| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: System Repair auf Vista erfolgreich eliminieren - brauche Hilfe, bitte!Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
13.02.2013, 12:26
| #1 |
 |  System Repair auf Vista erfolgreich eliminieren - brauche Hilfe, bitte! Hallo zusammen, gestern abend hat mich System Repair erwischt. Relativ schnell bin ich auf dieses Forum gestoßen und habe die ersten Schritte der Anleitungen befolgt. Ich habe: rKill runtergeladen, ausgeführt -> Malwarebytes Anti-Malware losgelassen - 6 Dateien gefunden und eliminiert -> TDSSKiller laufen lassen nach Anleitung hier im Forum - 1 Fund - gelöscht -> zwischendurch nach allem, was ich gemacht habe, neu gestarte und zum Schluss Unhide.exe laufen lassen - und alle Dateien wieder sichtbar gemacht. Nun könnte man meinen es gäbe kein Problem mehr. Ich bekomme keine Fehlermeldungen mehr und mein System rennt stabil. Dennoch habe ich auf dem Desktop eine System-Repair Verknüpfung die sich nicht löschen lässt, mein Firefox bleibt verschwunden und sicher, das nun alles weg ist, bin ich auch nicht. Deshalb habe ich mir OTH runtergeladen. Gehe ich hier nach Anweisung vor, habe ich bei dem Punkt "Kill all processes" einen Bluescreen, der Rechner startet neu. Irgendwann hab ich dann beschlossen Eure Schritte mal durchzugehen, habe mir also defogger, OTL und GMER runtergeladen, laufen lassen - und habe hier die Logfiles. Ich bin etwas überfragt. Normalerweise wäre ich beruhigt, weil es funktioniert ja alles wieder, aber dieses blöde Ding auf´m Desktop macht mich nervös. Vielen Dank schonmal für Eure Hilfe! Sarah Code:
ATTFilter OTL logfile created on: 13.02.2013 10:06:04 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Sarah\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19393) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,09 Gb Available Physical Memory | 54,39% Memory free 4,23 Gb Paging File | 3,11 Gb Available in Paging File | 73,40% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 97,66 Gb Total Space | 25,99 Gb Free Space | 26,62% Space Free | Partition Type: NTFS Drive D: | 97,66 Gb Total Space | 97,45 Gb Free Space | 99,78% Space Free | Partition Type: NTFS Drive E: | 102,72 Gb Total Space | 69,41 Gb Free Space | 67,57% Space Free | Partition Type: NTFS Drive K: | 998,09 Mb Total Space | 618,06 Mb Free Space | 61,92% Space Free | Partition Type: FAT Computer Name: ZICKCHEN | User Name: Sarah | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Sarah\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Google\Update\1.3.21.135\GoogleCrashHandler.exe (Google Inc.) PRC - C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung) PRC - C:\Programme\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) PRC - C:\Programme\Samsung\Kies\Kies.exe (Samsung) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation) PRC - C:\Windows\System32\Macromed\Flash\FlashUtil32_11_4_402_287_ActiveX.exe (Adobe Systems Incorporated) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft Limited) PRC - C:\Programme\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited) PRC - C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation) PRC - c:\Programme\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.) PRC - C:\Programme\CDBurnerXP\NMSAccessU.exe () PRC - \\?\C:\Windows\System32\wbem\WMIADAP.EXE () PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) ========== Modules (No Company Name) ========== MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Theme\8db51a0e07118635fb71b05f21937db8\Kies.Theme.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\DummyStorePlugin\54c3c22053264729fde00785baf21eb9\DummyStorePlugin.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\DevicePodcast\b07ff83c3ce2fd8d3a938889f020552d\DevicePodcast.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\DevicePhoto\e5334ab5e29c40a7af6223175123263b\DevicePhoto.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\DeviceVideo\aaa553d73526328d450a142814849e40\DeviceVideo.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\DeviceMusic\233972a5ba7f8718ba70734134186b1a\DeviceMusic.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\VideoManager\e2689f807ac87966b7e78f74ab677453\VideoManager.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PhotoManager\c8a238c49512fddf15119a48f1c8e520\PhotoManager.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Podcaster\fb3e807ec2b98abd1a057ef3694499eb\Podcaster.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\ff3157a926a4c62bd7c4fc462b44d4ae\Kies.Common.DeviceServiceLib.FirmwareUpdate.FirmwareUpdateAgentHelper.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\DeviceHost\cdf08673f862b7fd1177df48dfa0bd75\DeviceHost.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Phonebook\521e8f5d3e1452cabfea9ea69659c679\Phonebook.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Plugin.Content#\7b10f766948b52ef6d261b1a1aa8ee0a\Kies.Plugin.ContentsManagerLib.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\MusicManager\65f0d5e5052a4a71f5a72d778fa2cbb6\MusicManager.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\BATPlugin\8bf212e316537432a2356c88f3bb6f4d\BATPlugin.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.StoreMa#\017429623044d5a3e9aa2aeef7d00017\Kies.Common.StoreManager.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.MediaDB\8bb1cf762dcfd25fa6fec281620a67e3\Kies.Common.MediaDB.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\ASF_cSharpAPI\52207264bac5068c2de665b3f41e8964\ASF_cSharpAPI.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\ca0b9f739dc8a16a0b45b07b6f1deae0\Kies.Common.DeviceServiceLib.FirmwareUpdate.Common.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.AllShare\3b13bd2ffd57d5a08bfb85636513922d\Kies.Common.AllShare.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\68bf9214584209eb5ebf209d1b95ac1e\Kies.Common.DeviceServiceLib.FirmwareUpdate.Downloader.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.DevFileServ#\d1baf93e68f207b043f0861c5ee2d7ea\Interop.DevFileServiceLib.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\5ff671ad98a74cfc1dee4a439fb8728e\Kies.Common.DeviceServiceLib.FileService.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\57a3553bbf6667ae14d38bdb66f605a2\Kies.Common.DeviceServiceLib.DeviceDataService.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\2c72efd53cc6951822e9782f762e0950\Kies.Common.DeviceServiceLib.Interface.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\6e4f1bc2e9b41f984d67aa1cd7f65c3d\Kies.Common.DeviceServiceLib.DeviceManagement.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\016586bd2a1964a0a519cbc522d2906d\Kies.Common.DeviceService.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.P3MPINTERFA#\111be4cc197cabb6340170eeb54ae535\Interop.P3MPINTERFACECTRLLib.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.MP3FileInfo#\5f0b67eb5313c092d5b8b56426dd30e2\Interop.MP3FileInfoCOMLib.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.OGGFileInfo#\b2c7788a3e89dfe8758d6184bac1b663\Interop.OGGFileInfoCOMLib.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.PRPLAYERCOR#\7316848f01ce1da27fc2d701f32cae0d\Interop.PRPLAYERCORELib.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.Multime#\eef62cf0c04e638b3395fda4d258c81c\Kies.Common.Multimedia.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.MainUI\89a65c0b3dd11b28cee0f0af1185b12d\Kies.Common.MainUI.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DBManag#\2a6cd90bb628de35d70c9dba6897d013\Kies.Common.DBManager.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\ICSharpCode.SharpZi#\0969ff5a4924da7d8c6ebd3fca8f154b\ICSharpCode.SharpZipLib.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\CabLib\af22e5bb6307e2882abe5fbdb3c00c8e\CabLib.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.Util\7134f52b3f25107e9868d664eed50a2f\Kies.Common.Util.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.CRMMana#\c7db33ddaee23e7ec8a3458fde5b50eb\Kies.Common.CRMManager.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Locale\83ea8d246c90eeee2b100f01994eef5b\Kies.Locale.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.DeviceSearc#\4f4243b3bc2e4cdf0ec6e7ad5559aa20\Interop.DeviceSearchLib.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.UI\8e2b0a9c69e1065931751dcb16bd5fac\Kies.UI.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.MVVM\0bbdc52b6dd44363e4a194ee8bd8a460\Kies.MVVM.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\GongSolutions.Wpf.D#\7c3107cb236a66aa4602f12d23611c55\GongSolutions.Wpf.DragDrop.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Interface\7ed89054a3bdd9dbbf1cce0e0b592d78\Kies.Interface.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\7f6c86879d27a285cc97c12d59424dd0\System.ServiceProcess.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\07753c0a8ed7f9bc61b0ee718f3c779d\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\40c7a89fe2cbf3c12a2c39e034da54cf\System.Xaml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies\f619ad24547bdefcd7ae3b6afdf99a67\Kies.ni.exe () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\b8e60f81fd56934c9f9da7b15bee3376\PresentationFramework.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\7cd4aa51f6e6b9330b8f50bba8bb62c6\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\b519f42484e1d488662a9a8a87cb8849\System.Core.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\932901ff0ad5e365ffbe705d7459a37e\PresentationCore.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\fc476bbac36944e352c2f547352ffa64\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\8abaedf6aecb073b22f8801aa0b8babf\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\f93dca0e4baa1dcb37cf75392b7c89da\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\6a1ccc1e1a79ce267d3d1808af382cd6\mscorlib.ni.dll () MOD - C:\Programme\Adobe\Reader 9.0\Reader\AdobeXMP.dll () MOD - C:\Programme\Adobe\Reader 9.0\Reader\ccme_base.dll () MOD - C:\Programme\Adobe\Reader 9.0\Reader\cryptocme2.dll () ========== Services (SafeList) ========== SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (Lavasoft Ad-Aware Service) -- C:\Programme\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited) SRV - (SQLWriter) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation) SRV - (MSSQL$JTLWAWI) -- C:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation) SRV - (SQLBrowser) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation) SRV - (MSSQLServerADHelper) -- C:\Programme\Microsoft SQL Server\90\Shared\sqladhlp90.exe (Microsoft Corporation) SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (PSI_SVC_2) -- c:\Programme\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.) SRV - (NMSAccess) -- C:\Programme\CDBurnerXP\NMSAccessU.exe () SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (pccsmcfd) -- system32\DRIVERS\pccsmcfd.sys File not found DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found DRV - (hwdatacard) -- system32\DRIVERS\ewusbmdm.sys File not found DRV - (DgiVecp) -- C:\Windows\system32\Drivers\DgiVecp.sys File not found DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (ssudmdm) -- C:\Windows\System32\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr)) DRV - (dg_ssudbus) -- C:\Windows\System32\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr)) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH) DRV - (Lbd) -- C:\Windows\System32\drivers\Lbd.sys (Lavasoft AB) DRV - (Lavasoft Kernexplorer) -- C:\Programme\Lavasoft\Ad-Aware\kernexplorer.sys () DRV - (sscemdm) -- C:\Windows\System32\drivers\sscemdm.sys (MCCI Corporation) DRV - (sscebus) -- C:\Windows\System32\drivers\sscebus.sys (MCCI Corporation) DRV - (sscemdfl) -- C:\Windows\System32\drivers\sscemdfl.sys (MCCI Corporation) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (USBCCID) -- C:\Windows\System32\drivers\usbccid.sys (Microsoft Corporation) DRV - (nvstor32) -- C:\Windows\System32\drivers\nvstor32.sys (NVIDIA Corporation) DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (bcm4sbxp) -- C:\Windows\System32\drivers\bcm4sbxp.sys (Broadcom Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1348431092-3509530480-2247138941-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = IE - HKU\S-1-5-21-1348431092-3509530480-2247138941-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = IE - HKU\S-1-5-21-1348431092-3509530480-2247138941-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ebay.de/ IE - HKU\S-1-5-21-1348431092-3509530480-2247138941-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-1348431092-3509530480-2247138941-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-1348431092-3509530480-2247138941-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D3 F0 30 61 E0 C1 CA 01 [binary data] IE - HKU\S-1-5-21-1348431092-3509530480-2247138941-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-1348431092-3509530480-2247138941-1000\..\URLSearchHook: - No CLSID value found IE - HKU\S-1-5-21-1348431092-3509530480-2247138941-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-1348431092-3509530480-2247138941-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC IE - HKU\S-1-5-21-1348431092-3509530480-2247138941-1000\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd IE - HKU\S-1-5-21-1348431092-3509530480-2247138941-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.update: false FF - prefs.js..browser.startup.homepage: "Bild.de" FF - prefs.js..extensions.enabledAddons: 2020Player_IKEA%402020Technologies.com:5.0.7.0 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.2 FF - prefs.js..extensions.enabledItems: testpilot@labs.mozilla.com:1.0.3 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6 FF - prefs.js..extensions.enabledItems: {EEE6C361-6118-11DC-9C72-001320C79847}:1.2.0.2 FF - prefs.js..keyword.URL: "hxxp://search.sweetim.com/search.asp?src=2&q=" FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "chrome://browser-region/locale/region.properties" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.688: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.688: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.688: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Sarah\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox 4.0 Beta 7\components [2013.02.06 10:00:50 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox 4.0 Beta 7\plugins [2013.02.06 10:00:45 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox 4.0 Beta 7\components [2013.02.06 10:00:50 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox 4.0 Beta 7\plugins [2013.02.06 10:00:45 | 000,000,000 | ---D | M] [2010.08.30 18:47:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sarah\AppData\Roaming\mozilla\Extensions [2010.01.24 19:48:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sarah\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2013.01.31 22:34:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sarah\AppData\Roaming\mozilla\Firefox\Profiles\mwerl0sq.default\extensions [2010.12.21 17:06:20 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Sarah\AppData\Roaming\mozilla\Firefox\Profiles\mwerl0sq.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011.07.03 14:35:28 | 000,000,000 | ---D | M] (20-20 3D Viewer - IKEA) -- C:\Users\Sarah\AppData\Roaming\mozilla\Firefox\Profiles\mwerl0sq.default\extensions\2020Player_IKEA@2020Technologies.com [2013.01.31 22:34:26 | 000,817,973 | ---- | M] () (No name found) -- C:\Users\Sarah\AppData\Roaming\mozilla\firefox\profiles\mwerl0sq.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011.03.09 21:33:58 | 000,003,915 | ---- | M] () -- C:\Users\Sarah\AppData\Roaming\mozilla\firefox\profiles\mwerl0sq.default\searchplugins\sweetim.xml [2010.12.20 07:07:45 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2010.05.19 06:33:16 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.08.21 17:32:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010.07.17 04:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2009.10.23 14:01:34 | 000,102,400 | ---- | M] (Zylom) -- C:\Program Files\mozilla firefox\plugins\npzylomgamesplayer.dll ========== Chrome ========== CHR - homepage: hxxp://www.google.com/ CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: hxxp://www.google.com/ CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.97\PepperFlash\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.97\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.97\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.210.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U21 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll CHR - plugin: Unity Player (Enabled) = C:\Users\Sarah\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O3 - HKU\S-1-5-21-1348431092-3509530480-2247138941-1000\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found. O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [KiesTrayAgent] C:\Programme\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-1348431092-3509530480-2247138941-1000..\Run: [] C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung) O4 - HKU\S-1-5-21-1348431092-3509530480-2247138941-1000..\Run: [KiesAirMessage] C:\Program Files\Samsung\Kies\KiesAirMessage.exe -startup File not found O4 - HKU\S-1-5-21-1348431092-3509530480-2247138941-1000..\Run: [KiesPDLR] C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung) O4 - HKU\S-1-5-21-1348431092-3509530480-2247138941-1000..\Run: [KiesPreload] C:\Program Files\Samsung\Kies\Kies.exe (Samsung) O4 - HKU\S-1-5-21-1348431092-3509530480-2247138941-1000..\Run: [URdEIoPdlrOf.exe] C:\ProgramData\URdEIoPdlrOf.exe File not found O4 - HKU\S-1-5-21-1348431092-3509530480-2247138941-1000..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.) O13 - gopher Prefix: missing O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{10D3DB48-F294-4F5B-8A6B-15AC0C7F0BA1}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{40e03e66-81bf-11e1-8998-00188b5d0cb8}\Shell - "" = AutoRun O33 - MountPoints2\{40e03e66-81bf-11e1-8998-00188b5d0cb8}\Shell\AutoRun\command - "" = K:\AutoRun.exe O33 - MountPoints2\{40e03e68-81bf-11e1-8998-00188b5d0cb8}\Shell - "" = AutoRun O33 - MountPoints2\{40e03e68-81bf-11e1-8998-00188b5d0cb8}\Shell\AutoRun\command - "" = K:\AutoRun.exe O33 - MountPoints2\{69c52767-d7e0-11e1-8af0-00188b5d0cb8}\Shell - "" = AutoRun O33 - MountPoints2\{69c52767-d7e0-11e1-8af0-00188b5d0cb8}\Shell\AutoRun\command - "" = K:\ICM_ML.exe O33 - MountPoints2\{805f2cea-7ffd-11e1-bccf-00188b5d0cb8}\Shell - "" = AutoRun O33 - MountPoints2\{805f2cea-7ffd-11e1-bccf-00188b5d0cb8}\Shell\AutoRun\command - "" = L:\AutoRun.exe O33 - MountPoints2\{805f2cff-7ffd-11e1-bccf-00188b5d0cb8}\Shell - "" = AutoRun O33 - MountPoints2\{805f2cff-7ffd-11e1-bccf-00188b5d0cb8}\Shell\AutoRun\command - "" = K:\AutoRun.exe O33 - MountPoints2\{9f38e349-090b-11df-abee-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{9f38e349-090b-11df-abee-806e6f6e6963}\Shell\AutoRun\command - "" = F:\Viewsonic.exe O33 - MountPoints2\{e1d2fc11-b2f0-11df-a9b6-00188b5d0cb8}\Shell - "" = AutoRun O33 - MountPoints2\{e1d2fc11-b2f0-11df-a9b6-00188b5d0cb8}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (lsdelete) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013.02.13 09:56:33 | 000,259,584 | ---- | C] (OldTimer Tools) -- C:\Users\Sarah\Desktop\OTH.scr [2013.02.13 08:55:11 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine [2013.02.12 23:52:09 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Sarah\Desktop\OTL.exe [2013.02.12 22:59:16 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Roaming\Malwarebytes [2013.02.12 22:59:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.02.12 22:58:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.02.12 22:58:58 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2013.02.12 22:58:58 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2013.02.06 10:00:44 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox 4.0 Beta 7 [2013.02.04 16:30:28 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Local\JTL-Software-GmbH [2013.02.04 16:23:22 | 000,000,000 | ---D | C] -- C:\Program Files\JTL-Software [2013.02.04 11:25:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server 2005 [2013.02.04 11:21:59 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH [2013.02.04 11:21:36 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server [2013.02.04 11:19:19 | 000,000,000 | ---D | C] -- C:\Users\Sarah\Desktop\JTL-Wawi-Full [2013.02.04 08:22:19 | 148,442,600 | ---- | C] (Microsoft Corporation) -- C:\Users\Sarah\Desktop\SQLEXPR_x86_DEU.exe [2013.02.04 08:21:55 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Roaming\Download Manager [2013.02.04 08:07:01 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Roaming\jtl-software [2013.01.30 23:17:37 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\CrashDump [2013.01.22 22:13:47 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Roaming\PDAppFlex [2013.01.22 17:24:44 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe [2013.01.22 17:07:54 | 000,000,000 | ---D | C] -- C:\Users\Sarah\Desktop\Adobe [2013.01.22 17:06:10 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant [2013.01.22 17:06:06 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe Download Assistant [2013.01.14 20:32:59 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.02.13 10:07:27 | 000,728,812 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.02.13 10:07:27 | 000,679,280 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.02.13 10:07:27 | 000,168,282 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.02.13 10:07:27 | 000,136,660 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.02.13 10:02:26 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job [2013.02.13 10:01:13 | 000,005,360 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2013.02.13 10:01:12 | 000,005,360 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2013.02.13 10:01:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.02.13 10:01:00 | 2145,902,592 | -HS- | M] () -- C:\hiberfil.sys [2013.02.13 10:00:58 | 183,382,366 | ---- | M] () -- C:\Windows\MEMORY.DMP [2013.02.13 09:56:38 | 000,259,584 | ---- | M] (OldTimer Tools) -- C:\Users\Sarah\Desktop\OTH.scr [2013.02.13 09:50:45 | 000,000,042 | ---- | M] () -- C:\Users\Sarah\AppData\Roaming\mbam.context.scan [2013.02.13 09:48:01 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2013.02.13 08:44:12 | 000,000,064 | ---- | M] () -- C:\Windows\System32\rp_stats.dat [2013.02.13 08:44:12 | 000,000,044 | ---- | M] () -- C:\Windows\System32\rp_rules.dat [2013.02.12 23:52:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Sarah\Desktop\OTL.exe [2013.02.12 23:37:21 | 000,387,256 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2013.02.12 22:59:00 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.02.12 22:13:26 | 000,000,168 | ---- | M] () -- C:\ProgramData\URdEIoPdlrOf [2013.02.12 22:12:52 | 000,001,449 | ---- | M] () -- C:\Users\Sarah\Desktop\System Repair.lnk [2013.02.12 22:08:36 | 000,000,160 | ---- | M] () -- C:\ProgramData\-URdEIoPdlrOfr [2013.02.12 22:08:36 | 000,000,152 | ---- | M] () -- C:\ProgramData\-URdEIoPdlrOf [2013.02.07 10:03:18 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1ce0511f88db7a0.job [2013.02.05 09:41:50 | 000,011,341 | ---- | M] () -- C:\Users\Sarah\Desktop\SalesHistory.csv [2013.02.04 16:23:34 | 000,000,832 | ---- | M] () -- C:\Users\Public\Desktop\JTL-wawi.lnk [2013.02.04 11:17:16 | 104,470,167 | ---- | M] () -- C:\Users\Sarah\Desktop\JTL-Wawi-Full.zip [2013.02.04 08:27:53 | 148,442,600 | ---- | M] (Microsoft Corporation) -- C:\Users\Sarah\Desktop\SQLEXPR_x86_DEU.exe [2013.02.04 08:03:55 | 075,313,709 | ---- | M] ( ) -- C:\Users\Sarah\Desktop\setup-jtl-wawi_099875_130201.exe [2013.01.26 22:42:31 | 000,102,204 | ---- | M] () -- C:\Users\Sarah\Desktop\tumblr_mdyhr2dZyP1r3uvcho1_500_large.jpg [2013.01.26 11:41:55 | 000,036,864 | ---- | M] () -- C:\Users\Sarah\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2013.01.22 22:14:00 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\AdobeAAMUpdater-1.0-Zickchen-Sarah.job [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.02.13 09:50:45 | 000,000,042 | ---- | C] () -- C:\Users\Sarah\AppData\Roaming\mbam.context.scan [2013.02.13 09:36:32 | 000,002,073 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk [2013.02.13 09:36:32 | 000,000,832 | ---- | C] () -- C:\Users\Public\Desktop\JTL-wawi.lnk [2013.02.12 23:37:07 | 2145,902,592 | -HS- | C] () -- C:\hiberfil.sys [2013.02.12 22:59:00 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.02.12 22:01:32 | 000,001,449 | ---- | C] () -- C:\Users\Sarah\Desktop\System Repair.lnk [2013.02.12 21:50:19 | 000,000,160 | ---- | C] () -- C:\ProgramData\-URdEIoPdlrOfr [2013.02.12 21:50:19 | 000,000,152 | ---- | C] () -- C:\ProgramData\-URdEIoPdlrOf [2013.02.12 21:50:18 | 000,000,168 | ---- | C] () -- C:\ProgramData\URdEIoPdlrOf [2013.02.07 10:03:18 | 000,001,094 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1ce0511f88db7a0.job [2013.02.05 09:41:49 | 000,011,341 | ---- | C] () -- C:\Users\Sarah\Desktop\SalesHistory.csv [2013.02.04 16:23:34 | 000,000,879 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JTL-wawi-ameise.lnk [2013.02.04 16:23:34 | 000,000,858 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JTL-wawi WORKER.lnk [2013.02.04 16:23:34 | 000,000,844 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JTL-wawi.lnk [2013.02.04 11:14:03 | 104,470,167 | ---- | C] () -- C:\Users\Sarah\Desktop\JTL-Wawi-Full.zip [2013.02.04 08:01:35 | 075,313,709 | ---- | C] ( ) -- C:\Users\Sarah\Desktop\setup-jtl-wawi_099875_130201.exe [2013.01.26 22:42:30 | 000,102,204 | ---- | C] () -- C:\Users\Sarah\Desktop\tumblr_mdyhr2dZyP1r3uvcho1_500_large.jpg [2013.01.22 22:14:00 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\AdobeAAMUpdater-1.0-Zickchen-Sarah.job [2013.01.22 17:24:24 | 000,001,024 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Dreamweaver CS6.lnk [2013.01.22 17:22:47 | 000,001,146 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS6.lnk [2013.01.22 17:22:43 | 000,001,308 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS6.lnk [2013.01.22 17:22:24 | 000,000,874 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk [2013.01.22 17:21:52 | 000,000,974 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Widget Browser.lnk [2013.01.22 17:06:06 | 000,000,924 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Download Assistant.lnk [2012.12.10 21:20:11 | 026,162,543 | ---- | C] () -- C:\ProgramData\roma1.exe [2012.06.26 15:02:40 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2012.06.02 22:27:14 | 000,482,408 | ---- | C] () -- C:\Windows\ssndii.exe [2012.06.02 22:26:09 | 000,022,723 | ---- | C] () -- C:\Windows\System32\cl31cl3.dll [2011.09.07 21:30:25 | 000,016,432 | ---- | C] () -- C:\Windows\System32\lsdelete.exe [2011.06.18 20:29:31 | 000,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll [2011.06.18 20:29:31 | 000,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll [2011.06.18 20:29:31 | 000,012,067 | ---- | C] () -- C:\Windows\System32\SIntf16.dll [2011.04.27 13:19:30 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll [2011.04.27 13:19:30 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll [2011.04.27 13:19:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll [2011.04.27 13:19:30 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll [2011.04.27 06:25:36 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat [2011.04.27 06:25:36 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat [2011.02.28 22:31:28 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat [2010.06.20 17:12:30 | 000,000,680 | ---- | C] () -- C:\Users\Sarah\AppData\Local\d3d9caps.dat [2010.06.17 14:33:34 | 000,003,377 | ---- | C] () -- C:\Users\Sarah\.recently-used.xbel [2010.04.19 19:44:01 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat [2010.02.26 11:12:02 | 000,000,356 | ---- | C] () -- C:\Users\Sarah\AppData\Roaming\wklnhst.dat [2010.02.02 13:09:41 | 000,036,864 | ---- | C] () -- C:\Users\Sarah\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== ZeroAccess Check ========== [2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both < End of report > Code:
ATTFilter OTL Extras logfile created on: 13.02.2013 10:06:04 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Sarah\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19393)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,09 Gb Available Physical Memory | 54,39% Memory free
4,23 Gb Paging File | 3,11 Gb Available in Paging File | 73,40% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 97,66 Gb Total Space | 25,99 Gb Free Space | 26,62% Space Free | Partition Type: NTFS
Drive D: | 97,66 Gb Total Space | 97,45 Gb Free Space | 99,78% Space Free | Partition Type: NTFS
Drive E: | 102,72 Gb Total Space | 69,41 Gb Free Space | 67,57% Space Free | Partition Type: NTFS
Drive K: | 998,09 Mb Total Space | 618,06 Mb Free Space | 61,92% Space Free | Partition Type: FAT
Computer Name: ZICKCHEN | User Name: Sarah | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
[HKEY_USERS\S-1-5-21-1348431092-3509530480-2247138941-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox 4.0 Beta 7\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AntiVirusDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 1
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{103D5AEB-EC06-4018-AEDB-F61C46F55650}" = lport=2869 | protocol=6 | dir=in | app=system |
"{200395B4-0562-4EB2-91F2-97DF51ECDB6C}" = lport=10243 | protocol=6 | dir=in | app=system |
"{27E328F8-150B-4964-A739-855EFEA0EFBE}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{29AC8E20-196F-4DAB-9193-631F30E4B3FE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3DAD86FF-4320-4AE3-8FC9-0F41D7F73DC8}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5FE4CF8C-3540-4E6D-AD0D-66A4C4C74544}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B3371DBE-2676-4D64-9567-4ECA6B9FF121}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E5824866-9253-45F5-B6B4-FFAACAD4D3A8}" = rport=10243 | protocol=6 | dir=out | app=system |
"{E84898B6-EF4E-4021-97FD-7F8F18F110E4}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{14B21F57-F88A-4807-B0BF-9D364CE12DAE}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe |
"{1B480C41-A576-49F6-8A75-5BDFE8214D31}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2DA6E5A4-BA6B-47B0-8051-FDEA01103621}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe |
"{38D08874-5702-419E-A99F-361A3B3B5461}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{41559505-40EF-4267-B3CE-D8FBC67523E1}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{46127179-1A55-4EA9-9B43-5F6C7ED0A91B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{620A0CBF-5464-46A3-8877-399133D0C83F}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe |
"{6F714B06-21A6-4CE3-A7E3-3F269FA1CD17}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe |
"{72148869-0ADF-430C-9031-8C084D0964BF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{7879D537-39D6-4C29-8057-0D9BD66C7D13}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{79042F09-2DBF-4672-BF25-79B6045D392A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{997AF9D5-A3A0-4A45-8E0C-F1F3B2A260C5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9DDA313B-2C95-4186-B6B3-0E8E682FFD1D}" = protocol=6 | dir=out | app=system |
"{A6AA8D40-E994-4B63-BC28-B725848749C4}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe |
"{A87EADEA-1718-4E59-9043-0BE0A2B92AE0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{B9F59B35-7147-468A-9A7F-9A35AA98BCE9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{BC7A7FD2-AD12-4323-8E7D-D8BE63BAEDF9}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\dermaniac\counter-strike source\hl2.exe |
"{CE0180FE-28BA-4232-8479-BA5FE764F018}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe |
"{D59C401D-B79E-400E-9B5A-2AB206EE5AEC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E3B1469A-8007-4F33-A107-A7A5530A6706}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F12C7A48-213F-4191-B450-E21A3EAE9632}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{FD7088E5-C6C0-4908-A866-5A6FAB589AB8}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\dermaniac\counter-strike source\hl2.exe |
"TCP Query User{02EC71DB-B1AE-4163-A329-1A85F4AA635D}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{27A5FC6E-F7F3-4E3A-8851-2EE1AED3BA69}C:\program files\poc\pocxxl\bin\pocxxl.exe" = protocol=6 | dir=in | app=c:\program files\poc\pocxxl\bin\pocxxl.exe |
"TCP Query User{47E83B55-1567-4215-A2D4-90B50CA38741}C:\users\sarah\desktop\downloader_diablo2_lord_of_destruction_engb.exe" = protocol=6 | dir=in | app=c:\users\sarah\desktop\downloader_diablo2_lord_of_destruction_engb.exe |
"TCP Query User{56B8DF67-637A-47D3-BFE4-785349032EB7}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"TCP Query User{67056295-CD7D-4E4D-B1DF-7EC024A9ABBA}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{A416C960-DBD1-498A-8B68-2EA4FF066198}C:\program files\icq7.4\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.4\icq.exe |
"TCP Query User{C271C4F8-7191-492E-BBF6-BD8ABAE1562E}C:\users\sarah\desktop\downloader_diablo2_dede.exe" = protocol=6 | dir=in | app=c:\users\sarah\desktop\downloader_diablo2_dede.exe |
"TCP Query User{CC1C010A-F444-43E3-BAEA-CC363C8A0B57}C:\users\sarah\desktop\downloader_diablo2_lord_of_destruction_dede.exe" = protocol=6 | dir=in | app=c:\users\sarah\desktop\downloader_diablo2_lord_of_destruction_dede.exe |
"TCP Query User{F4E5A307-BAEE-4FAA-AF7E-064DCDE775B2}C:\program files\icq7.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe |
"TCP Query User{F9E20902-77E8-4727-B0C8-496EE17F26FE}C:\windows\system32\javaw.exe" = protocol=6 | dir=in | app=c:\windows\system32\javaw.exe |
"UDP Query User{00146113-E3AF-4184-8724-44BF3FCDE739}C:\users\sarah\desktop\downloader_diablo2_lord_of_destruction_dede.exe" = protocol=17 | dir=in | app=c:\users\sarah\desktop\downloader_diablo2_lord_of_destruction_dede.exe |
"UDP Query User{0E413FFB-A9C9-4585-B4F5-B8D7D709A698}C:\program files\poc\pocxxl\bin\pocxxl.exe" = protocol=17 | dir=in | app=c:\program files\poc\pocxxl\bin\pocxxl.exe |
"UDP Query User{1DD0C1BF-8B86-49EE-A01B-E22750338C07}C:\windows\system32\javaw.exe" = protocol=17 | dir=in | app=c:\windows\system32\javaw.exe |
"UDP Query User{3FFFDBD6-5A94-4648-A340-4A0C702C1658}C:\program files\icq7.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe |
"UDP Query User{6960489C-3B3D-42BD-8CD9-A6B59DF7DB2F}C:\users\sarah\desktop\downloader_diablo2_lord_of_destruction_engb.exe" = protocol=17 | dir=in | app=c:\users\sarah\desktop\downloader_diablo2_lord_of_destruction_engb.exe |
"UDP Query User{90EA4FFD-E7AA-460C-B14B-FEAEE2ED1344}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{97FED9F6-F574-4777-9024-B99CA929E6CB}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"UDP Query User{9FF7EF54-22CB-419F-B2D7-B942E3DE4013}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{A282E2A0-939A-4143-A929-4B23DBB347CE}C:\users\sarah\desktop\downloader_diablo2_dede.exe" = protocol=17 | dir=in | app=c:\users\sarah\desktop\downloader_diablo2_dede.exe |
"UDP Query User{CAA5364A-4413-4457-82D8-E6FD4959D417}C:\program files\icq7.4\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.4\icq.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{511DE7EA-AA68-4D7A-A2E3-0E7B5186B822}" = CorelDRAW Graphics Suite X6
"_{B92076C0-C5FE-4DB1-AA8D-855430CDF098}" = Corel Graphics - Windows Shell Extension
"{0084B0C3-F376-42E3-804A-885D249282BD}" = CorelDRAW Graphics Suite X6 - IPM
"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (JTLWAWI)
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{09E4C6A0-AB81-4ADA-9163-DD7B724E0BB6}" = Janosch Vorschule
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}" = Adobe AIR
"{169ADA4A-8079-4CD8-8E20-030B1A54E552}" = CorelDRAW Graphics Suite X6 - DE
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20B1B020-DEAE-48D1-9960-D4C3185D758B}" = Phase 5 HTML-Editor
"{25D69CEE-3EE2-47FD-9A0E-5013240EC953}" = CorelDRAW Graphics Suite X6 - Common
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 21
"{299C0434-4F4E-341F-A916-4E07AEB35E79}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime
"{318FF3D7-0C40-483B-AF92-AF36416B0AC6}" = CorelDRAW Graphics Suite X6 - Writing Tools
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CFFAEC0-1F2A-4D38-8D95-3995A936ADD9}" = NetWorkingWizard_ICM
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{511DE7EA-AA68-4D7A-A2E3-0E7B5186B822}" = CorelDRAW Graphics Suite X6 - Setup Files
"{579CA850-B2C3-43F3-A3F6-3A0AE42E8225}" = CorelDRAW Graphics Suite X6 - FontNav
"{5928359F-BF46-4646-BF19-B64E55171EB5}" = FILSHtray
"{603C6570-2BA1-4FC6-8735-7EFA6D1F6F61}" = CorelDRAW Graphics Suite X6 - Custom Data
"{62BEC144-7029-4BF4-B3F2-FA231FB9F84B}" = CorelDRAW Graphics Suite X6 - Redist
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6F53FB68-6620-423E-B7CD-B8205655B421}" = CorelDRAW Graphics Suite X6 - PHOTO-PAINT
"{6F545E5E-4595-11E2-93B6-B8AC6F97B88E}" = Google Earth
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{74FA94F1-9566-4252-9372-E7EAFFEFE209}" = CorelDRAW Graphics Suite X6 - Capture
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{76DAEC83-AF7B-333C-8A53-83D7C7D39199}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime Language Pack - DEU
"{7A2FF332-E4F6-4D87-9EBD-EDFF1216490F}" = CorelDRAW Graphics Suite X6 - Filters
"{7CCD75BD-5528-4FE1-90D2-392D661A2BF1}" = CorelDRAW Graphics Suite X6 - VSTA
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7F9F6864-8CAB-440C-AF44-030D0135666D}" = CorelDRAW Graphics Suite X6
"{879E2460-18F9-48F2-B736-4E814A699504}" = CorelDRAW Graphics Suite X6 - VBA
"{89A48D6A-19C9-4127-AE37-8E11CA08E893}_is1" = Rummi Version 7.1.5
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E87B944-4815-3C5E-947F-5035C9F64362}" = Microsoft Visual Studio Tools for Applications 2.0 Language Pack - DEU
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-0070-0000-0000-4000000FF1CE}" = Microsoft Visual Basic for Applications 7.1 (x86)
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9EF200A3-1CAC-462E-990B-EC902279BAAA}" = Microsoft Visual Basic for Applications 7.1 (x86) German
"{A157AC1C-DF44-481A-81E7-17AE00239818}" = Logitech Z-series Software 1.04
"{A4ED5E53-7AA0-11E1-BF04-B2D4D4A5360E}" = Adobe Dreamweaver CS6
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.2 - Deutsch
"{AF37176A-78CA-545B-34EF-8B6A21514DD1}" = Adobe Help Manager
"{B92076C0-C5FE-4DB1-AA8D-855430CDF098}" = Corel Graphics - Windows Shell Extension
"{BBAAAD82-6242-420F-86D4-BD72BB5E6C86}" = Tools für Microsoft SQL Server 2005 Express Edition
"{BD136CE7-6666-4273-A056-8D92F8625AAB}" = Sun ODF Plugin for Microsoft Office 3.2
"{C5262276-0075-498B-B80F-7D997482E4DB}" = CorelDRAW Graphics Suite X6 - Draw
"{C8773FDB-D0DB-BE52-D536-F48F9886B57B}" = Adobe Download Assistant
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D4A17D31-2F7B-4682-AD57-467021452909}" = CorelDRAW Graphics Suite X6 - Photozoom Plugin
"{D4EFC6B7-3DA5-400D-9682-9BE287A5440E}" = CorelDRAW Graphics Suite X6 - Connect
"{D5E409E8-3AF3-4B19-A291-E27AECC905B3}" = Janosch Vorschule Englisch
"{DDFEB503-D662-4224-82C9-37A5698FDC25}" = CorelDRAW Graphics Suite X6 - VideoBrowser
"{E4C59955-6166-4B64-86DB-E8FBCADFFF16}" = Caillous Kindergarten
"{EFBE6DD5-B224-96E5-72B9-68D328CB12A6}" = Adobe Widget Browser
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F4415576-418A-1721-9177-BB4ADDDC66B3}" = Legalsounds Download Manager
"{F46E21DF-5BE1-48E2-8390-5EEA8B25E36A}" = Microsoft SQL Server Native Client
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FB32F52B-0D1C-4214-91A6-5B2DA15A5238}" = Ad-Aware
"{FDE96E86-7780-431C-92F7-679C6A7CEC51}" = Microsoft SQL Server VSS Writer
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Avira AntiVir Desktop" = Avira Free Antivirus
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Help Manager
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"com.adobe.WidgetBrowser" = Adobe Widget Browser
"Diablo II" = Diablo II
"Google Chrome" = Google Chrome
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"JTL-Wawi_is1" = JTL-Wawi
"LegalsoundsDownloadManager" = Legalsounds Download Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox 18.0.2 (x86 de)" = Mozilla Firefox 18.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Ports Of Call XXL" = Ports Of Call XXL
"RealPlayer 12.0" = RealPlayer
"Samsung CLP-310 Series" = Samsung CLP-310 Series
"Steam App 240" = Counter-Strike: Source
"TIPP10_is1" = TIPP10 Version 2.0.3
"VLC media player" = VLC media player 1.1.5
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-1348431092-3509530480-2247138941-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"MyFreeCodec" = MyFreeCodec
"UnityWebPlayer" = Unity Web Player
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 29.05.2011 12:24:38 | Computer Name = Zickchen | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung QT32.EXE, Version 2.1.2.59, Zeitstempel 0x3222491a,
fehlerhaftes Modul QT32.EXE, Version 2.1.2.59, Zeitstempel 0x3222491a, Ausnahmecode
0xc0000005, Fehleroffset 0x00013d8b, Prozess-ID 0xad0, Anwendungsstartzeit 01cc1e1ce3e175e2.
Error - 29.05.2011 12:29:16 | Computer Name = Zickchen | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung QT32.EXE, Version 2.1.2.59, Zeitstempel 0x3222491a,
fehlerhaftes Modul QT32.EXE, Version 2.1.2.59, Zeitstempel 0x3222491a, Ausnahmecode
0xc0000005, Fehleroffset 0x00013d8b, Prozess-ID 0xd48, Anwendungsstartzeit 01cc1e1d4b0da190.
Error - 29.05.2011 12:39:52 | Computer Name = Zickchen | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung QT32.EXE, Version 2.1.2.59, Zeitstempel 0x3222491a,
fehlerhaftes Modul QT32.EXE, Version 2.1.2.59, Zeitstempel 0x3222491a, Ausnahmecode
0xc0000005, Fehleroffset 0x00013d8b, Prozess-ID 0xa60, Anwendungsstartzeit 01cc1e1ef1eb7adb.
Error - 10.06.2011 01:18:04 | Computer Name = Zickchen | Source = Lavasoft Ad-Aware Service | ID = 0
Description =
Error - 04.07.2011 17:19:49 | Computer Name = Zickchen | Source = System Restore | ID = 8193
Description =
Error - 25.07.2011 14:35:34 | Computer Name = Zickchen | Source = Lavasoft Ad-Aware Service | ID = 0
Description =
Error - 09.08.2011 12:10:45 | Computer Name = Zickchen | Source = Lavasoft Ad-Aware Service | ID = 0
Description =
Error - 06.04.2012 16:59:31 | Computer Name = Zickchen | Source = Avira AntiVir | ID = 4118
Description =
Error - 12.04.2012 14:27:52 | Computer Name = Zickchen | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung Verbindungsassistent.exe, Version 1.0.0.1, Zeitstempel
0x49ad175c, fehlerhaftes Modul WtgCore.dll, Version 1.0.0.1, Zeitstempel 0x49ad1721,
Ausnahmecode 0xc0000005, Fehleroffset 0x00045351, Prozess-ID 0xf88, Anwendungsstartzeit
01cd18ce2bd2dbcd.
Error - 02.05.2012 17:16:13 | Computer Name = Zickchen | Source = System Restore | ID = 8193
Description =
[ System Events ]
Error - 13.02.2013 03:48:19 | Computer Name = Zickchen | Source = Service Control Manager | ID = 7000
Description =
Error - 13.02.2013 03:56:09 | Computer Name = Zickchen | Source = Print | ID = 19
Description = Der Druckspooler konnte den Drucker Samsung CLP-310 Series nicht unter
dem Namen Samsung CLP-310 Series freigeben. Fehler: 2114. Der Drucker kann nicht
von anderen Benutzern im Netzwerk verwendet werden.
Error - 13.02.2013 03:56:32 | Computer Name = Zickchen | Source = Service Control Manager | ID = 7001
Description =
Error - 13.02.2013 03:56:32 | Computer Name = Zickchen | Source = Service Control Manager | ID = 7000
Description =
Error - 13.02.2013 03:56:32 | Computer Name = Zickchen | Source = Service Control Manager | ID = 7023
Description =
Error - 13.02.2013 04:51:43 | Computer Name = Zickchen | Source = Service Control Manager | ID = 7000
Description =
Error - 13.02.2013 04:57:48 | Computer Name = Zickchen | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 13.02.2013 um 09:56:49 unerwartet heruntergefahren.
Error - 13.02.2013 04:59:16 | Computer Name = Zickchen | Source = Service Control Manager | ID = 7000
Description =
Error - 13.02.2013 05:01:06 | Computer Name = Zickchen | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 13.02.2013 um 09:59:39 unerwartet heruntergefahren.
Error - 13.02.2013 05:02:20 | Computer Name = Zickchen | Source = Service Control Manager | ID = 7000
Description =
< End of report >
Code:
ATTFilter GMER 2.0.18454 - hxxp://www.gmer.net
Rootkit scan 2013-02-13 12:11:13
Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\00000049 ST332062 rev.3.AD 298,09GB
Running: gmer_2.0.18454.exe; Driver: C:\Users\Sarah\AppData\Local\Temp\pwdcypoc.sys
---- System - GMER 2.0 ----
SSDT 8C3C53E6 ZwCreateSection
SSDT 8C3C53F0 ZwRequestWaitReplyPort
SSDT 8C3C53EB ZwSetContextThread
SSDT 8C3C53F5 ZwSetSecurityObject
SSDT 8C3C53FA ZwSystemDebugControl
SSDT 8C3C5387 ZwTerminateProcess
---- Kernel code sections - GMER 2.0 ----
.text ntkrnlpa.exe!KeSetEvent + 215 822EB8D8 4 Bytes [E6, 53, 3C, 8C] {OUT 0x53, AL; CMP AL, 0x8c}
.text ntkrnlpa.exe!KeSetEvent + 539 822EBBFC 4 Bytes [F0, 53, 3C, 8C] {PUSH EBX; CMP AL, 0x8c}
.text ntkrnlpa.exe!KeSetEvent + 56D 822EBC30 4 Bytes [EB, 53, 3C, 8C] {JMP 0x55; CMP AL, 0x8c}
.text ntkrnlpa.exe!KeSetEvent + 5D1 822EBC94 4 Bytes [F5, 53, 3C, 8C] {CMC ; PUSH EBX; CMP AL, 0x8c}
.text ntkrnlpa.exe!KeSetEvent + 619 822EBCDC 4 Bytes [FA, 53, 3C, 8C] {CLI ; PUSH EBX; CMP AL, 0x8c}
.text ...
---- User code sections - GMER 2.0 ----
.text C:\Program Files\Mozilla Firefox 4.0 Beta 7\firefox.exe[2920] ntdll.dll!LdrLoadDll 77929378 5 Bytes JMP 567A3C70 C:\Program Files\Mozilla Firefox 4.0 Beta 7\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox 4.0 Beta 7\firefox.exe[2920] kernel32.dll!HeapSetInformation + 26 7745A8B0 7 Bytes JMP 567C553C C:\Program Files\Mozilla Firefox 4.0 Beta 7\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox 4.0 Beta 7\firefox.exe[2920] kernel32.dll!LockResource + C 77476ACB 7 Bytes JMP 56AF6073 C:\Program Files\Mozilla Firefox 4.0 Beta 7\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox 4.0 Beta 7\firefox.exe[2920] kernel32.dll!VirtualAllocEx + 54 7747AF50 7 Bytes JMP 56AF6096 C:\Program Files\Mozilla Firefox 4.0 Beta 7\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox 4.0 Beta 7\firefox.exe[2920] GDI32.dll!SetStretchBltMode + 256 7638745C 7 Bytes JMP 56AF5FF4 C:\Program Files\Mozilla Firefox 4.0 Beta 7\xul.dll (Mozilla Foundation)
---- Registry - GMER 2.0 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000272829b2e
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000272829b2e@a8f2743e4926 0x6C 0x46 0xE5 0xF2 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000272829b2e@04180f06dab2 0x52 0xAA 0x95 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\000272829b2e (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\000272829b2e@a8f2743e4926 0x6C 0x46 0xE5 0xF2 ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\000272829b2e@04180f06dab2 0x52 0xAA 0x95 0x00 ...
---- Files - GMER 2.0 ----
File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS068A5.log 131072 bytes
File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS068A6.log 131072 bytes
File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS068A7.log 0 bytes
File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS068A8.log 131072 bytes
File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS068A9.log 0 bytes
---- EOF - GMER 2.0 ----
Geändert von DieSarah (13.02.2013 um 12:28 Uhr) Grund: Log-Files als Code angehängt! |
| Themen zu System Repair auf Vista erfolgreich eliminieren - brauche Hilfe, bitte! |
| ad-aware, antivir, autorun, avira, bluescreen, cdburnerxp, desktop, error, excel, firefox, flash player, google, home, iexplore.exe, install.exe, netzwerk, ntdll.dll, office 2007, plug-in, problem, registry, rundll, scan, security, server, software, svchost.exe, system, vista, visual studio |
Baum-Darstellung