000,061,440 | ---- | M] () -- C:\Programme\Mobile Partner\XCodec.dll

MOD - [2008.05.23 16:19:32 | 000,040,960 | ---- | M] () -- C:\Programme\Mobile Partner\DeviceOperate.dll

MOD - [2008.05.23 16:19:28 | 000,147,456 | ---- | M] () -- C:\Programme\Mobile Partner\DetectDev.dll

MOD - [2008.05.23 16:19:22 | 000,524,288 | ---- | M] () -- C:\Programme\Mobile Partner\atcomm.dll

MOD - [2008.03.07 14:55:40 | 000,088,576 | ---- | M] () -- C:\Programme\Control Center\ShowIcoOSD.dll

MOD - [2008.01.28 10:46:34 | 000,089,088 | ---- | M] () -- C:\Programme\Control Center\ShowDisplaySwitchOSD.dll

MOD - [2007.09.24 12:12:54 | 000,088,576 | ---- | M] () -- C:\Programme\Control Center\AcpiRwDll.dll

MOD - [2007.09.24 12:12:36 | 000,089,088 | ---- | M] () -- C:\Programme\Control Center\ShowProgressOSD.dll

MOD - [2007.08.23 16:39:30 | 000,014,848 | ---- | M] () -- C:\Programme\Mobile Partner\isaputrace.dll

MOD - [2007.07.31 15:50:04 | 000,090,112 | ---- | M] () -- C:\Programme\Mobile Partner\FileManager.dll

 

 
 ========== Services (SafeList) ==========

 

SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SBSDWSCService)

SRV - [2013.03.08 23:57:05 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2013.02.05 17:48:00 | 000,235,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Programme\McAfee Security Scan\3.0.318\McCHSvc.exe -- (McComponentHostService)

SRV - [2013.01.27 12:11:46 | 000,295,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv)

SRV - [2013.01.27 12:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)

SRV - [2013.01.08 13:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)

SRV - [2013.01.02 15:10:28 | 002,448,032 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Programme\CheckPoint\ZoneAlarm\vsmon.exe -- (vsmon)

SRV - [2012.12.18 16:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2012.11.22 16:33:18 | 000,497,320 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Programme\CheckPoint\ZAForceField\ISWSVC.exe -- (IswSvc)

SRV - [2012.01.18 14:38:28 | 000,155,320 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Programme\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion)

SRV - [2012.01.04 15:22:40 | 000,822,624 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE -- (cvhsvc)

SRV - [2011.10.01 09:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)

SRV - [2011.10.01 09:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)

SRV - [2011.09.27 21:03:28 | 000,295,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)

SRV - [2010.11.20 23:29:49 | 001,121,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)

SRV - [2010.09.22 16:33:04 | 000,051,040 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)

SRV - [2010.09.21 14:03:14 | 001,710,464 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)

SRV - [2010.06.07 14:24:28 | 000,038,560 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Programme\Atheros\Bluetooth Suite\AdminService.exe -- (AtherosSvc)

SRV - [2010.05.24 16:44:48 | 000,151,552 | ---- | M] (Atheros) [Auto | Running] -- C:\Programme\Atheros\Ath_CoexAgent.exe -- (Atheros Bt&Wlan Coex Agent)

SRV - [2010.01.09 22:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)

SRV - [2010.01.09 22:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)

SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - File not found [Kernel | System | Stopped] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{824C147E-A3BC-42A8-8473-947ED58A2120}\MpKslade283cc.sys -- (MpKslade283cc)

DRV - [2013.01.20 16:59:04 | 000,100,328 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)

DRV - [2012.12.13 12:49:38 | 000,454,744 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\System32\drivers\vsdatant.sys -- (Vsdatant)

DRV - [2012.11.22 16:33:30 | 000,027,056 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Programme\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)

DRV - [2012.10.25 14:23:22 | 000,025,200 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggsemc.sys -- (ggsemc)

DRV - [2012.10.25 14:23:22 | 000,012,400 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggflt.sys -- (ggflt)

DRV - [2012.08.23 16:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)

DRV - [2012.08.23 16:41:34 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)

DRV - [2012.08.23 16:40:25 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV - [2011.10.01 09:30:42 | 000,019,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol)

DRV - [2011.10.01 09:30:40 | 000,021,864 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir)

DRV - [2011.10.01 09:30:38 | 000,194,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay)

DRV - [2011.10.01 09:30:36 | 000,579,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs)

DRV - [2011.09.02 08:31:28 | 000,039,192 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)

DRV - [2011.09.02 08:31:20 | 000,041,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)

DRV - [2011.06.27 02:37:12 | 002,191,872 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)

DRV - [2010.11.19 04:34:14 | 000,141,568 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nusb3xhc.sys -- (nusb3xhc)

DRV - [2010.11.19 04:34:12 | 000,062,208 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nusb3hub.sys -- (nusb3hub)

DRV - [2010.06.07 11:08:54 | 000,230,760 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btfilter.sys -- (BtFilter)

DRV - [2010.06.07 11:08:54 | 000,177,704 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btath_hcrp.sys -- (BTATH_HCRP)

DRV - [2010.06.07 11:08:54 | 000,143,080 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btath_rcp.sys -- (BTATH_RCP)

DRV - [2010.06.07 11:08:54 | 000,046,952 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btath_lwflt.sys -- (BTATH_LWFLT)

DRV - [2010.06.07 11:08:52 | 000,256,360 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btath_a2dp.sys -- (BTATH_A2DP)

DRV - [2010.06.07 11:08:52 | 000,047,144 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AthDfu.sys -- (ATHDFU)

DRV - [2010.06.07 11:08:52 | 000,037,224 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btath_flt.sys -- (AthBTPort)

DRV - [2010.06.07 11:08:52 | 000,028,200 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btath_bus.sys -- (BTATH_BUS)

DRV - [2009.07.14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)

DRV - [2008.12.30 11:57:54 | 000,103,040 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ewusbfake.sys -- (hwusbfake)

DRV - [2008.12.13 11:27:50 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)

DRV - [2008.08.27 11:06:00 | 000,010,728 | ---- | M] (TPS Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tpsacpi.sys -- (tpsacpi)

DRV - [2008.06.10 13:37:22 | 000,026,624 | ---- | M] (ELANTECH Devices Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Ktp.sys -- (Ktp)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://at.msn.com/?ocid=iehp

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-AT

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 14 0A B0 F8 78 85 CD 01  [binary data]

IE - HKCU\..\URLSearchHook: {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - No CLSID value found

IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..extensions.enabledAddons: add-to-searchbox%40maltekraus.de:2.0

FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.14

FF - prefs.js..extensions.enabledAddons: adblockpopups%40jessehakanen.net:0.7

FF - prefs.js..extensions.enabledAddons: personas%40christopher.beard:1.6.5

FF - prefs.js..extensions.enabledAddons: %7B1018e4d6-728f-4b20-ad56-37578a4de76b%7D:4.2.7

FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.5.9

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2

FF - user.js - File not found

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1165635.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll ()

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2013.01.14 19:23:23 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.03.08 23:57:09 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.04.03 15:09:20 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.03.08 23:57:09 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.04.03 15:09:20 | 000,000,000 | ---D | M]

 

[2011.09.27 15:00:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\hmmm\AppData\Roaming\mozilla\Extensions

[2013.03.29 15:19:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\hmmm\AppData\Roaming\mozilla\Firefox\Profiles\dohj0kke.default\extensions

[2013.03.14 21:55:03 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\hmmm\AppData\Roaming\mozilla\Firefox\Profiles\dohj0kke.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}

[2013.02.23 21:43:26 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\hmmm\AppData\Roaming\mozilla\Firefox\Profiles\dohj0kke.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

[2013.03.25 12:20:58 | 000,000,000 | ---D | M] (CCC003) -- C:\Users\hmmm\AppData\Roaming\mozilla\Firefox\Profiles\dohj0kke.default\extensions\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}

[2013.03.04 01:19:30 | 000,134,804 | ---- | M] () (No name found) -- C:\Users\hmmm\AppData\Roaming\mozilla\firefox\profiles\dohj0kke.default\extensions\adblockpopups@jessehakanen.net.xpi

[2011.10.01 14:40:33 | 000,025,781 | ---- | M] () (No name found) -- C:\Users\hmmm\AppData\Roaming\mozilla\firefox\profiles\dohj0kke.default\extensions\add-to-searchbox@maltekraus.de.xpi

[2012.07.07 15:01:34 | 000,123,385 | ---- | M] () (No name found) -- C:\Users\hmmm\AppData\Roaming\mozilla\firefox\profiles\dohj0kke.default\extensions\elemhidehelper@adblockplus.org.xpi

[2013.03.06 22:41:02 | 000,386,363 | ---- | M] () (No name found) -- C:\Users\hmmm\AppData\Roaming\mozilla\firefox\profiles\dohj0kke.default\extensions\personas@christopher.beard.xpi

[2013.03.29 15:19:36 | 000,531,916 | ---- | M] () (No name found) -- C:\Users\hmmm\AppData\Roaming\mozilla\firefox\profiles\dohj0kke.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi

[2013.02.14 15:59:41 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\hmmm\AppData\Roaming\mozilla\firefox\profiles\dohj0kke.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

[2012.04.17 02:14:31 | 000,001,396 | ---- | M] () -- C:\Users\hmmm\AppData\Roaming\mozilla\firefox\profiles\dohj0kke.default\searchplugins\checkoutmycardscom.xml

[2011.10.04 15:12:06 | 000,002,261 | ---- | M] () -- C:\Users\hmmm\AppData\Roaming\mozilla\firefox\profiles\dohj0kke.default\searchplugins\google-suche.xml

[2012.07.24 23:11:49 | 000,001,274 | ---- | M] () -- C:\Users\hmmm\AppData\Roaming\mozilla\firefox\profiles\dohj0kke.default\searchplugins\nba--aba-basketball-statistics--history--basketball-referenc.xml

[2012.05.18 15:58:13 | 000,001,022 | ---- | M] () -- C:\Users\hmmm\AppData\Roaming\mozilla\firefox\profiles\dohj0kke.default\searchplugins\ultimate-guitar-tabs-archive--300000-guitar-tabs-bass-tabs-c.xml

[2011.10.01 16:43:03 | 000,001,187 | ---- | M] () -- C:\Users\hmmm\AppData\Roaming\mozilla\firefox\profiles\dohj0kke.default\searchplugins\wikipedia-the-free-encyclopedia.xml

[2011.10.01 15:30:09 | 000,001,030 | ---- | M] () -- C:\Users\hmmm\AppData\Roaming\mozilla\firefox\profiles\dohj0kke.default\searchplugins\youtube---broadcast-yourself.xml

[2013.03.08 23:55:01 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions

[2013.03.08 23:57:08 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2012.10.17 02:10:31 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml

[2012.10.17 02:10:31 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2012.10.17 02:10:31 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml

[2012.10.17 02:10:31 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml

[2012.10.17 02:10:31 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml

[2012.10.17 02:10:31 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

 
 ========== Chrome  ==========

 

CHR - homepage: 

CHR - homepage: 

CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.79\PepperFlash\pepflashplayer.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll

CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.79\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.79\pdf.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll

CHR - plugin: npFFApi (Enabled) = C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll

CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll

CHR - plugin: Java(TM) Platform SE 7 U7 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll

CHR - plugin: Java Deployment Toolkit 7.0.70.10 (Enabled) = C:\Windows\system32\npDeployJava1.dll

CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll

CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw_1165635.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll

CHR - Extension: YouTube = C:\Users\hmmm\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\

CHR - Extension: Google-Suche = C:\Users\hmmm\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\

CHR - Extension: Google Mail = C:\Users\hmmm\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

 

O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Programme\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Programme\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)

O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)

O2 - BHO: (Free Download Manager) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Programme\Free Download Manager\iefdm2.dll (FreeDownloadManager.ORG)

O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)

O4 - HKLM..\Run: [AthBtTray] C:\Program Files\Atheros\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations)

O4 - HKLM..\Run: [AtherosBtStack] C:\Program Files\Atheros\Bluetooth Suite\BtvStack.exe (Atheros Commnucations)

O4 - HKLM..\Run: [Control Center] C:\Programme\Control Center\CCenter.exe ()

O4 - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)

O4 - HKLM..\Run: [KTPWare] X:\Program Files\Elantech\ktpCtrl.exe File not found

O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)

O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)

O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O8 - Extra context menu item: Alles mit FDM herunterladen - C:\Program Files\Free Download Manager\dlall.htm ()

O8 - Extra context menu item: Auswahl mit FDM herunterladen - C:\Program Files\Free Download Manager\dlselected.htm ()

O8 - Extra context menu item: Datei mit FDM herunterladen - C:\Program Files\Free Download Manager\dllink.htm ()

O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)

O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Value error.)

O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.17.2)

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)

O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O33 - MountPoints2\{3392c1fa-8ad0-11e1-9bf2-e0b9a59a01aa}\Shell - "" = AutoRun

O33 - MountPoints2\{3392c1fa-8ad0-11e1-9bf2-e0b9a59a01aa}\Shell\AutoRun\command - "" = F:\AutoRun.exe

O33 - MountPoints2\{67770b98-e935-11e0-9f86-e0b9a5495183}\Shell - "" = AutoRun

O33 - MountPoints2\{67770b98-e935-11e0-9f86-e0b9a5495183}\Shell\AutoRun\command - "" = E:\AutoRun.exe

O33 - MountPoints2\{67770ba8-e935-11e0-9f86-e0b9a5495183}\Shell - "" = AutoRun

O33 - MountPoints2\{67770ba8-e935-11e0-9f86-e0b9a5495183}\Shell\AutoRun\command - "" = F:\AutoRun.exe

O33 - MountPoints2\{88824bce-9556-11e1-b016-e0b9a59a01aa}\Shell - "" = AutoRun

O33 - MountPoints2\{88824bce-9556-11e1-b016-e0b9a59a01aa}\Shell\AutoRun\command - "" = F:\AutoRun.exe

O33 - MountPoints2\{98decd6f-1e99-11e2-9bd9-00e04c8920f7}\Shell - "" = AutoRun

O33 - MountPoints2\{98decd6f-1e99-11e2-9bd9-00e04c8920f7}\Shell\AutoRun\command - "" = G:\Startme.exe

O33 - MountPoints2\{a1155944-906c-11e1-af44-00e04c8920f7}\Shell - "" = AutoRun

O33 - MountPoints2\{a1155944-906c-11e1-af44-00e04c8920f7}\Shell\AutoRun\command - "" = E:\AutoRun.exe

O33 - MountPoints2\{b81150fb-ec56-11e0-9407-e0b9a59a01aa}\Shell - "" = AutoRun

O33 - MountPoints2\{b81150fb-ec56-11e0-9407-e0b9a59a01aa}\Shell\AutoRun\command - "" = H:\Startme.exe

O33 - MountPoints2\E\Shell - "" = AutoRun

O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\AutoRun.exe

O33 - MountPoints2\F\Shell - "" = AutoRun

O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2013.04.03 14:42:59 | 000,000,000 | ---D | C] -- C:\Users\hmmm\AppData\Local\Programs

[2013.04.03 13:34:02 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\hmmm\Desktop\OTL(1).exe

[2013.04.01 13:13:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth

[2013.03.25 14:03:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\D-Fend Reloaded

[2013.03.25 14:03:20 | 000,000,000 | ---D | C] -- C:\Users\hmmm\D-Fend Reloaded

[2013.03.25 14:03:09 | 000,000,000 | ---D | C] -- C:\Program Files\D-Fend Reloaded

[2013.03.08 23:55:01 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox

[3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

[1 C:\Users\hmmm\Documents\*.tmp files -> C:\Users\hmmm\Documents\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2013.04.03 17:33:35 | 000,016,928 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2013.04.03 17:33:35 | 000,016,928 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2013.04.03 17:26:50 | 000,000,043 | ---- | M] () -- C:\Users\Public\Documents\AtherosServiceConfig.ini

[2013.04.03 17:26:17 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2013.04.03 17:26:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2013.04.03 17:25:52 | 796,987,392 | -HS- | M] () -- C:\hiberfil.sys

[2013.04.03 14:43:44 | 000,001,069 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2013.04.03 14:09:01 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2013.04.03 12:48:36 | 000,377,856 | ---- | M] () -- C:\Users\hmmm\Desktop\gmer_2.1.19155.exe

[2013.04.03 12:48:16 | 000,050,477 | ---- | M] () -- C:\Users\hmmm\Desktop\Defogger(1).exe

[2013.04.03 12:45:49 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\hmmm\Desktop\OTL(1).exe

[2013.04.02 12:32:58 | 000,654,852 | ---- | M] () -- C:\Windows\System32\perfh007.dat

[2013.04.02 12:32:58 | 000,616,694 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2013.04.02 12:32:58 | 000,130,434 | ---- | M] () -- C:\Windows\System32\perfc007.dat

[2013.04.02 12:32:58 | 000,106,816 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2013.04.01 13:13:41 | 000,002,172 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk

[2013.03.30 12:50:11 | 000,025,185 | ---- | M] () -- C:\Windows\System32\ieuinit.inf

[2013.03.26 16:45:50 | 000,103,015 | ---- | M] () -- C:\Users\hmmm\Documents\siemens.pdf

[2013.03.26 16:42:19 | 000,103,392 | ---- | M] () -- C:\Users\hmmm\Documents\wiesenthal.pdf

[2013.03.25 14:04:38 | 000,001,035 | ---- | M] () -- C:\Users\Public\Desktop\D-Fend Reloaded.lnk

[2013.03.22 20:42:52 | 000,162,125 | ---- | M] () -- C:\Users\hmmm\Documents\wiesenthal.xps

[3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

[1 C:\Users\hmmm\Documents\*.tmp files -> C:\Users\hmmm\Documents\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2013.04.03 14:43:44 | 000,001,069 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2013.04.03 13:34:03 | 000,050,477 | ---- | C] () -- C:\Users\hmmm\Desktop\Defogger(1).exe

[2013.04.03 13:34:02 | 000,377,856 | ---- | C] () -- C:\Users\hmmm\Desktop\gmer_2.1.19155.exe

[2013.04.01 13:13:41 | 000,002,172 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk

[2013.03.30 12:50:11 | 000,025,185 | ---- | C] () -- C:\Windows\System32\ieuinit.inf

[2013.03.26 16:42:16 | 000,103,392 | ---- | C] () -- C:\Users\hmmm\Documents\wiesenthal.pdf

[2013.03.25 14:04:38 | 000,001,035 | ---- | C] () -- C:\Users\Public\Desktop\D-Fend Reloaded.lnk

[2013.03.22 20:42:50 | 000,162,125 | ---- | C] () -- C:\Users\hmmm\Documents\wiesenthal.xps

[2013.03.22 20:32:44 | 000,103,015 | ---- | C] () -- C:\Users\hmmm\Documents\siemens.pdf

[2013.02.07 00:27:21 | 000,022,379 | ---- | C] () -- C:\Users\hmmm\AppData\Local\recently-used.xbel

[2012.09.29 13:43:52 | 000,000,056 | RHS- | C] () -- C:\Windows\System32\E71BBE94BF.sys

[2012.09.29 13:14:06 | 000,003,766 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys

[2012.09.10 16:16:12 | 000,000,000 | ---- | C] () -- C:\Users\hmmm\defogger_reenable

[2012.05.04 12:40:17 | 000,005,120 | ---- | C] () -- C:\Users\hmmm\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2012.03.22 22:01:32 | 000,079,360 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll

[2012.03.15 10:40:28 | 004,826,112 | ---- | C] () -- C:\Windows\System32\x264vfw.dll

[2012.01.09 23:45:18 | 000,178,688 | ---- | C] () -- C:\Windows\System32\unrar.dll

[2011.12.07 23:32:24 | 000,216,064 | ---- | C] ( ) -- C:\Windows\System32\lagarith.dll

[2011.09.28 21:09:45 | 000,001,065 | ---- | C] () -- C:\Windows\winamp.ini

[2011.04.06 02:19:30 | 000,246,804 | ---- | C] () -- C:\Windows\System32\AtherosBT.bin

 
 ========== ZeroAccess Check ==========

 

[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 23:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

 
 ========== LOP Check ==========

 

[2013.01.12 19:28:25 | 000,000,000 | ---D | M] -- C:\Users\hmmm\AppData\Roaming\Audacity

[2012.09.27 19:32:41 | 000,000,000 | ---D | M] -- C:\Users\hmmm\AppData\Roaming\CheckPoint

[2013.01.20 23:42:21 | 000,000,000 | ---D | M] -- C:\Users\hmmm\AppData\Roaming\FileZilla

[2012.09.03 14:14:02 | 000,000,000 | ---D | M] -- C:\Users\hmmm\AppData\Roaming\Free Download Manager

[2012.05.04 11:36:18 | 000,000,000 | ---D | M] -- C:\Users\hmmm\AppData\Roaming\FreeFLVConverter

[2012.12.25 17:41:36 | 000,000,000 | ---D | M] -- C:\Users\hmmm\AppData\Roaming\gtk-2.0

[2011.12.04 01:43:23 | 000,000,000 | ---D | M] -- C:\Users\hmmm\AppData\Roaming\Guitar Pro 6

[2012.03.22 12:42:36 | 000,000,000 | ---D | M] -- C:\Users\hmmm\AppData\Roaming\Leadertech

[2012.09.10 11:54:14 | 000,000,000 | ---D | M] -- C:\Users\hmmm\AppData\Roaming\OpenOffice.org

[2011.09.28 20:59:43 | 000,000,000 | ---D | M] -- C:\Users\hmmm\AppData\Roaming\Opera

[2013.03.27 16:24:53 | 000,000,000 | ---D | M] -- C:\Users\hmmm\AppData\Roaming\SoftGrid Client

[2012.12.15 15:25:29 | 000,000,000 | ---D | M] -- C:\Users\hmmm\AppData\Roaming\TP

[2012.05.04 12:37:53 | 000,000,000 | ---D | M] -- C:\Users\hmmm\AppData\Roaming\Win7codecs

[2011.12.06 01:13:11 | 000,000,000 | ---D | M] -- C:\Users\hmmm\AppData\Roaming\Windows Live Writer

 
 ========== Purity Check ==========

 

 
 

< End of report >

extras.txt

Code:

OTL Extras logfile created on: 03.04.2013 16:55:16 - Run 3

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\hmmm\Desktop

 Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.10.9200.16521)

Locale: 00000407 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy

 

1013,42 Mb Total Physical Memory | 471,80 Mb Available Physical Memory | 46,56% Memory free

1,99 Gb Paging File | 1,57 Gb Available in Paging File | 78,71% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 214,84 Gb Total Space | 144,68 Gb Free Space | 67,34% Space Free | Partition Type: NTFS

Drive D: | 17,75 Gb Total Space | 9,57 Gb Free Space | 53,90% Space Free | Partition Type: NTFS

 

Computer Name: HMMM-KA | User Name: hmmm | Logged in as Administrator.

Boot Mode: SafeMode with Networking | Scan Mode: All users

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Extra Registry (All) ==========

 

 
 ========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.bat [@ = batfile] -- "%1" %*

.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)

.cmd [@ = cmdfile] -- "%1" %*

.com [@ = comfile] -- "%1" %*

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.exe [@ = exefile] -- "%1" %*

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

.hta [@ = htafile] -- C:\Windows\System32\mshta.exe (Microsoft Corporation)

.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

.inf [@ = inffile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)

.ini [@ = inifile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)

.url [@ = InternetShortcut] -- C:\Windows\System32\rundll32.exe (Microsoft Corporation)

.js [@ = JSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)

.jse [@ = JSEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)

.pif [@ = piffile] -- "%1" %*

.reg [@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)

.scr [@ = scrfile] -- "%1" /S

.txt [@ = txtfile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)

.vbe [@ = VBEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)

.vbs [@ = VBSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)

.wsf [@ = WSFFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)

.wsh [@ = WSHFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)

 

[HKEY_USERS\S-1-5-21-4033972169-725669118-744484689-1000\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

 
 ========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)

batfile [open] -- "%1" %*

batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)

chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)

cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)

cmdfile [open] -- "%1" %*

cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

htafile [open] -- C:\Windows\System32\mshta.exe "%1" %* (Microsoft Corporation)

htmlfile [edit] -- Reg Error: Key error.

htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"

http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)

https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)

inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)

inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)

inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)

jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)

jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)

jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)

jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)

jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)

regfile [open] -- regedit.exe "%1" (Microsoft Corporation)

regfile [merge] -- Reg Error: Key error.

regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)

txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)

txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)

vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)

vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)

vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)

vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)

vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)

vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)

wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)

wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)

wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)

wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\Winamp.exe" /BOOKMARK "%1" (Nullsoft)

Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\Winamp.exe" /ADD "%1" (Nullsoft)

Directory [Winamp.Play] -- "C:\Program Files\Winamp\Winamp.exe" "%1" (Nullsoft)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

 
 ========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

 
 ========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 0

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 0

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 0

"DisableNotifications" = 0

 
 ========== Authorized Applications List ==========

 

 
 ========== Vista Active Open Ports Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{141F9633-CA8B-475A-BD1C-FBAD28B07F55}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 

"{F212C4FD-CE67-4C2F-AEA5-00560AE6A324}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 

 
 ========== Vista Active Application Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{36CD5DF5-84E9-4F7E-9992-ADEA9B18E5F6}" = protocol=17 | dir=in | app=c:\program files\sony ericsson\update engine\sony ericsson update engine.exe | 

"{379DD5CF-C282-4BBD-A9C6-FACDC9000C5B}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 | 

"{4C58C2A4-2CA6-4CB6-B172-EA22C3017715}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | 

"{555EA909-B6E9-4F22-9C77-F22EBF278A96}" = protocol=6 | dir=in | app=c:\program files\opera\pluginwrapper\opera_plugin_wrapper.exe | 

"{60E4D7ED-49A9-4AD7-90F8-E64CBBF0F6EF}" = protocol=17 | dir=in | app=c:\program files\opera\pluginwrapper\opera_plugin_wrapper.exe | 

"{8024DF97-E4F2-42D5-9226-3312C03ACC49}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | 

"{88A55365-DF3E-4E44-BE35-664F956ADCC9}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 

"{96892ED3-3072-4CF6-AB28-BA221022FB53}" = dir=in | app=c:\program files\windows live\mesh\moe.exe | 

"{AF85D2DB-16AA-4F6E-A6CB-08C1BEA94147}" = dir=in | app=c:\program files\skype\phone\skype.exe | 

"{E50AA223-0618-4504-87A3-4A4035AE69A6}" = protocol=58 | dir=in | app=system | 

"{EC9FD432-0EB8-4D14-BFC6-4D1D5C889BE1}" = protocol=6 | dir=in | app=c:\program files\sony ericsson\update engine\sony ericsson update engine.exe | 

"{F83F1E47-A320-40E1-B9B8-3465ED2EB25D}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{02602409-9189-4567-BC07-562605243B69}" = Windows Live Remote Client Resources

"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion

"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer

"{101A497C-7EF6-4001-834D-E5FA1C70FEFA}" = Bluetooth Win7 Suite

"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1

"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack

"{14A487F2-1259-4E6C-AE3C-3C888DDBCB60}_is1" = Guitar Pro 6

"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client

"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources

"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update

"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions

"{20B1B020-DEAE-48D1-9960-D4C3185D758B}" = Phase 5 HTML-Editor

"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service

"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1

"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31

"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17

"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2

"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros WLAN and Bluetooth Client Installation Program

"{325988C2-8D7B-460E-8F6F-4747129CA495}" = ZoneAlarm Security

"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery

"{390DD8BB-BB57-4942-A029-2D913E4E9D74}" = Microsoft Security Client

"{3A65A74A-5B6E-451A-92D8-50F1182BBE9A}" = Windows Live Remote Service Resources

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg

"{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform

"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1

"{50779A29-834E-4E36-BBEB-B7CABC67A825}" = Microsoft Security Client DE-DE Language Pack

"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM

"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant

"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE

"{6ADCBB79-7B9A-449B-AE31-E1C7116042B9}" = ZoneAlarm Firewall

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core

"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer

"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8C0CAA7A-3272-4991-A808-2C7559DE3409}" = Win7codecs

"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{90140000-006D-0407-0000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010

"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch

"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail

"{9E48FF52-082C-4CC2-BB67-6E10D09C0431}" = Windows Live UX Platform Language Pack

"{A09AB2EA-4E3B-48A8-A716-CD4FB3529548}" = Control Center

"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common

"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer

"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.6) - Deutsch

"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh

"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter

"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie

"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail

"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy

"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common

"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections

"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform

"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform

"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker

"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger

"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony PC Companion 2.10.094

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"{F843C6A3-224D-4615-94F8-3C461BD9AEA0}" = Jasc Paint Shop Pro 9

"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"Adobe Shockwave Player" = Adobe Shockwave Player 11.6

"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.13 (Unicode)

"AudioCon" = AudioCon

"D-Fend Reloaded" = D-Fend Reloaded 1.3.3 (deinstallieren)

"Elantech" = KTP Ware PS/2-x86 5.3.0.4

"ESET Online Scanner" = ESET Online Scanner v3

"FLV Player" = FLV Player 2.0 (build 25)

"Free Download Manager_is1" = Free Download Manager 3.9

"GIMP-2_is1" = GIMP 2.8.2

"Google Chrome" = Google Chrome

"HDMI" = Intel(R) Graphics Media Accelerator Driver

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100

"McAfee Security Scan" = McAfee Security Scan Plus

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"Microsoft Security Client" = Microsoft Security Essentials

"Mobile Partner" = Mobile Partner

"Mozilla Firefox 19.0.2 (x86 de)" = Mozilla Firefox 19.0.2 (x86 de)

"MozillaMaintenanceService" = Mozilla Maintenance Service

"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010

"Opera 12.14.1738" = Opera 12.14

"sp6" = Logitech SetPoint 6.32

"SynTPDeinstKey" = Synaptics Pointing Device Driver

"Update Engine" = Sony Ericsson Update Engine

"Winamp" = Winamp (remove only)

"WinLiveSuite" = Windows Live Essentials

"WinRAR archiver" = WinRAR archiver

"ZoneAlarm Free Firewall" = ZoneAlarm Free Firewall

"ZoneAlarm LTD Toolbar" = ZoneAlarm LTD Toolbar

 
 ========== HKEY_USERS Uninstall List ==========

 

[HKEY_USERS\S-1-5-21-4033972169-725669118-744484689-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"FileZilla Client" = FileZilla Client 3.6.0.2

"Gnumeric" = Gnumeric Spreadsheet 1.10.16-20110616

 
 ========== Last 20 Event Log Errors ==========

 

[ Application Events ]

Error - 20.01.2013 14:14:22 | Computer Name = hmmm-ka | Source = CVHSVC | ID = 100

Description = Nur zur Information.  (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):

 DownloadLatest Failed: Zurzeit sind keine aktiven Netzwerkverbindungen verfügbar.

 Der Vorgang wird von BITS wiederholt, sobald der Adapter über eine Verbindung verfügt.
 

 

Error - 20.01.2013 21:39:02 | Computer Name = hmmm-ka | Source = WinMgmt | ID = 10

Description = 

 

Error - 21.01.2013 12:42:08 | Computer Name = hmmm-ka | Source = WinMgmt | ID = 10

Description = 

 

Error - 21.01.2013 15:12:56 | Computer Name = hmmm-ka | Source = WinMgmt | ID = 10

Description = 

 

Error - 21.01.2013 18:10:42 | Computer Name = hmmm-ka | Source = WinMgmt | ID = 10

Description = 

 

Error - 21.01.2013 18:59:07 | Computer Name = hmmm-ka | Source = SideBySide | ID = 16842815

Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\spybot

 - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\program

 files\spybot - search & destroy\DelZip179.dll" in Zeile 8.  Der Wert "*" des "language"-Attributs

 im assemblyIdentity-Element ist ungültig.

 

Error - 21.01.2013 18:59:17 | Computer Name = hmmm-ka | Source = SideBySide | ID = 16842785

Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\Sony\sony

 pc companion\Drivers\DPInst64.exe".  Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""

 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm

 "sxstrace.exe".

 

Error - 21.01.2013 20:06:03 | Computer Name = hmmm-ka | Source = SideBySide | ID = 16842815

Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\spybot

 - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\program

 files\spybot - search & destroy\DelZip179.dll" in Zeile 8.  Der Wert "*" des "language"-Attributs

 im assemblyIdentity-Element ist ungültig.

 

Error - 21.01.2013 20:06:07 | Computer Name = hmmm-ka | Source = SideBySide | ID = 16842785

Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\Sony\sony

 pc companion\Drivers\DPInst64.exe".  Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""

 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm

 "sxstrace.exe".

 

Error - 22.01.2013 17:47:28 | Computer Name = hmmm-ka | Source = WinMgmt | ID = 10

Description = 

 

[ System Events ]

Error - 03.04.2013 09:09:44 | Computer Name = hmmm-ka | Source = Service Control Manager | ID = 7001

Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der

 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068

 

Error - 03.04.2013 09:11:10 | Computer Name = hmmm-ka | Source = DCOM | ID = 10005

Description = 

 

Error - 03.04.2013 09:11:16 | Computer Name = hmmm-ka | Source = DCOM | ID = 10005

Description = 

 

Error - 03.04.2013 09:11:19 | Computer Name = hmmm-ka | Source = DCOM | ID = 10005

Description = 

 

Error - 03.04.2013 09:11:19 | Computer Name = hmmm-ka | Source = DCOM | ID = 10005

Description = 

 

Error - 03.04.2013 09:11:19 | Computer Name = hmmm-ka | Source = Service Control Manager | ID = 7001

Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der

 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068

 

Error - 03.04.2013 09:11:19 | Computer Name = hmmm-ka | Source = Service Control Manager | ID = 7001

Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der

 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068

 

Error - 03.04.2013 09:11:19 | Computer Name = hmmm-ka | Source = Service Control Manager | ID = 7001

Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der

 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068

 

Error - 03.04.2013 09:23:56 | Computer Name = hmmm-ka | Source = DCOM | ID = 10005

Description = 

 

Error - 03.04.2013 09:23:56 | Computer Name = hmmm-ka | Source = Microsoft Antimalware | ID = 2001

Description = Beim Aktualisieren der Signaturen wurde von %%860 ein Fehler festgestellt.
 

        Neue

 Signaturversion:      Vorherige Signaturversion: 1.147.889.0     Aktualisierungsquelle: %%859
 

        Aktualisierungsphase:

 %%852     Quellpfad: Default URL     Signaturtyp: %%800     Aktualisierungstyp: %%803     Benutzer:

 NT-AUTORITÄT\SYSTEM     Aktuelle Modulversion:      Vorherige Modulversion: 1.1.9302.0     Fehlercode:

 0x8007043c     Fehlerbeschreibung: Der Dienst kann nicht im abgesicherten Modus gestartet

 werden. 

 

 

< End of report >

gmer.log

Code:

GMER 2.1.19155 - hxxp://www.gmer.net

Rootkit scan 2013-04-03 14:41:57

Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 TOSHIBA_MK2576GSX rev.GS001A 232,89GB

Running: gmer_2.1.19155.exe; Driver: C:\Users\hmmm\AppData\Local\Temp\pfldipoc.sys
 
 

---- System - GMER 2.1 ----
 

SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys                                                        ZwAlpcConnectPort [0x89122082]

SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys                                                        ZwAlpcCreatePort [0x8912294A]

SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys                                                        ZwConnectPort [0x89121AD8]

SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys                                                        ZwCreateFile [0x8911B334]

SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys                                                        ZwCreateKey [0x8913D1DA]

SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys                                                        ZwCreatePort [0x891225E2]

SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys                                                        ZwCreateProcess [0x89136F1C]

SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys                                                        ZwCreateProcessEx [0x89137344]

SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys                                                        ZwCreateSection [0x8914196E]

SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys                                                        ZwCreateUserProcess [0x891377B8]

SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys                                                        ZwCreateWaitablePort [0x89122740]

SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys                                                        ZwDeleteFile [0x8911C070]

SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys                                                        ZwDeleteKey [0x8913ECCE]

SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys                                                        ZwDeleteValueKey [0x8913E580]

SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys                                                        ZwDuplicateObject [0x89135CFC]

SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys                                                        ZwLoadDriver [0x89115D46]

SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys                                                        ZwLoadKey [0x8913F760]

SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys                                                        ZwLoadKey2 [0x8913F99E]

SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys                                                        ZwLoadKeyEx [0x8913FE50]

SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys                                                        ZwMapViewOfSection [0x89141D2C]

SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys                                                        ZwOpenFile [0x8911BC22]

SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys                                                        ZwOpenProcess [0x89139430]

SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys                                                        ZwOpenThread [0x8913901E]

SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys                                                        ZwProtectVirtualMemory [0x8914E340]

SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys                                                        ZwRenameKey [0x89140838]

SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys                                                        ZwReplaceKey [0x8914011A]

SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys                                                        ZwRequestWaitReplyPort [0x8912167C]

SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys                                                        ZwRestoreKey [0x8914129E]

SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys                                                        ZwSecureConnectPort [0x89121DA4]

SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys                                                        ZwSetInformationFile [0x8911C47C]

SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys                                                        ZwSetInformationObject [0x8914E204]

SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys                                                        ZwSetSecurityObject [0x89140DC2]

SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys                                                        ZwSetSystemInformation [0x89115410]

SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys                                                        ZwSetValueKey [0x8913DCA0]

SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys                                                        ZwSystemDebugControl [0x89138042]

SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys                                                        ZwTerminateProcess [0x89137D72]

SSDT            \SystemRoot\system32\DRIVERS\vsdatant.sys                                                        ZwUnloadDriver [0x89116198]
 

---- Kernel code sections - GMER 2.1 ----
 

.text           ntkrnlpa.exe!ZwRollbackEnlistment + 140D                                                         81C489E9 1 Byte  [06]

.text           ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                           81C821C2 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}

.text           ntkrnlpa.exe!KeRemoveQueueEx + 10FF                                                              81C89214 8 Bytes  [82, 20, 12, 89, 4A, 29, 12, ...]

.text           ntkrnlpa.exe!KeRemoveQueueEx + 1193                                                              81C892A8 4 Bytes  [D8, 1A, 12, 89]

.text           ntkrnlpa.exe!KeRemoveQueueEx + 11AF                                                              81C892C4 1 Byte  [34]

.text           ntkrnlpa.exe!KeRemoveQueueEx + 11AF                                                              81C892C4 4 Bytes  [34, B3, 11, 89]

.text           ntkrnlpa.exe!KeRemoveQueueEx + 11BF                                                              81C892D4 4 Bytes  [DA, D1, 13, 89]

.text           ...                                                                                              
 

---- User code sections - GMER 2.1 ----
 

.text           C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe[1864] USER32.dll!GetUpdateRect + CF          75CFA644 5 Bytes  JMP 20CC9266 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
 

---- Devices - GMER 2.1 ----
 

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                          Wdf01000.sys

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1                                                          Wdf01000.sys
 

---- Registry - GMER 2.1 ----
 

Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\485d60d098ec                      

Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\485d60d098ed                      

Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\485d60f2b4cf                      

Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\e0b9a5495183                      

Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\e0b9a5495183@b8f934934c25         0x4F 0x62 0x65 0x80 ...

Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\485d60d098ec (not active ControlSet)  

Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\485d60d098ed (not active ControlSet)  

Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\485d60f2b4cf (not active ControlSet)  

Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\e0b9a5495183 (not active ControlSet)  

Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\e0b9a5495183@b8f934934c25             0x4F 0x62 0x65 0x80 ...
 

---- EOF - GMER 2.1 ----

Hab mit Malwarebytes gescannt, welches nichts gefunden hat und scanne gerade mit eset, das bis jetzt auch nichts gefunden hat.

Hab ein paar Fragen dazu:

Hab mir die logs durchgesehen und nichts entdeckt, was für mich merkwürdig aussieht, inwiefern kann diesen Programmen Schadsoftware entgehen?
Ist es möglich, dass sich der link über mein facebookprofil weiterverbreitet, ohne dass mein System infiziert ist und ich es bemerke(bei letzteren glaube ich schon)?

Zitat:

Zitat von t'john (Beitrag 1049665)

Log von ESET?

Tut mir nochmals leid, bin im Moment nicht lange genug zu Hause, heute ging sich der scan aus:

log.txt

Code:

ESETSmartInstaller@High as downloader log:

all ok

ESETSmartInstaller@High as downloader log:

all ok

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=193725aae21cdf45989578a008b7fd6f

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2012-09-12 04:37:16

# local_time=2012-09-12 06:37:16 (+0100, Mitteleuropäische Sommerzeit)

# country="Austria"

# lang=1033

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode=512 16777215 100 0 0 0 0 0

# compatibility_mode=5893 16776574 100 94 29518028 99081794 0 0

# compatibility_mode=8192 67108863 100 0 81521 81521 0 0

# compatibility_mode=9217 16777214 75 66 30320509 49411305 0 0

# scanned=95065

# found=2

# cleaned=0

# scan_time=17233

C:\Users\hmmm\Downloads\cnet_powertab_zip.exe        a variant of Win32/InstallCore.D application (unable to clean)        00000000000000000000000000000000        I

C:\Users\hmmm\Downloads\Setup74_FreeFlvConverter.exe        Win32/Toolbar.SearchSuite application (unable to clean)        00000000000000000000000000000000        I

ESETSmartInstaller@High as downloader log:

all ok

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=193725aae21cdf45989578a008b7fd6f

# end=stopped

# remove_checked=true

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2012-09-13 04:06:14

# local_time=2012-09-13 06:06:14 (+0100, Mitteleuropäische Sommerzeit)

# country="Austria"

# lang=1033

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode=512 16777215 100 0 0 0 0 0

# compatibility_mode=5893 16776574 100 94 29617016 99180782 0 0

# compatibility_mode=8192 67108863 100 0 180509 180509 0 0

# compatibility_mode=9217 16777214 75 66 30419497 49510293 0 0

# scanned=21631

# found=0

# cleaned=0

# scan_time=2783

ESETSmartInstaller@High as downloader log:

Can not open internetESETSmartInstaller@High as downloader log:

Can not open internetCan not open internetESETSmartInstaller@High as downloader log:

Can not open internetCan not open internetESETSmartInstaller@High as downloader log:

Can not open internet# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=193725aae21cdf45989578a008b7fd6f

# end=finished

# remove_checked=true

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2012-09-15 11:31:11

# local_time=2012-09-15 01:31:11 (+0100, Mitteleuropäische Sommerzeit)

# country="Austria"

# lang=1033

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode=512 16777215 100 0 0 0 0 0

# compatibility_mode=5893 16776574 100 94 29774448 99338214 0 0

# compatibility_mode=8192 67108863 100 0 337941 337941 0 0

# compatibility_mode=9217 16777214 75 66 30576929 49667725 0 0

# scanned=149

# found=2

# cleaned=2

# scan_time=1648

C:\Users\hmmm\Downloads\cnet_powertab_zip.exe        a variant of Win32/InstallCore.D application (cleaned by deleting - quarantined)        00000000000000000000000000000000        C

C:\Users\hmmm\Downloads\Setup74_FreeFlvConverter.exe        Win32/Toolbar.SearchSuite application (cleaned by deleting - quarantined)        00000000000000000000000000000000        C

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=193725aae21cdf45989578a008b7fd6f

# end=finished

# remove_checked=true

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2012-09-17 09:18:23

# local_time=2012-09-17 11:18:23 (+0100, Mitteleuropäische Sommerzeit)

# country="Austria"

# lang=1033

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode=512 16777215 100 0 0 0 0 0

# compatibility_mode=5893 16776574 100 94 29967358 99531124 0 0

# compatibility_mode=8192 67108863 100 0 530851 530851 0 0

# compatibility_mode=9217 16777214 75 4 189877 189877 0 0

# scanned=95443

# found=0

# cleaned=0

# scan_time=16770

# version=8

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6844

# api_version=3.0.2

# EOSSerial=193725aae21cdf45989578a008b7fd6f

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2012-12-17 11:22:27

# local_time=2012-12-17 12:22:27 (+0100, Mitteleuropäische Zeit)

# country="Austria"

# lang=1033

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode=5893 16776574 100 94 37810772 107374538 0 0

# compatibility_mode=9217 16777214 75 4 6972987 6972987 0 0

# scanned=86

# found=0

# cleaned=0

# scan_time=2

ESETSmartInstaller@High as downloader log:

all ok

# version=8

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6844

# api_version=3.0.2

# EOSSerial=193725aae21cdf45989578a008b7fd6f

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2012-12-19 11:05:05

# local_time=2012-12-20 12:05:05 (+0100, Mitteleuropäische Zeit)

# country="Austria"

# lang=1033

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode=5893 16776574 100 94 38025730 107589496 0 0

# compatibility_mode=9217 16777214 75 4 7187945 7187945 0 0

# scanned=112668

# found=3

# cleaned=0

# scan_time=18295

C:\Users\hmmm\AppData\Local\Temp\nsf4A6D.tmp\OCSetupHlp.dll        Win32/OpenCandy application (unable to clean)        9A80E0C2DDA638EBBF4A87D62A8A418C5786D27B        I

C:\Users\hmmm\AppData\Local\Temp\nswB8D8.tmp\OCSetupHlp.dll        Win32/OpenCandy application (unable to clean)        9A80E0C2DDA638EBBF4A87D62A8A418C5786D27B        I

C:\Users\hmmm\Downloads\winamp563_full_emusic-7plus_en-us.exe        Win32/OpenCandy application (unable to clean)        88B04B4C0855E13DADE7089E8B83CA7B0DD877EF        I

ESETSmartInstaller@High as downloader log:

all ok

# version=8

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6844

# api_version=3.0.2

# EOSSerial=193725aae21cdf45989578a008b7fd6f

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=false

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2013-01-12 05:09:43

# local_time=2013-01-12 06:09:43 (+0100, Mitteleuropäische Zeit)

# country="Austria"

# lang=1033

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode=5893 16776574 100 94 40078008 109641774 0 0

# compatibility_mode=9217 16777214 75 4 9240223 9240223 0 0

# scanned=8

# found=0

# cleaned=0

# scan_time=197

# version=8

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6889

# api_version=3.0.2

# EOSSerial=193725aae21cdf45989578a008b7fd6f

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=false

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2013-01-22 01:10:40

# local_time=2013-01-22 02:10:40 (+0100, Mitteleuropäische Zeit)

# country="Austria"

# lang=1033

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode=5893 16776574 100 94 40884465 110448231 0 0

# compatibility_mode=9217 16777214 75 4 636588 636588 0 0

# scanned=9

# found=0

# cleaned=0

# scan_time=0

# version=8

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6889

# api_version=3.0.2

# EOSSerial=193725aae21cdf45989578a008b7fd6f

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2013-01-23 04:35:30

# local_time=2013-01-23 05:35:30 (+0100, Mitteleuropäische Zeit)

# country="Austria"

# lang=1033

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode=5893 16776574 100 94 41026355 110590121 0 0

# compatibility_mode=9217 16777214 75 4 774878 774878 0 0

# scanned=1272

# found=0

# cleaned=0

# scan_time=168

# version=8

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6889

# api_version=3.0.2

# EOSSerial=193725aae21cdf45989578a008b7fd6f

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2013-01-23 06:55:24

# local_time=2013-01-23 07:55:24 (+0100, Mitteleuropäische Zeit)

# country="Austria"

# lang=1033

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode=5893 16776574 100 94 41034749 110598515 0 0

# compatibility_mode=9217 16777214 75 4 783272 783272 0 0

# scanned=1283

# found=0

# cleaned=0

# scan_time=114

ESETSmartInstaller@High as downloader log:

all ok

# version=8

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6889

# api_version=3.0.2

# EOSSerial=193725aae21cdf45989578a008b7fd6f

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2013-01-23 07:05:08

# local_time=2013-01-23 08:05:08 (+0100, Mitteleuropäische Zeit)

# country="Austria"

# lang=1033

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode=5893 16776574 100 94 41035333 110599099 0 0

# compatibility_mode=9217 16777214 75 4 783856 783856 0 0

# scanned=1234

# found=0

# cleaned=0

# scan_time=102

ESETSmartInstaller@High as downloader log:

all ok

ESETSmartInstaller@High as downloader log:

all ok

# version=8

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6889

# api_version=3.0.2

# EOSSerial=193725aae21cdf45989578a008b7fd6f

# end=stopped

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2013-02-01 01:08:38

# local_time=2013-02-01 02:08:38 (+0100, Mitteleuropäische Zeit)

# country="Austria"

# lang=1033

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode=5893 16776574 100 94 41748343 111312109 0 0

# compatibility_mode=9217 16777214 75 4 1496866 1496866 0 0

# scanned=57966

# found=5

# cleaned=0

# scan_time=13750

C:\ProgramData\Win7codecs\{8CC51024-90C9-43F8-A1AE-DB87858FD4D0}\Win7codecs.msi        a variant of Win32/Bundled.Toolbar.Ask application        0DAE6AC65D344DBEB5A8DFEFDD7760F855303054        I

C:\Users\All Users\Win7codecs\{8CC51024-90C9-43F8-A1AE-DB87858FD4D0}\Win7codecs.msi        a variant of Win32/Bundled.Toolbar.Ask application        0DAE6AC65D344DBEB5A8DFEFDD7760F855303054        I

C:\Users\hmmm\AppData\Local\Temp\nsf4A6D.tmp\OCSetupHlp.dll        Win32/OpenCandy application        9A80E0C2DDA638EBBF4A87D62A8A418C5786D27B        I

C:\Users\hmmm\AppData\Local\Temp\nswB8D8.tmp\OCSetupHlp.dll        Win32/OpenCandy application        9A80E0C2DDA638EBBF4A87D62A8A418C5786D27B        I

C:\Users\hmmm\Downloads\winamp563_full_emusic-7plus_en-us.exe        Win32/OpenCandy application        88B04B4C0855E13DADE7089E8B83CA7B0DD877EF        I

ESETSmartInstaller@High as downloader log:

all ok

# version=8

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6920

# api_version=3.0.2

# EOSSerial=193725aae21cdf45989578a008b7fd6f

# engine=13129

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2013-02-12 04:26:16

# local_time=2013-02-12 05:26:16 (+0100, Mitteleuropäische Zeit)

# country="Austria"

# lang=1033

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode=5893 16776574 100 94 42710601 112274367 0 0

# compatibility_mode=9217 16777214 75 4 2462724 2462724 0 0

# scanned=7

# found=0

# cleaned=0

# scan_time=134

ESETSmartInstaller@High as downloader log:

all ok

# version=8

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6920

# api_version=3.0.2

# EOSSerial=193725aae21cdf45989578a008b7fd6f

# engine=13203

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2013-02-21 08:06:14

# local_time=2013-02-21 09:06:14 (+0100, Mitteleuropäische Zeit)

# country="Austria"

# lang=1033

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode=5893 16776574 100 94 43501399 113065165 0 0

# compatibility_mode=9217 16777214 75 4 3253522 3253522 0 0

# scanned=1216

# found=0

# cleaned=0

# scan_time=205

ESETSmartInstaller@High as downloader log:

all ok

# version=8

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6920

# api_version=3.0.2

# EOSSerial=193725aae21cdf45989578a008b7fd6f

# engine=13303

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2013-03-05 06:57:57

# local_time=2013-03-05 07:57:57 (+0100, Mitteleuropäische Zeit)

# country="Austria"

# lang=1033

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode=5893 16776574 100 94 44577302 114141068 0 0

# compatibility_mode=9217 16777214 75 4 4329425 4329425 0 0

# scanned=53

# found=0

# cleaned=0

# scan_time=1

ESETSmartInstaller@High as downloader log:

all ok

# version=8

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6920

# api_version=3.0.2

# EOSSerial=193725aae21cdf45989578a008b7fd6f

# engine=13315

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2013-03-06 07:56:15

# local_time=2013-03-06 08:56:15 (+0100, Mitteleuropäische Zeit)

# country="Austria"

# lang=1033

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode=5893 16776574 100 94 44667200 114230966 0 0

# compatibility_mode=9217 16777214 75 4 4419323 4419323 0 0

# scanned=1

# found=0

# cleaned=0

# scan_time=169

ESETSmartInstaller@High as downloader log:

all ok

# version=8

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6920

# api_version=3.0.2

# EOSSerial=193725aae21cdf45989578a008b7fd6f

# engine=13317

# end=stopped

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2013-03-06 08:40:21

# local_time=2013-03-06 09:40:21 (+0100, Mitteleuropäische Zeit)

# country="Austria"

# lang=1033

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode=5893 16776574 100 94 44669846 114233612 0 0

# compatibility_mode=9217 16777214 75 4 4418369 4418369 0 0

# scanned=554

# found=1

# cleaned=1

# scan_time=1978

sh=88B04B4C0855E13DADE7089E8B83CA7B0DD877EF ft=1 fh=3a4873b03617e0f0 vn="Win32/OpenCandy application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\hmmm\Downloads\winamp563_full_emusic-7plus_en-us.exe"

# version=8

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6920

# api_version=3.0.2

# EOSSerial=193725aae21cdf45989578a008b7fd6f

# engine=13477

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2013-03-25 10:55:39

# local_time=2013-03-25 11:55:39 (+0100, Mitteleuropäische Zeit)

# country="Austria"

# lang=1033

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode=5893 16776574 100 94 46276364 115840130 0 0

# compatibility_mode=9217 16777214 75 4 6024887 6024887 0 0

# scanned=570

# found=0

# cleaned=0

# scan_time=2061

# version=8

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6920

# api_version=3.0.2

# EOSSerial=193725aae21cdf45989578a008b7fd6f

# engine=13537

# end=stopped

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2013-04-03 11:00:54

# local_time=2013-04-03 01:00:54 (+0100, Mitteleuropäische Sommerzeit)

# country="Austria"

# lang=1033

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode=5893 16776574 100 94 47054279 116618045 0 0

# compatibility_mode=9217 16777214 75 4 6806402 6806402 0 0

# scanned=32879

# found=0

# cleaned=0

# scan_time=4916

ESETSmartInstaller@High as downloader log:

all ok

# version=8

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6920

# api_version=3.0.2

# EOSSerial=193725aae21cdf45989578a008b7fd6f

# engine=13635

# end=stopped

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2013-04-17 09:36:06

# local_time=2013-04-17 11:36:06 (+0100, Mitteleuropäische Sommerzeit)

# country="Austria"

# lang=1033

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode=5893 16776574 100 94 48258792 117822558 0 0

# compatibility_mode=8217 16776701 100 100 1176871 116204317 0 0

# scanned=31608

# found=0

# cleaned=0

# scan_time=3713

# nod_component=V3 Build:0x30000000

# version=8

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6920

# api_version=3.0.2

# EOSSerial=193725aae21cdf45989578a008b7fd6f

# engine=13659

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2013-04-20 05:54:25

# local_time=2013-04-20 07:54:25 (+0100, Mitteleuropäische Sommerzeit)

# country="Austria"

# lang=1033

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode=5893 16776574 100 94 48547890 118111656 0 0

# compatibility_mode=8217 16776701 100 100 1465969 116493415 0 0

# scanned=128575

# found=5

# cleaned=0

# scan_time=16961

# nod_component=V3 Build:0x30000000

sh=0DAE6AC65D344DBEB5A8DFEFDD7760F855303054 ft=0 fh=0000000000000000 vn="a variant of Win32/Bundled.Toolbar.Ask application" ac=I fn="C:\ProgramData\Win7codecs\{8CC51024-90C9-43F8-A1AE-DB87858FD4D0}\Win7codecs.msi"

sh=0DAE6AC65D344DBEB5A8DFEFDD7760F855303054 ft=0 fh=0000000000000000 vn="a variant of Win32/Bundled.Toolbar.Ask application" ac=I fn="C:\Users\All Users\Win7codecs\{8CC51024-90C9-43F8-A1AE-DB87858FD4D0}\Win7codecs.msi"

sh=9A80E0C2DDA638EBBF4A87D62A8A418C5786D27B ft=1 fh=860943ecef569b88 vn="Win32/OpenCandy application" ac=I fn="C:\Users\hmmm\AppData\Local\Temp\nsf4A6D.tmp\OCSetupHlp.dll"

sh=9A80E0C2DDA638EBBF4A87D62A8A418C5786D27B ft=1 fh=860943ecef569b88 vn="Win32/OpenCandy application" ac=I fn="C:\Users\hmmm\AppData\Local\Temp\nswB8D8.tmp\OCSetupHlp.dll"

sh=0DAE6AC65D344DBEB5A8DFEFDD7760F855303054 ft=0 fh=0000000000000000 vn="a variant of Win32/Bundled.Toolbar.Ask application" ac=I fn="C:\Windows\Installer\1d604d.msi"