| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Zwei Plagegeister entdeckt: ShellChanger und AgentWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
20.07.2013, 15:01
| #1 |
 |  Zwei Plagegeister entdeckt: ShellChanger und Agent Hallo zusammen, mein Antivir hat zwei Schädlinge entdeckt: - TR/ShellChanger.aaa - JS/Agent.480412 Da ich beim ersten googlen etwas von "nur neu aufsetzen hilft" gelesen habe und ich das - wenn möglich - vermeiden möchte, wende ich mich an euch. Ich wäre dankbar, wenn ihr euch das Thema mal anschauen und euer Urteil abgeben würdet. Ich habe die 3 Schritte (defogger/OTL/Gmer), anbei die Logs: OTL.txt: OTL logfile created on: 20.07.2013 11:46:51 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\Tina\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.5512) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1015,37 Mb Total Physical Memory | 638,01 Mb Available Physical Memory | 62,83% Memory free 2,39 Gb Paging File | 2,04 Gb Available in Paging File | 85,63% Paging File free Paging file location(s): C:\pagefile.sys 1524 3048 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 29,29 Gb Total Space | 16,74 Gb Free Space | 57,15% Space Free | Partition Type: NTFS Drive D: | 272,90 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Drive E: | 45,15 Gb Total Space | 42,78 Gb Free Space | 94,76% Space Free | Partition Type: NTFS Computer Name: LAPTOPMAMA | User Name: Tina | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Dokumente und Einstellungen\Tina\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\StarMoney 8.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe (Star Finanz - Software Entwicklung und Vertriebs GmbH) PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.) PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) PRC - C:\Programme\Canon\IJPLM\ijplmsvc.exe () PRC - C:\Programme\ControlCenter4\BrCcUxSys.exe (Brother Industries, Ltd.) PRC - C:\Programme\ControlCenter4\BrCtrlCntr.exe (Brother Industries, Ltd.) PRC - C:\Programme\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.) PRC - C:\Programme\Browny02\BrYNSvc.exe (Brother Industries, Ltd.) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Programme\SigmaTel\C-Major Audio\WDM\stsystra.exe (SigmaTel, Inc.) PRC - C:\Programme\Dell\QuickSet\quickset.exe (Dell Inc) ========== Modules (No Company Name) ========== MOD - C:\Programme\Avira\AntiVir Desktop\sqlite3.dll () MOD - C:\Programme\Canon\IJPLM\ijplmsvc.exe () MOD - C:\Programme\StarMoney 8.0 S-Edition\ouservice\patchw32.dll () MOD - C:\Programme\Brother\BrUtilities\BrLogAPI.dll () MOD - C:\Programme\Adobe Reader 8.0\Reader\ViewerPS.dll () MOD - C:\Programme\Dell\QuickSet\dadkeyb.dll () ========== Services (SafeList) ========== SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirWebService) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (StarMoney 8.0 OnlineUpdate) -- C:\Programme\StarMoney 8.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe (Star Finanz - Software Entwicklung und Vertriebs GmbH) SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (IJPLMSVC) -- C:\Programme\Canon\IJPLM\ijplmsvc.exe () SRV - (BrYNSvc) -- C:\Programme\Browny02\BrYNSvc.exe (Brother Industries, Ltd.) SRV - (odserv) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation) SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (WDICA) -- File not found DRV - (PDRFRAME) -- File not found DRV - (PDRELI) -- File not found DRV - (PDFRAME) -- File not found DRV - (PDCOMP) -- File not found DRV - (PCIDump) -- File not found DRV - (lbrtfdc) -- File not found DRV - (i2omgmt) -- File not found DRV - (Changer) -- File not found DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG) DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG) DRV - (avkmgr) -- C:\WINDOWS\system32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG) DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH) DRV - (BrUsbSIb) -- C:\WINDOWS\system32\drivers\BrUsbSib.sys (Brother Industries Ltd.) DRV - (BrSerIb) -- C:\WINDOWS\system32\drivers\BrSerIb.sys (Brother Industries Ltd.) DRV - (LUsbFilt) -- C:\WINDOWS\system32\drivers\LUsbFilt.sys (Logitech, Inc.) DRV - (LMouFilt) -- C:\WINDOWS\system32\drivers\LMouFilt.Sys (Logitech, Inc.) DRV - (LHidFilt) -- C:\WINDOWS\system32\drivers\LHidFilt.Sys (Logitech, Inc.) DRV - (AnyDVD) -- C:\WINDOWS\system32\drivers\AnyDVD.sys (SlySoft, Inc.) DRV - (sptd) -- C:\WINDOWS\system32\drivers\sptd.sys (Duplex Secure Ltd.) DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.) DRV - (s125mgmt) -- C:\WINDOWS\system32\drivers\s125mgmt.sys (MCCI Corporation) DRV - (s125obex) -- C:\WINDOWS\system32\drivers\s125obex.sys (MCCI Corporation) DRV - (s125mdm) -- C:\WINDOWS\system32\drivers\s125mdm.sys (MCCI Corporation) DRV - (s125mdfl) -- C:\WINDOWS\system32\drivers\s125mdfl.sys (MCCI Corporation) DRV - (s125bus) -- C:\WINDOWS\system32\drivers\s125bus.sys (MCCI Corporation) DRV - (s116unic) -- C:\WINDOWS\system32\drivers\s116unic.sys (MCCI Corporation) DRV - (s116obex) -- C:\WINDOWS\system32\drivers\s116obex.sys (MCCI Corporation) DRV - (s116nd5) -- C:\WINDOWS\system32\drivers\s116nd5.sys (MCCI Corporation) DRV - (s116mgmt) -- C:\WINDOWS\system32\drivers\s116mgmt.sys (MCCI Corporation) DRV - (s116mdm) -- C:\WINDOWS\system32\drivers\s116mdm.sys (MCCI Corporation) DRV - (s116mdfl) -- C:\WINDOWS\system32\drivers\s116mdfl.sys (MCCI Corporation) DRV - (s116bus) -- C:\WINDOWS\system32\drivers\s116bus.sys (MCCI Corporation) DRV - (APPDRV) -- C:\WINDOWS\system32\drivers\APPDRV.SYS (Dell Inc) DRV - (bcm4sbxp) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys (Broadcom Corporation) DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.) DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.) DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.) DRV - (CyUsbNT) -- C:\WINDOWS\system32\drivers\CyUsbNT.sys (Cypress Semiconductor) DRV - (w29n51) -- C:\WINDOWS\system32\drivers\w29n51.sys (Intel® Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKU\.DEFAULT\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-IDW&o=APN10023&src=crm&q={searchTerms}&locale=&apn_ptnrs=LL&apn_dtid=YYYYYYYYDE&apn_uid=367381ea-e639-49d7-b75a-e3460eac9ecd&apn_sauid=9F7F1CD0-2433-46D3-BBF2-BE2AE0704CE3 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-IDW&o=APN10023&src=crm&q={searchTerms}&locale=&apn_ptnrs=LL&apn_dtid=YYYYYYYYDE&apn_uid=367381ea-e639-49d7-b75a-e3460eac9ecd&apn_sauid=9F7F1CD0-2433-46D3-BBF2-BE2AE0704CE3 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-839522115-2147040963-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\S-1-5-21-839522115-2147040963-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Ask.com" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.update: false FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "https://www.stuempflhof-shop.de/" FF - prefs.js..extensions.enabledAddons: moveplayer@movenetworks.com:1.0.0.071303000004 FF - prefs.js..extensions.enabledAddons: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20120515 FF - prefs.js..extensions.enabledAddons: {9A207F60-3F1C-4ED0-972D-0A4CDFBFF803}:1.0 FF - prefs.js..extensions.enabledAddons: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_278.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Programme\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Programme\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Programme\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_39: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll File not found FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{9A207F60-3F1C-4ED0-972D-0A4CDFBFF803}: C:\WINDOWS\system32\12001.041 [2012.07.14 22:34:30 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.05.29 11:58:04 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.10.04 09:19:25 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{9A207F60-3F1C-4ED0-972D-0A4CDFBFF803}: C:\WINDOWS\system32\12001.041 [2012.07.14 22:34:30 | 000,000,000 | ---D | M] [2009.05.21 10:40:11 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Tina\Anwendungsdaten\Mozilla\Extensions [2009.05.21 10:40:11 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Tina\Anwendungsdaten\Mozilla\Extensions\home2@tomtom.com [2012.05.22 01:14:44 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Tina\Anwendungsdaten\Mozilla\Firefox\Profiles\zy7n7e4l.default\extensions [2011.03.27 15:56:05 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Tina\Anwendungsdaten\Mozilla\Firefox\Profiles\zy7n7e4l.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2012.05.22 01:14:43 | 000,000,000 | ---D | M] (WOT) -- C:\Dokumente und Einstellungen\Tina\Anwendungsdaten\Mozilla\Firefox\Profiles\zy7n7e4l.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2009.05.21 10:40:10 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Dokumente und Einstellungen\Tina\Anwendungsdaten\Mozilla\Firefox\Profiles\zy7n7e4l.default\extensions\moveplayer@movenetworks.com [2008.05.30 07:35:42 | 000,002,921 | ---- | M] () -- C:\Dokumente und Einstellungen\Tina\Anwendungsdaten\Mozilla\Firefox\Profiles\zy7n7e4l.default\searchplugins\daemon-search.xml [2012.07.09 22:48:39 | 000,002,112 | ---- | M] () -- C:\Dokumente und Einstellungen\Tina\Anwendungsdaten\Mozilla\Firefox\Profiles\zy7n7e4l.default\searchplugins\suche.xml [2008.11.25 22:49:30 | 000,001,032 | ---- | M] () -- C:\Dokumente und Einstellungen\Tina\Anwendungsdaten\Mozilla\Firefox\Profiles\zy7n7e4l.default\searchplugins\wikipedia-eng.xml [2013.02.19 10:01:59 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.10.04 09:19:27 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2013.02.19 10:02:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} [2012.10.04 09:19:10 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAMME\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2012.07.14 22:34:30 | 000,000,000 | ---D | M] (Java Link Helper) -- C:\WINDOWS\SYSTEM32\12001.041 [2012.05.29 11:58:04 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll [2012.04.15 20:03:09 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.04.15 20:03:09 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml [2012.04.15 20:03:09 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml [2012.04.15 20:03:09 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml [2012.04.15 20:03:09 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml [2012.04.15 20:03:09 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2004.08.04 12:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKU\S-1-5-21-839522115-2147040963-725345543-1004\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Programme\Adobe Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [BrStsMon00] C:\Programme\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [ControlCenter4] C:\Programme\ControlCenter4\BrCcBoot.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [Dell QuickSet] C:\Programme\Dell\QuickSet\quickset.exe (Dell Inc) O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Programme\SigmaTel\C-Major Audio\WDM\stsystra.exe (SigmaTel, Inc.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: 8901 = C:\DOKUME~1\ALLUSE~1\LOCALS~1\Temp\msdubmna.cmd O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-839522115-2147040963-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O15 - HKU\S-1-5-21-839522115-2147040963-725345543-1004\..Trusted Domains: fritz.box ([]* in Lokales Intranet) O15 - HKU\S-1-5-21-839522115-2147040963-725345543-1004\..Trusted Ranges: Range1 ([*] in Lokales Intranet) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab (Java Plug-in 1.6.0_39) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab (Java Plug-in 1.6.0_39) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab (Java Plug-in 1.6.0_39) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4253854A-1A8D-439F-9AAC-A997BC8A76A0}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Tina\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Tina\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008.05.29 20:06:44 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2011.03.05 18:02:06 | 000,000,028 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ] O33 - MountPoints2\{09cc3576-5267-11dd-ba9b-0015c56979e3}\Shell\AutoRun\command - "" = F:\InstallTomTomHOME.exe O33 - MountPoints2\{4092f48a-2e0a-11dd-9848-00166fb40347}\Shell - "" = AutoRun O33 - MountPoints2\{4092f48a-2e0a-11dd-9848-00166fb40347}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{4092f48a-2e0a-11dd-9848-00166fb40347}\Shell\AutoRun\command - "" = H:\SETUP.EXE O33 - MountPoints2\{4092f48a-2e0a-11dd-9848-00166fb40347}\Shell\configure\command - "" = H:\SETUP.EXE O33 - MountPoints2\{4092f48a-2e0a-11dd-9848-00166fb40347}\Shell\install\command - "" = H:\SETUP.EXE O33 - MountPoints2\{6c72a879-5663-11dd-baa9-0015c56979e3}\Shell\AutoRun\command - "" = F:\InstallTomTomHOME.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013.07.20 11:25:42 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Tina\Desktop\OTL.exe [2013.07.20 10:29:35 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Tina\Recent [2013.07.20 09:59:38 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\StarMoney 8.0 [2013.07.20 09:59:28 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\StarMoney 8.0 S-Edition [2013.07.20 09:55:21 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Google Chrome [2013.07.20 09:51:48 | 000,000,000 | ---D | C] -- C:\Programme\Business Objects [2013.07.20 09:49:17 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\StarFinanz [2013.07.20 09:49:08 | 000,000,000 | ---D | C] -- C:\Programme\StarMoney 8.0 S-Edition [4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.07.20 11:50:00 | 000,000,228 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job [2013.07.20 11:39:00 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2013.07.20 11:39:00 | 000,001,082 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2013.07.20 11:32:45 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2013.07.20 11:32:42 | 000,268,600 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2013.07.20 11:31:14 | 000,000,020 | ---- | M] () -- C:\Dokumente und Einstellungen\Tina\defogger_reenable [2013.07.20 11:25:43 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Tina\Desktop\OTL.exe [2013.07.20 09:59:36 | 000,001,746 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\StarMoney 8.0 S-Edition.lnk [2013.07.20 09:21:34 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2013.07.14 19:36:09 | 000,471,420 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2013.07.14 19:36:09 | 000,451,570 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2013.07.14 19:36:09 | 000,089,936 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2013.07.14 19:36:09 | 000,075,492 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2013.06.30 00:46:12 | 000,000,004 | ---- | M] () -- C:\Dokumente und Einstellungen\Tina\Anwendungsdaten\skype.ini [4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.07.20 11:30:33 | 000,000,020 | ---- | C] () -- C:\Dokumente und Einstellungen\Tina\defogger_reenable [2013.07.20 09:59:36 | 000,001,746 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\StarMoney 8.0 S-Edition.lnk [2013.07.20 09:46:08 | 000,001,086 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2013.07.20 09:46:06 | 000,001,082 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2013.06.30 00:37:26 | 000,000,004 | ---- | C] () -- C:\Dokumente und Einstellungen\Tina\Anwendungsdaten\skype.ini [2013.02.28 23:45:47 | 000,002,746 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\906753.js [2013.02.28 23:44:45 | 095,023,320 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\906753.pad [2012.12.08 10:38:36 | 000,000,227 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini [2012.12.08 10:38:36 | 000,000,093 | ---- | C] () -- C:\WINDOWS\brpcfx.ini [2012.12.08 10:37:41 | 000,003,303 | ---- | C] () -- C:\WINDOWS\BRPARAM.INI [2012.12.08 10:37:16 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\BRTCPCON.DLL [2012.12.08 10:37:16 | 000,000,114 | ---- | C] () -- C:\WINDOWS\System32\BRLMW03A.INI [2012.12.08 10:36:27 | 000,000,091 | ---- | C] () -- C:\WINDOWS\Brfaxrx.ini [2012.12.08 10:36:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brdfxspd.dat [2012.11.04 23:29:22 | 000,050,163 | ---- | C] () -- C:\Dokumente und Einstellungen\Tina\ms.exe [2012.02.19 00:01:27 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2012.02.18 23:58:26 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2011.10.14 22:28:01 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI [2008.10.10 19:08:27 | 000,000,040 | -HS- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\.zreglib [2008.10.08 22:07:57 | 000,000,056 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ezsidmv.dat [2008.06.04 09:48:34 | 000,065,024 | ---- | C] () -- C:\Dokumente und Einstellungen\Tina\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2004.08.04 12:00:00 | 000,070,144 | ---- | C] () -- C:\Dokumente und Einstellungen\Tina\Anwendungsdaten\skype.dat ========== ZeroAccess Check ========== [2008.06.04 00:23:23 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2013.05.29 09:41:25 | 001,510,400 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009.02.09 12:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008.04.14 04:22:32 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2012.09.29 21:14:25 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonEPP [2012.09.29 21:14:25 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonIJEPPEX2 [2012.12.01 23:20:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonIJPLM [2012.09.29 21:39:17 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonIJSDU [2012.09.29 21:14:29 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonIJSolutionMenuEX [2012.09.29 20:29:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonIJWSpt [2012.12.08 10:36:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ControlCenter4 [2009.03.17 19:03:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DAEMON Tools Lite [2012.12.17 21:07:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\EPSON [2008.06.12 20:40:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MailFrontier [2008.10.10 19:08:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SlySoft [2013.07.20 09:59:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\StarMoney 8.0 [2009.05.21 10:34:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP [2008.07.15 15:50:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TomTom [2011.08.09 19:44:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Tina\Anwendungsdaten\2050953 [2012.02.18 23:59:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Tina\Anwendungsdaten\AskToolbar [2012.09.29 21:14:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Tina\Anwendungsdaten\Canon [2012.12.08 10:43:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Tina\Anwendungsdaten\ControlCenter4 [2009.05.21 10:40:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Tina\Anwendungsdaten\DAEMON Tools [2012.04.14 20:56:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Tina\Anwendungsdaten\DAEMON Tools Lite [2009.05.21 10:40:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Tina\Anwendungsdaten\DAEMON Tools Pro [2011.12.13 21:56:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Tina\Anwendungsdaten\Puomid [2012.03.20 10:17:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Tina\Anwendungsdaten\pyljwfrrt [2011.12.13 22:32:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Tina\Anwendungsdaten\Syby ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 24 bytes -> C:\WINDOWS:5F2880A7D99BCA53 @Alternate Data Stream - 229 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:8FF81EB0 < End of report > 2. EXTRAS.txt: OTL Extras logfile created on: 20.07.2013 11:46:51 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\Tina\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.5512) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1015,37 Mb Total Physical Memory | 638,01 Mb Available Physical Memory | 62,83% Memory free 2,39 Gb Paging File | 2,04 Gb Available in Paging File | 85,63% Paging File free Paging file location(s): C:\pagefile.sys 1524 3048 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 29,29 Gb Total Space | 16,74 Gb Free Space | 57,15% Space Free | Partition Type: NTFS Drive D: | 272,90 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Drive E: | 45,15 Gb Total Space | 42,78 Gb Free Space | 94,76% Space Free | Partition Type: NTFS Computer Name: LAPTOPMAMA | User Name: Tina | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .html [@ = ChromeHTML] -- C:\Programme\Google\Chrome\Application\chrome.exe (Google Inc.) .url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l [HKEY_USERS\S-1-5-21-839522115-2147040963-725345543-1004\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* htmlfile [edit] -- Reg Error: Key error. http [open] -- "C:\Programme\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) https [open] -- "C:\Programme\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002 "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation) "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\WINDOWS\system32\sessmgr.exe" = C:\WINDOWS\system32\sessmgr.exe:*  isabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)"C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation) "C:\Programme\ICQ6\ICQ.exe" = C:\Programme\ICQ6\ICQ.exe:*:Enabled:ICQ6 "C:\Programme\Microsoft Office\Office12\GROOVE.EXE" = C:\Programme\Microsoft Office\Office12\GROOVE.EXE:* isabled:Microsoft Office Groove -- (Microsoft Corporation)"C:\Programme\Microsoft Office\Office12\ONENOTE.EXE" = C:\Programme\Microsoft Office\Office12\ONENOTE.EXE:* isabled:Microsoft Office OneNote -- (Microsoft Corporation)"C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\Temp\_ISTMP1.DIR\_ISTMP0.DIR\igd_finder.exe" = C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\Temp\_ISTMP1.DIR\_ISTMP0.DIR\igd_finder.exe:* isabled:igd_finder"C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\Temp\_ISTMP1.DIR\_INS5576._MP" = C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\Temp\_ISTMP1.DIR\_INS5576._MP:* isabled:InstallShield Engine"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation) "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation) "D:\fsetup.exe" = D:\fsetup.exe:*:Enabled:AVM FSetup Application "C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Enabled:Windows Explorer -- (Microsoft Corporation) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate "{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser "{1ED9C6A0-AEF8-44B4-9791-482A7BED12F4}" = StarMoney 8.0 S-Edition "{1FCBD504-AB7D-4757-9A14-850348384B08}" = StarMoney "{26A24AE4-039D-4CA4-87B4-2F83216035FF}" = Java(TM) 6 Update 39 "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7 "{345C90FB-FA10-11D5-9C2A-0080C85A0C2D}" = ABBYY FineReader OCR Engine für ScanWizard "{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{43602F34-1AA3-44FB-AEB2-D08C2C73743F}" = Paint.NET v3.36 "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{74224F8D-4A17-4816-9EDB-7BB854DE532C}" = NVIDIA PhysX v8.04.25 "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar "{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver for Mobile "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player "{900A92BA-19EF-4A34-86CF-7B6C85BDD971}" = VC_MergeModuleToMSI "{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (German) 12 "{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007 "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007 "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9B502755-0370-4DDD-BA68-D87AA4CE1A22}" = Panorama Viewer "{A1B36B88-AF90-43A3-8906-6DBEE89B4FBD}" = Brother MFL-Pro Suite MFC-J825DW "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-7AD7-1031-7B44-A81300000003}" = Adobe Reader 8.1.5 - Deutsch "{AC76BA86-7AD7-1031-7B44-A81300000003}_814" = KB408682 "{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8 "{B08D262E-D902-11D5-9C28-0080C85A0C2D}" = ScanWizard 5 "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player "{BB9AC6BF-71B6-42A4-9689-C17D9F44E79A}" = Brother MFL-Pro Suite "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{DB75941E-30C4-4D97-B000-D17C764B998C}" = Brother BRAdmin Light 1.20.0001 "{E2F2B987-F2BC-4969-95F2-92099486B811}" = StarMoney "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "AnyDVD" = AnyDVD "Avira AntiVir Desktop" = Avira Free Antivirus "AVMFBox" = AVM FRITZ!Box Dokumentation "AVMFBoxPrinter" = AVM FRITZ!Box Druckeranschluss "CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program "CCleaner" = CCleaner "CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3" = Conexant HDA D110 MDC V.92 Modem "ENTERPRISE" = Microsoft Office Enterprise 2007 "Google Chrome" = Google Chrome "HijackThis" = HijackThis 2.0.2 "InterActual Player" = InterActual Player "IrfanView" = IrfanView (remove only) "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Mozilla Firefox 12.0 (x86 de)" = Mozilla Firefox 12.0 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "Nero BurnRights!UninstallKey" = Nero BurnRights "NeroMultiInstaller!UninstallKey" = Nero Suite "Picasa 3" = Picasa 3 "ShockwaveFlash" = Adobe Flash Player 9 ActiveX "VLC media player" = VLC media player 0.9.9 "Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "Windows XP Service Pack" = Windows XP Service Pack 3 "WinRAR archiver" = WinRAR "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{79A765E1-C399-405B-85AF-466F52E918B0}" = Avira SearchFree Toolbar plus Web Protection Updater ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{79A765E1-C399-405B-85AF-466F52E918B0}" = Avira SearchFree Toolbar plus Web Protection Updater ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-839522115-2147040963-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{79A765E1-C399-405B-85AF-466F52E918B0}" = Avira SearchFree Toolbar plus Web Protection Updater ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 20.03.2013 10:40:26 | Computer Name = LAPTOPMAMA | Source = Brother BrLog | ID = 1001 Description = TWN BrtTWN: [2013/03/20 15:40:26.046]: [00002596]: BrStiIf: GetDeviceList Failed! pStiInfo = 0x0.. Error - 20.03.2013 10:40:26 | Computer Name = LAPTOPMAMA | Source = Brother BrLog | ID = 1001 Description = TWN BrtTWN: [2013/03/20 15:40:26.062]: [00002596]: ##### Fatal ERROR!! Create STI-device failed! ##### Error - 20.03.2013 10:40:26 | Computer Name = LAPTOPMAMA | Source = Brother BrLog | ID = 1001 Description = TWN BrtTWN: [2013/03/20 15:40:26.062]: [00002596]: Initialize TwdsMain Class failed! Error - 20.03.2013 10:40:27 | Computer Name = LAPTOPMAMA | Source = Brother BrLog | ID = 1001 Description = TWN BrtTWN: [2013/03/20 15:40:27.265]: [00002596]: BrStiIf: GetDeviceList Failed! pStiInfo = 0x0.. Error - 20.03.2013 10:40:27 | Computer Name = LAPTOPMAMA | Source = Brother BrLog | ID = 1001 Description = TWN BrtTWN: [2013/03/20 15:40:27.281]: [00002596]: ##### Fatal ERROR!! Create STI-device failed! ##### Error - 20.03.2013 10:40:27 | Computer Name = LAPTOPMAMA | Source = Brother BrLog | ID = 1001 Description = TWN BrtTWN: [2013/03/20 15:40:27.281]: [00002596]: Initialize TwdsMain Class failed! Error - 14.07.2013 13:22:35 | Computer Name = LAPTOPMAMA | Source = System.ServiceModel.Install 3.0.0.0 | ID = 0 Description = WMI classes are not installed. Error - 20.07.2013 04:02:17 | Computer Name = LAPTOPMAMA | Source = crypt32 | ID = 131083 Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 20.07.2013 04:02:17 | Computer Name = LAPTOPMAMA | Source = crypt32 | ID = 131083 Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 20.07.2013 05:38:05 | Computer Name = LAPTOPMAMA | Source = Application Hang | ID = 1002 Description = Stillstehende Anwendung firefox.exe, Version 12.0.0.4493, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000. [ OSession Events ] Error - 07.12.2008 17:37:57 | Computer Name = BLUBB | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 17021 seconds with 780 seconds of active time. This session ended with a crash. [ System Events ] Error - 20.07.2013 05:35:31 | Computer Name = LAPTOPMAMA | Source = DCOM | ID = 10010 Description = Der Server "{8BC3F05E-D86B-11D0-A075-00C04FB68820}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden. Error - 20.07.2013 05:36:38 | Computer Name = LAPTOPMAMA | Source = DCOM | ID = 10010 Description = Der Server "{8BC3F05E-D86B-11D0-A075-00C04FB68820}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden. Error - 20.07.2013 05:37:08 | Computer Name = LAPTOPMAMA | Source = DCOM | ID = 10010 Description = Der Server "{8BC3F05E-D86B-11D0-A075-00C04FB68820}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden. Error - 20.07.2013 05:37:38 | Computer Name = LAPTOPMAMA | Source = DCOM | ID = 10010 Description = Der Server "{8BC3F05E-D86B-11D0-A075-00C04FB68820}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden. Error - 20.07.2013 05:38:08 | Computer Name = LAPTOPMAMA | Source = DCOM | ID = 10010 Description = Der Server "{8BC3F05E-D86B-11D0-A075-00C04FB68820}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden. Error - 20.07.2013 05:38:38 | Computer Name = LAPTOPMAMA | Source = DCOM | ID = 10010 Description = Der Server "{8BC3F05E-D86B-11D0-A075-00C04FB68820}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden. Error - 20.07.2013 05:39:08 | Computer Name = LAPTOPMAMA | Source = DCOM | ID = 10010 Description = Der Server "{8BC3F05E-D86B-11D0-A075-00C04FB68820}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden. Error - 20.07.2013 05:39:38 | Computer Name = LAPTOPMAMA | Source = DCOM | ID = 10010 Description = Der Server "{8BC3F05E-D86B-11D0-A075-00C04FB68820}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden. Error - 20.07.2013 05:40:08 | Computer Name = LAPTOPMAMA | Source = DCOM | ID = 10010 Description = Der Server "{8BC3F05E-D86B-11D0-A075-00C04FB68820}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden. Error - 20.07.2013 05:40:38 | Computer Name = LAPTOPMAMA | Source = DCOM | ID = 10010 Description = Der Server "{8BC3F05E-D86B-11D0-A075-00C04FB68820}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden. < End of report > 3. Gmer.txt GMER 2.1.19163 - hxxp://www.gmer.net Rootkit scan 2013-07-20 15:45:56 Windows 5.1.2600 Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 Hitachi_HTS541080G9AT00 rev.MB4OA61A 74,53GB Running: gmer_2.1.19163.exe; Driver: C:\DOKUME~1\Tina\LOKALE~1\Temp\uwtdqkow.sys ---- System - GMER 2.1 ---- SSDT F7BCA72C ZwClose SSDT F7BCA6E6 ZwCreateKey SSDT F7BCA736 ZwCreateSection SSDT F7BCA6DC ZwCreateThread SSDT F7BCA6EB ZwDeleteKey SSDT F7BCA6F5 ZwDeleteValueKey SSDT F7BCA727 ZwDuplicateObject SSDT F7BCA6FA ZwLoadKey SSDT F7BCA6C8 ZwOpenProcess SSDT F7BCA6CD ZwOpenThread SSDT F7BCA74F ZwQueryValueKey SSDT F7BCA704 ZwReplaceKey SSDT F7BCA740 ZwRequestWaitReplyPort SSDT F7BCA6FF ZwRestoreKey SSDT F7BCA73B ZwSetContextThread SSDT F7BCA745 ZwSetSecurityObject SSDT F7BCA6F0 ZwSetValueKey SSDT F7BCA74A ZwSystemDebugControl SSDT F7BCA6D7 ZwTerminateProcess ---- Devices - GMER 2.1 ---- Device \FileSystem\Fastfat \Fat A9392D20 AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x81 0xA1 0xF4 0x03 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programme\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x05 0xDF 0x46 0xE8 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x93 0x48 0x4B 0xAE ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x74 0x6C 0xBF 0xEF ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x81 0xA1 0xF4 0x03 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programme\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x05 0xDF 0x46 0xE8 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x93 0x48 0x4B 0xAE ... ---- EOF - GMER 2.1 ---- Beste Grüße abcMartina |
| Themen zu Zwei Plagegeister entdeckt: ShellChanger und Agent |
| adobe, antivir, avg, avira, avira searchfree toolbar, bho, canon, einstellungen, error, excel, failed, fatal error, fehler, firefox, flash player, format, google, helper, hijack, home, intranet, logfile, plug-in, registry, rundll, scan, security, software, starmoney, temp, udp |
Baum-Darstellung