| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Trojaner TR.Weelsof.C/41 gefunden!Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
25.07.2012, 17:38
| #1 |
 |  Trojaner TR.Weelsof.C/41 gefunden! Liebe Helfer, auf dem Laptop meines Schwiegervaters hat sich gestern AVIRA Premium gemeldet, dass es einen Trojaner gefunden hat (er hat sich den Namen leider nicht aufgeschrieben, es war in etwa TR/WEELSOF.C.41). Außerdem kam einmal ein Bildschirm mit einer Aufforderung der "Bundespolizei", einen Voucher an einer Tankstelle zu kaufen (Mein Schwiegervater hat den Bildschirm nicht fotografiert oder abgeschrieben...). Jetzt hat er mir den Rechner geschickt. Ich habe einmal die Desinfec't aus der C't darüberlaufen lassen. Da hat Bitdefender einen "Generic Trojaner" gefunden und ClamAV wieder etwas anderes. Avira ist seitdem still, aber der Rechner steht permanent unter hoher Last. Malwarebytes hat in einem QuickSCan nichts gefunden. Ich denke, dass es das noch nicht war und bitte Euch um Hilfe. Ach ja: eine Sperrung oder Verschlüsselung der Daten kann ich im Moment nicht erkennen. Danke schonmal & beste Grüße Frank OTL liefert folgendes: OTL.Txt: Code:
ATTFilter OTL logfile created on: 25.07.2012 19:16:11 - Run 1 OTL by OldTimer - Version 3.2.54.1 Folder = C:\Users\Rolf\Desktop Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,96 Gb Total Physical Memory | 1,82 Gb Available Physical Memory | 61,57% Memory free 6,14 Gb Paging File | 4,87 Gb Available in Paging File | 79,37% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 133,94 Gb Total Space | 87,31 Gb Free Space | 65,19% Space Free | Partition Type: NTFS Drive D: | 15,00 Gb Total Space | 9,52 Gb Free Space | 63,44% Space Free | Partition Type: NTFS Drive E: | 1,62 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: ROLF-PC | User Name: Rolf | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.07.25 19:12:32 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Rolf\Desktop\OTL.exe PRC - [2012.06.27 09:25:04 | 000,681,056 | ---- | M] (Secunia) -- C:\Programme\Secunia\PSI\sua.exe PRC - [2012.05.15 17:44:10 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe PRC - [2012.05.15 17:44:10 | 000,375,760 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avmailc.exe PRC - [2012.05.15 17:44:10 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.05.15 17:44:10 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2012.05.15 17:44:10 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.15 17:44:10 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2012.03.19 13:38:47 | 002,666,880 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe PRC - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011.10.13 17:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft\BingBar\SeaPort.EXE PRC - [2009.06.29 13:44:38 | 000,458,844 | ---- | M] (IDT, Inc.) -- C:\Programme\IDT\WDM\sttray.exe PRC - [2009.06.29 13:44:38 | 000,221,266 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_559ad4ac\stacsv.exe PRC - [2009.06.19 15:57:40 | 000,249,856 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\DellTPad\Apoint.exe PRC - [2009.04.27 09:05:48 | 000,049,250 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\DellTPad\hidfind.exe PRC - [2009.04.27 09:05:30 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\DellTPad\ApntEx.exe PRC - [2009.04.27 09:05:28 | 000,054,568 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\DellTPad\ApMsgFwd.exe PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.04.11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe PRC - [2009.03.02 14:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_559ad4ac\AEstSrv.exe PRC - [2008.07.31 13:58:38 | 001,616,976 | ---- | M] (Dell Inc.) -- C:\Programme\Dell\QuickSet\quickset.exe PRC - [2008.01.21 04:35:20 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2008.01.21 04:35:20 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe PRC - [2008.01.21 04:33:00 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe ========== Modules (No Company Name) ========== MOD - [2012.07.01 09:56:10 | 011,820,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\508b444db523c5cf20ff12c7f440837b\System.Web.ni.dll MOD - [2012.05.14 10:01:04 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\846b9cf2756fdd15f704c9bab9c70b6f\System.Runtime.Remoting.ni.dll MOD - [2012.05.14 09:28:25 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll MOD - [2012.05.14 09:27:53 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll MOD - [2008.11.17 08:29:10 | 000,054,784 | ---- | M] () -- C:\Windows\System32\bcmwlrmt.dll ========== Win32 Services (SafeList) ========== SRV - [2012.07.25 11:09:12 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.07.18 18:44:37 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.06.27 09:25:06 | 001,326,176 | ---- | M] (Secunia) [Auto | Stopped] -- C:\Programme\Secunia\PSI\psia.exe -- (Secunia PSI Agent) SRV - [2012.06.27 09:25:04 | 000,681,056 | ---- | M] (Secunia) [Auto | Running] -- C:\Programme\Secunia\PSI\sua.exe -- (Secunia Update Agent) SRV - [2012.06.07 19:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.05.15 17:44:10 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService) SRV - [2012.05.15 17:44:10 | 000,375,760 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService) SRV - [2012.05.15 17:44:10 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.05.15 17:44:10 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.03.19 13:38:47 | 002,666,880 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7) SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.10.21 15:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Programme\Microsoft\BingBar\BBSvc.EXE -- (BBSvc) SRV - [2011.10.13 17:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate) SRV - [2009.06.29 13:44:38 | 000,221,266 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_559ad4ac\stacsv.exe -- (STacSV) SRV - [2009.03.02 14:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_559ad4ac\AEstSrv.exe -- (AESTFilters) SRV - [2008.01.21 04:35:20 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2008.01.21 04:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\DELLSU~1\HWDiag\bin\PCD5SRVC.pkms -- (PCD5SRVC{3F6A8B78-EC003E00-05040104}) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - [2012.05.15 17:44:10 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2012.05.15 17:44:10 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2011.12.16 16:19:54 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\psi_mf.sys -- (PSI) DRV - [2011.10.31 17:28:35 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2011.10.31 17:28:35 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.07.29 14:46:24 | 000,212,528 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService) DRV - [2009.06.29 13:44:38 | 000,408,576 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA) DRV - [2009.06.25 17:58:10 | 000,048,128 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk) DRV - [2009.06.25 17:25:58 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp) DRV - [2009.06.25 17:10:48 | 000,044,544 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk) DRV - [2009.06.07 01:36:40 | 000,273,448 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\k57nd60x.sys -- (k57nd60x) DRV - [2009.03.08 17:06:00 | 000,280,096 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OA001Vid.sys -- (OA001Vid) DRV - [2009.03.06 07:30:08 | 000,133,632 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OA001Ufd.sys -- (OA001Ufd) DRV - [2008.12.30 21:00:04 | 000,144,128 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CtClsFlt.sys -- (CtClsFlt) DRV - [2008.11.21 13:15:30 | 000,112,128 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) DRV - [2008.11.17 08:29:08 | 000,018,424 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm42rly.sys -- (BCM42RLY) DRV - [2008.08.25 12:35:24 | 000,054,784 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\itecir.sys -- (itecir) DRV - [2008.01.21 04:32:51 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) DRV - [2006.11.02 09:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USCON/8 IE - HKLM\..\SearchScopes,DefaultScope = {746099DE-2F19-4DF8-AF7D-D5FBFF203C3A} IE - HKLM\..\SearchScopes\{746099DE-2F19-4DF8-AF7D-D5FBFF203C3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&Form=DLCDF7&pc=MDDC&src={referrer:source?} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USCON/8 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/USCON/8 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\SearchScopes,DefaultScope = {746099DE-2F19-4DF8-AF7D-D5FBFF203C3A} IE - HKCU\..\SearchScopes\{746099DE-2F19-4DF8-AF7D-D5FBFF203C3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=DLCDF7&pc=MDDC&src=IE-SearchBox IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.7 FF - prefs.js..extensions.enabledItems: optimizegoogle@optimizegoogle.com:0.78.2 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.8.20100713041928 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.25 11:09:18 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.07.25 11:12:00 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.07.25 11:07:03 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.25 11:09:18 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.07.25 11:12:00 | 000,000,000 | ---D | M] [2010.10.10 10:57:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rolf\AppData\Roaming\mozilla\Extensions [2010.10.10 10:57:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rolf\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2012.07.25 18:12:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rolf\AppData\Roaming\mozilla\Firefox\Profiles\n48gf8sf.default\extensions [2010.04.28 18:25:49 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Rolf\AppData\Roaming\mozilla\Firefox\Profiles\n48gf8sf.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2012.07.25 11:12:02 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.07.25 11:12:03 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2011.11.12 19:17:52 | 000,236,088 | ---- | M] () (No name found) -- C:\USERS\ROLF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\N48GF8SF.DEFAULT\EXTENSIONS\OPTIMIZEGOOGLE@OPTIMIZEGOOGLE.COM.XPI [2012.07.25 11:09:17 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.05.17 09:29:01 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.05.17 09:29:01 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.05.17 09:29:01 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.05.17 09:29:01 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.05.17 09:29:01 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.05.17 09:29:01 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: hxxp://www.google.com CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: hxxp://www.google.com CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\20.0.1132.57\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\20.0.1132.57\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Windows Genuine Advantage (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll CHR - plugin: Java(TM) Platform SE 6 U33 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll CHR - plugin: Java Deployment Toolkit 6.0.330.3 (Enabled) = C:\Windows\system32\npdeployJava1.dll CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - Extension: YouTube = C:\Users\Rolf\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google-Suche = C:\Users\Rolf\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Google Mail = C:\Users\Rolf\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O4 - HKLM..\Run: [Apoint] C:\Programme\DellTPad\Apoint.exe (Alps Electric Co., Ltd.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd) O4 - HKLM..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter File not found O4 - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray.exe (IDT, Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [hqmpzsagdpkoazw] C:\ProgramData\hqmpzsag.exe File not found O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33) O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1707CD30-6F34-4A9B-97A8-F7B8B713605B}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AE9CEAA4-C8FE-4F14-A6D5-EC8B2DFAA4D2}: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.07.25 19:12:33 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Rolf\Desktop\OTL.exe [2012.07.25 18:14:38 | 000,000,000 | ---D | C] -- C:\Users\Rolf\AppData\Roaming\Malwarebytes [2012.07.25 18:14:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.07.25 18:14:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.07.25 18:14:23 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.07.25 18:14:23 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.07.25 18:12:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2012.07.25 18:12:49 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2012.07.25 18:12:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome [2012.07.25 18:11:12 | 000,000,000 | ---D | C] -- C:\Users\Rolf\AppData\Local\Google [2012.07.25 18:11:12 | 000,000,000 | ---D | C] -- C:\Program Files\Google [2012.07.20 10:13:52 | 000,000,000 | ---D | C] -- C:\ProgramData\cdgxhjikdodnhvv [2012.06.30 18:25:09 | 000,000,000 | ---D | C] -- C:\Users\Rolf\AppData\Local\Macromedia ========== Files - Modified Within 30 Days ========== [2012.07.25 19:18:49 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.07.25 19:18:49 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.07.25 19:13:04 | 000,294,216 | ---- | M] () -- C:\Users\Rolf\Desktop\gmer.zip [2012.07.25 19:12:32 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Rolf\Desktop\OTL.exe [2012.07.25 19:12:11 | 000,050,477 | ---- | M] () -- C:\Users\Rolf\Desktop\Defogger.exe [2012.07.25 19:11:58 | 000,000,000 | ---- | M] () -- C:\Users\Rolf\defogger_reenable [2012.07.25 18:44:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.07.25 18:34:01 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.07.25 18:34:00 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.07.25 18:14:24 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.07.25 18:12:53 | 000,000,806 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.07.25 18:12:47 | 000,001,973 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2012.07.25 18:01:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.07.25 18:01:31 | 3180,220,416 | -HS- | M] () -- C:\hiberfil.sys [2012.07.25 11:07:22 | 000,000,901 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2012.07.20 10:13:54 | 000,000,051 | ---- | M] () -- C:\ProgramData\fvcoaogpvbiocwd [2012.07.13 15:19:51 | 000,336,648 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.07.03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.07.01 09:55:51 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.07.01 09:55:51 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.07.01 09:55:51 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.07.01 09:55:51 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat ========== Files Created - No Company Name ========== [2012.07.25 19:13:07 | 000,294,216 | ---- | C] () -- C:\Users\Rolf\Desktop\gmer.zip [2012.07.25 19:12:25 | 000,050,477 | ---- | C] () -- C:\Users\Rolf\Desktop\Defogger.exe [2012.07.25 19:11:58 | 000,000,000 | ---- | C] () -- C:\Users\Rolf\defogger_reenable [2012.07.25 18:14:24 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.07.25 18:12:53 | 000,000,806 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.07.25 18:12:47 | 000,001,973 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2012.07.25 18:11:24 | 000,001,094 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.07.25 18:11:23 | 000,001,090 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.07.25 11:07:22 | 000,000,901 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2012.07.25 11:07:22 | 000,000,864 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk [2012.07.20 10:13:49 | 000,000,051 | ---- | C] () -- C:\ProgramData\fvcoaogpvbiocwd [2012.03.22 19:05:02 | 000,149,423 | ---- | C] () -- C:\Users\Rolf\2012_03rechnung_4755604649.pdf [2012.03.06 18:43:56 | 000,049,333 | ---- | C] () -- C:\Users\Rolf\2.pdf [2012.03.06 18:43:56 | 000,024,257 | ---- | C] () -- C:\Users\Rolf\2a.pdf [2012.03.06 18:43:55 | 000,028,969 | ---- | C] () -- C:\Users\Rolf\1a .pdf [2012.03.06 18:43:54 | 000,029,941 | ---- | C] () -- C:\Users\Rolf\1.pdf [2012.03.06 18:43:53 | 000,060,891 | ---- | C] () -- C:\Users\Rolf\00 Lehrküche Vorlage Danke.pdf [2012.03.06 18:43:53 | 000,030,115 | ---- | C] () -- C:\Users\Rolf\0 Kochshow.pdf [2012.03.06 18:43:51 | 000,728,064 | ---- | C] () -- C:\Users\Rolf\Neuzeit.pps [2012.03.06 18:43:50 | 001,110,485 | ---- | C] () -- C:\Users\Rolf\M Gesund bleiben.pdf [2012.03.06 18:43:49 | 001,610,240 | ---- | C] () -- C:\Users\Rolf\Gottes Apotheke.pps [2012.03.06 18:43:47 | 000,173,025 | ---- | C] () -- C:\Users\Rolf\8 Vanillekipferl aus Dinkel.pdf [2012.03.06 18:43:45 | 000,043,551 | ---- | C] () -- C:\Users\Rolf\6a.pdf [2012.03.06 18:43:45 | 000,038,758 | ---- | C] () -- C:\Users\Rolf\6.pdf [2012.03.06 18:43:44 | 000,024,133 | ---- | C] () -- C:\Users\Rolf\5a.pdf [2012.03.06 18:43:42 | 000,039,055 | ---- | C] () -- C:\Users\Rolf\5.pdf [2012.03.06 18:43:41 | 000,037,460 | ---- | C] () -- C:\Users\Rolf\4a .pdf [2012.03.06 18:43:40 | 000,024,130 | ---- | C] () -- C:\Users\Rolf\4 .pdf [2012.03.06 18:43:39 | 000,046,550 | ---- | C] () -- C:\Users\Rolf\3a.pdf [2012.03.06 18:43:39 | 000,029,271 | ---- | C] () -- C:\Users\Rolf\3.pdf [2011.02.11 19:40:40 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll [2010.12.28 19:57:43 | 000,006,656 | ---- | C] () -- C:\Windows\System32\bcmwlrc.dll [2010.12.28 19:57:40 | 000,054,784 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll [2010.12.28 19:57:37 | 000,026,112 | ---- | C] () -- C:\Windows\System32\WLTRYSVC.EXE [2010.07.28 21:01:14 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin [2010.07.28 21:01:12 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin [2010.07.28 21:01:10 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin [2010.07.28 20:18:42 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config [2009.07.14 16:42:06 | 000,008,704 | ---- | C] () -- C:\Users\Rolf\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.07.10 17:20:08 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2009.07.08 20:28:30 | 000,000,171 | ---- | C] () -- C:\Users\Rolf\AppData\Local\RAExpertHistory.xml [2009.07.08 20:28:21 | 000,000,171 | ---- | C] () -- C:\Users\Rolf\AppData\Local\rahistory.xml ========== LOP Check ========== [2012.04.07 20:50:17 | 000,000,000 | ---D | M] -- C:\Users\Rolf\AppData\Roaming\LibreOffice [2009.11.03 13:06:34 | 000,000,000 | ---D | M] -- C:\Users\Rolf\AppData\Roaming\OpenOffice.org [2010.10.10 10:57:39 | 000,000,000 | ---D | M] -- C:\Users\Rolf\AppData\Roaming\Thunderbird [2012.07.23 19:11:06 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 25.07.2012 19:16:12 - Run 1
OTL by OldTimer - Version 3.2.54.1 Folder = C:\Users\Rolf\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,96 Gb Total Physical Memory | 1,82 Gb Available Physical Memory | 61,57% Memory free
6,14 Gb Paging File | 4,87 Gb Available in Paging File | 79,37% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 133,94 Gb Total Space | 87,31 Gb Free Space | 65,19% Space Free | Partition Type: NTFS
Drive D: | 15,00 Gb Total Space | 9,52 Gb Free Space | 63,44% Space Free | Partition Type: NTFS
Drive E: | 1,62 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
Computer Name: ROLF-PC | User Name: Rolf | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-960939398-794792229-4207893192-1000]
"EnableNotificationsRef" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{056105DB-7FDF-4E0D-94E1-3FAF7805DA28}" = lport=139 | protocol=6 | dir=in | app=system |
"{3CF03B63-FEC9-4EC4-ADEC-1F035A938360}" = rport=138 | protocol=17 | dir=out | app=system |
"{45AA1355-F309-42BA-99E8-40625B249C61}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{52C43C50-D332-4F93-9457-310A8BC2A196}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{6563947C-E081-4D84-8493-6513118692D6}" = rport=139 | protocol=6 | dir=out | app=system |
"{704E3F50-6FF1-463B-AA0B-2C6576427547}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{7FE55A98-70AC-4F19-B960-6C1C0477157B}" = rport=137 | protocol=17 | dir=out | app=system |
"{B2AE5C31-87B2-4973-A122-CAEEFB8D1D02}" = lport=445 | protocol=6 | dir=in | app=system |
"{D513E4C1-E850-4142-A6FB-9212C8019DC8}" = lport=2869 | protocol=6 | dir=in | app=system |
"{D9675892-CD29-44A9-A4AA-7CE38B40EA14}" = rport=445 | protocol=6 | dir=out | app=system |
"{D97C594D-BE57-4821-B7BD-EDECC080821B}" = lport=138 | protocol=17 | dir=in | app=system |
"{EFA91C57-1CDB-43D5-A5EF-01E545866A4F}" = lport=137 | protocol=17 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{3E76C506-A7D0-4882-BF92-DBC5470CB64F}" = protocol=6 | dir=in | app=c:\program files\dell video chat\dellvideochat.exe |
"{3FFB8B87-194B-4F9A-AB55-78214296F933}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{55CC4AE0-AD18-4CD3-A9F2-E3F9BC05C961}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{5BCE642C-4665-430B-A3E4-521FF0F742AA}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe |
"{816F140F-91D4-4976-906A-1E1902655F7C}" = protocol=17 | dir=in | app=c:\program files\dell video chat\dellvideochat.exe |
"{886CA06A-BA66-4924-9C24-C3A6DCCBA9F0}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{915729CB-D91F-4969-AF9B-725F39F5D251}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{99939FAC-FDE4-4CC5-ADAD-CA86803F1FA0}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{AF6B338A-4665-42C1-A596-58FEEEC2E8CF}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe |
"{C07A626A-00E1-4562-AA09-78688E8ADACC}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{C462505F-307F-492D-A9D8-CA3D404C08A5}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{C9CB9D5F-A5CE-4D76-A12E-69E5753C920B}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe |
"{E5A2EF25-DB5B-4C77-ADAF-928EDBF51BF0}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe |
"{FF2E881A-B499-43C7-A0DF-85FCCF99AEEE}" = dir=in | app=c:\program files\skype\phone\skype.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{09D72100-CAC9-42BF-AD52-47F784C92DB6}" = LibreOffice 3.5
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 33
"{2B818257-E6C7-4841-8C29-C5C9A982BCE5}" = RICOH Media Driver ver.2.07.01.00
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3138EAD3-700B-4A10-B617-B3F8096EE30D}" = Dell Edoc Viewer
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{5A166C0B-9557-4364-A057-F946D674E6AC}" = Windows Live Mail
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{6B96DADA-1A27-4A04-8CB2-CC45168D05FA}" = Windows Live Fotogalerie
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer
"{835686C5-8650-49EB-8CA0-4528B4035495}" = Windows Live Call
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}" = Windows Live Messenger
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96F70DF8-160F-4F9C-9B9E-2A9B439B4EB9}" = Broadcom Gigabit NetLink Controller
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{B4089055-D468-45A4-A6BA-5A138DD715FC}" = Bing Bar
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C4972073-2BFE-475D-8441-564EA97DA161}" = QuickSet
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DF5F687F-8018-4542-9F98-7084E9022917}" = Windows Live Essentials
"{E3723A04-A894-4036-A78E-282E18F43C0A}_is1" = Tinypic 3.17b
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{F6BB6248-C507-46FE-8A35-1B16F35E0441}" = ITECIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Avira AntiVir Desktop" = Avira Antivirus Premium 2012
"Broadcom 802.11 Application" = Dell Wireless WLAN Card Utility
"CCleaner" = CCleaner
"Creative OA001" = Integrated Webcam Driver (1.06.03.0309)
"Dell Webcam Central" = Dell Webcam Central
"Google Chrome" = Google Chrome
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"Mozilla Thunderbird 13.0.1 (x86 de)" = Mozilla Thunderbird 13.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Secunia PSI" = Secunia PSI (3.0.0.2004)
"TeamViewer 7" = TeamViewer 7
"VLC media player" = VLC media player 2.0.1
"WinLiveSuite_Wave3" = Windows Live Essentials
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"f031ef6ac137efc5" = Dell Driver Download Manager
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 09.07.2012 04:55:31 | Computer Name = Rolf-PC | Source = WinMgmt | ID = 10
Description =
Error - 09.07.2012 05:05:15 | Computer Name = Rolf-PC | Source = EventSystem | ID = 4621
Description =
Error - 09.07.2012 09:13:55 | Computer Name = Rolf-PC | Source = WinMgmt | ID = 10
Description =
Error - 09.07.2012 10:20:17 | Computer Name = Rolf-PC | Source = WinMgmt | ID = 10
Description =
Error - 10.07.2012 03:13:10 | Computer Name = Rolf-PC | Source = WinMgmt | ID = 10
Description =
Error - 10.07.2012 03:39:36 | Computer Name = Rolf-PC | Source = EventSystem | ID = 4621
Description =
Error - 10.07.2012 11:52:33 | Computer Name = Rolf-PC | Source = WinMgmt | ID = 10
Description =
Error - 10.07.2012 12:54:19 | Computer Name = Rolf-PC | Source = EventSystem | ID = 4622
Description =
Error - 11.07.2012 09:43:31 | Computer Name = Rolf-PC | Source = WinMgmt | ID = 10
Description =
Error - 13.07.2012 09:00:35 | Computer Name = Rolf-PC | Source = WinMgmt | ID = 10
Description =
[ Broadcom Wireless LAN Events ]
Error - 21.07.2012 03:07:56 | Computer Name = Rolf-PC | Source = WLAN-Tray | ID = 0
Description = 09:07:56, Sat, Jul 21, 12 Error - Unable to get current user admin
status
Error - 21.07.2012 03:11:15 | Computer Name = Rolf-PC | Source = WLAN-Tray | ID = 0
Description = 09:11:15, Sat, Jul 21, 12 Error - Unable to get current user admin
status
Error - 21.07.2012 03:13:03 | Computer Name = Rolf-PC | Source = WLAN-Tray | ID = 0
Description = 09:13:03, Sat, Jul 21, 12 Error - Unable to get current user admin
status
[ System Events ]
Error - 25.07.2012 12:56:19 | Computer Name = Rolf-PC | Source = ACPI | ID = 327693
Description = : Der eingebettete Controller (EC) hat nicht innerhalb des angegebenen
Zeitlimits reagiert. Dies deutet auf einen Fehler in der EC-Hardware oder -Firmware
hin bzw. darauf, dass das BIOS auf falsche Art auf den EC zugreift. Fragen Sie
den Computerhersteller nach einem aktualisierten BIOS. Dieser Fehler kann in einigen
Situationen zur Folge haben, dass der Computer fehlerhaft läuft.
Error - 25.07.2012 12:58:35 | Computer Name = Rolf-PC | Source = ACPI | ID = 327693
Description = : Der eingebettete Controller (EC) hat nicht innerhalb des angegebenen
Zeitlimits reagiert. Dies deutet auf einen Fehler in der EC-Hardware oder -Firmware
hin bzw. darauf, dass das BIOS auf falsche Art auf den EC zugreift. Fragen Sie
den Computerhersteller nach einem aktualisierten BIOS. Dieser Fehler kann in einigen
Situationen zur Folge haben, dass der Computer fehlerhaft läuft.
Error - 25.07.2012 12:59:33 | Computer Name = Rolf-PC | Source = ACPI | ID = 327693
Description = : Der eingebettete Controller (EC) hat nicht innerhalb des angegebenen
Zeitlimits reagiert. Dies deutet auf einen Fehler in der EC-Hardware oder -Firmware
hin bzw. darauf, dass das BIOS auf falsche Art auf den EC zugreift. Fragen Sie
den Computerhersteller nach einem aktualisierten BIOS. Dieser Fehler kann in einigen
Situationen zur Folge haben, dass der Computer fehlerhaft läuft.
Error - 25.07.2012 13:01:25 | Computer Name = Rolf-PC | Source = ACPI | ID = 327693
Description = : Der eingebettete Controller (EC) hat nicht innerhalb des angegebenen
Zeitlimits reagiert. Dies deutet auf einen Fehler in der EC-Hardware oder -Firmware
hin bzw. darauf, dass das BIOS auf falsche Art auf den EC zugreift. Fragen Sie
den Computerhersteller nach einem aktualisierten BIOS. Dieser Fehler kann in einigen
Situationen zur Folge haben, dass der Computer fehlerhaft läuft.
Error - 25.07.2012 13:03:22 | Computer Name = Rolf-PC | Source = ACPI | ID = 327693
Description = : Der eingebettete Controller (EC) hat nicht innerhalb des angegebenen
Zeitlimits reagiert. Dies deutet auf einen Fehler in der EC-Hardware oder -Firmware
hin bzw. darauf, dass das BIOS auf falsche Art auf den EC zugreift. Fragen Sie
den Computerhersteller nach einem aktualisierten BIOS. Dieser Fehler kann in einigen
Situationen zur Folge haben, dass der Computer fehlerhaft läuft.
Error - 25.07.2012 13:04:35 | Computer Name = Rolf-PC | Source = ACPI | ID = 327693
Description = : Der eingebettete Controller (EC) hat nicht innerhalb des angegebenen
Zeitlimits reagiert. Dies deutet auf einen Fehler in der EC-Hardware oder -Firmware
hin bzw. darauf, dass das BIOS auf falsche Art auf den EC zugreift. Fragen Sie
den Computerhersteller nach einem aktualisierten BIOS. Dieser Fehler kann in einigen
Situationen zur Folge haben, dass der Computer fehlerhaft läuft.
Error - 25.07.2012 13:08:04 | Computer Name = Rolf-PC | Source = ACPI | ID = 327693
Description = : Der eingebettete Controller (EC) hat nicht innerhalb des angegebenen
Zeitlimits reagiert. Dies deutet auf einen Fehler in der EC-Hardware oder -Firmware
hin bzw. darauf, dass das BIOS auf falsche Art auf den EC zugreift. Fragen Sie
den Computerhersteller nach einem aktualisierten BIOS. Dieser Fehler kann in einigen
Situationen zur Folge haben, dass der Computer fehlerhaft läuft.
Error - 25.07.2012 13:10:06 | Computer Name = Rolf-PC | Source = ACPI | ID = 327693
Description = : Der eingebettete Controller (EC) hat nicht innerhalb des angegebenen
Zeitlimits reagiert. Dies deutet auf einen Fehler in der EC-Hardware oder -Firmware
hin bzw. darauf, dass das BIOS auf falsche Art auf den EC zugreift. Fragen Sie
den Computerhersteller nach einem aktualisierten BIOS. Dieser Fehler kann in einigen
Situationen zur Folge haben, dass der Computer fehlerhaft läuft.
Error - 25.07.2012 13:12:52 | Computer Name = Rolf-PC | Source = ACPI | ID = 327693
Description = : Der eingebettete Controller (EC) hat nicht innerhalb des angegebenen
Zeitlimits reagiert. Dies deutet auf einen Fehler in der EC-Hardware oder -Firmware
hin bzw. darauf, dass das BIOS auf falsche Art auf den EC zugreift. Fragen Sie
den Computerhersteller nach einem aktualisierten BIOS. Dieser Fehler kann in einigen
Situationen zur Folge haben, dass der Computer fehlerhaft läuft.
Error - 25.07.2012 13:21:08 | Computer Name = Rolf-PC | Source = ACPI | ID = 327693
Description = : Der eingebettete Controller (EC) hat nicht innerhalb des angegebenen
Zeitlimits reagiert. Dies deutet auf einen Fehler in der EC-Hardware oder -Firmware
hin bzw. darauf, dass das BIOS auf falsche Art auf den EC zugreift. Fragen Sie
den Computerhersteller nach einem aktualisierten BIOS. Dieser Fehler kann in einigen
Situationen zur Folge haben, dass der Computer fehlerhaft läuft.
< End of report >
 ...aber nach dem x-ten Mal hat es dann doch geklappt. Hier die Gmer-log: Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-07-25 20:31:58
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST9160827AS rev.3.ADB
Running: gmer.exe; Driver: C:\Users\Rolf\AppData\Local\Temp\pxldrpob.sys
---- Files - GMER 1.0.15 ----
File C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\RACF27A.tmp 0 bytes
---- EOF - GMER 1.0.15 ----
|
| Themen zu Trojaner TR.Weelsof.C/41 gefunden! |
| aufforderung, avira, beste, bildschirm, bingbar, bitdefender, clamav, defender, gefunde, gemeldet, generic, gestern, helfer, hoher, install.exe, kaufen, laptop, liebe, malwarebytes, namen, nichts, permanent, plug-in, rechner, rojaner gefunden, schonmal, searchscopes, secunia psi, seitdem, troja, trojaner |
Baum-Darstellung