Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
PC stürzt ständig ab nach Infektion mit Yahoo-E-Mail-Wurm - Zusammenhang?

PC stürzt ständig ab nach Infektion mit Yahoo-E-Mail-Wurm - Zusammenhang?


Plagegeister aller Art und deren Bekämpfung: PC stürzt ständig ab nach Infektion mit Yahoo-E-Mail-Wurm - Zusammenhang?

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 16.06.2012, 15:19   #1
2xJoe
 
PC stürzt ständig ab nach Infektion mit Yahoo-E-Mail-Wurm - Zusammenhang? - Standard

PC stürzt ständig ab nach Infektion mit Yahoo-E-Mail-Wurm - Zusammenhang?


Hallo,

mein Yahoo-Account wurde vorgestern von einem Wurm infiziert, der sich ans ganze Adressbuch geschickt hat. Seit gestern stürzt nun mein PC ständig ab, aber kein Virenprogramm findet was.

Am Donnerstag morgen bekam ich per Mail von meinem Schwiegervater einen Link, den ich dummerweise öffnete (Mail in Windows Live Mail 2011, URL dann in Iron, basierend auf Chromium, auf Win 7 HP 32 bit).
Meine Frau bekam die Mail ebenfalls und öffnete ihn auch, allerdings mit einem Windows Phone 7, nicht auf dem PC. Die URL konnte jeweils nicht geöffnet werden, es kam ne error-405-Fehlermeldung, die jedoch gefaked gewesen sein könnte.

ca. 7 Stunden später loggte sich eine Vietnamesische IP in mein Yahoo-Konto ein und sandte Links mit ähnlichem Format (hinten was mit wordpress und googlemail.html, vorne wechselnde Domains) an das gesamte Adressbuch.
Ich änderte sofort das Passwort und löschte das online-Adressbuch bei Yahoo, meine Frau auch.
Bei mir war dann Ruhe, bei meiner Frau loggte sich jedoch ca. 30 Stunden nach dem sie Passwort geändert hatte ne Griechische IP ein und versandte ebenfalls diese Links an das gesamte Adressbuch.

Seit gestern morgen (24h nach öffnen des Links) friert mein PC nun 5-10 Minuten nach dem Booten ein, d.h. Anzeige bleibt stehen, nur Mauszeiger bewegt sich noch, sonst keine Reaktion, auch nicht auf Strg+Alt+Entf.

Virenscanner finden nichts (Dauerschutz: Sophos mit Manipulationsschutz, extra-Scan mit Avira von Live-CD).

AntiMalware findet auch nichts.
Habe eure Anleitung soweit es geht befolgt, das Problem ist, dass der PC immer einfriert, auch bei den Scans. Im abgesichert Modus konnte ich alles außer GMER durchlaufen lassen. GMER endete mit Bluescreen.
Bei Bedarf kann der Minidump hochgeladen werden.
Erstmal hänge ich alle Logs an, soweit vorhanden.
Die OTL kommt wie gewünscht direkt in den Thread:
Code:
ATTFilter
OTL logfile created on: 15.06.2012 19:37:45 - Run 1
OTL by OldTimer - Version 3.2.48.0     Folder = D:\Downloads
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,12 Gb Total Physical Memory | 2,23 Gb Available Physical Memory | 71,38% Memory free
6,25 Gb Paging File | 5,48 Gb Available in Paging File | 87,69% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 100,00 Gb Total Space | 27,69 Gb Free Space | 27,69% Space Free | Partition Type: NTFS
Drive D: | 364,66 Gb Total Space | 49,33 Gb Free Space | 13,53% Space Free | Partition Type: NTFS
 
Computer Name: JOHANNES-PC | User Name: Johannes | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.06.15 18:52:03 | 000,596,480 | ---- | M] (OldTimer Tools) -- D:\Downloads\OTL.exe
PRC - [2012.06.13 15:03:13 | 000,139,800 | ---- | M] (Sophos Limited) -- C:\Programme\Sophos\Sophos Anti-Virus\SavService.exe
PRC - [2012.04.04 15:56:38 | 000,981,680 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012.06.13 17:28:24 | 000,257,224 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.06.13 15:04:29 | 000,232,472 | ---- | M] (Sophos Limited) [Auto | Stopped] -- C:\Programme\Sophos\AutoUpdate\ALsvc.exe -- (Sophos AutoUpdate Service)
SRV - [2012.06.13 15:03:22 | 001,453,080 | ---- | M] (Sophos Limited) [Auto | Stopped] -- C:\ProgramData\Sophos\Web Intelligence\swi_update.exe -- (swi_update)
SRV - [2012.06.13 15:03:22 | 000,357,400 | ---- | M] (Sophos Limited) [Auto | Stopped] -- C:\Programme\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe -- (Sophos Web Control Service)
SRV - [2012.06.13 15:03:13 | 000,139,800 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Programme\Sophos\Sophos Anti-Virus\SavService.exe -- (SAVService)
SRV - [2012.06.13 15:03:00 | 000,216,600 | ---- | M] (Sophos Limited) [Auto | Stopped] -- C:\Programme\Sophos\Sophos Anti-Virus\SAVAdminService.exe -- (SAVAdminService)
SRV - [2012.06.13 15:02:26 | 002,830,360 | ---- | M] (Sophos Limited) [Auto | Stopped] -- C:\Programme\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe -- (swi_service)
SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.03.08 18:32:24 | 001,492,840 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2012.01.19 13:47:20 | 003,027,840 | ---- | M] (TeamViewer GmbH) [Auto | Stopped] -- C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2011.08.05 12:30:02 | 000,444,640 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV - [2011.08.05 12:30:02 | 000,268,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Zune\WMZuneComm.exe -- (WMZuneComm)
SRV - [2011.08.05 12:29:56 | 006,363,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV - [2011.06.26 16:32:18 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011.06.08 13:02:00 | 000,633,856 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.05.26 14:34:34 | 000,191,752 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Programme\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011.03.28 20:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) [Auto | Stopped] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2011.03.10 20:57:04 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2010.09.22 16:33:04 | 000,051,040 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010.05.04 13:07:22 | 000,503,080 | ---- | M] (Nero AG) [Auto | Stopped] -- C:\Programme\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2010.03.10 15:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) [Disabled | Stopped] -- c:\Programme\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2010.03.04 18:40:22 | 003,883,432 | ---- | M] (CANON INC.) [Auto | Stopped] -- C:\Programme\Canon\DIAS\CnxDIAS.exe -- (Canon Driver Information Assist Service)
SRV - [2010.02.19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Programme\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010.01.09 22:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010.01.09 22:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2009.08.10 22:04:48 | 000,093,848 | ---- | M] (SiSoftware) [On_Demand | Stopped] -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2011.SP1\RpcAgentSrv.exe -- (SandraAgentSrv)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.08.29 14:58:16 | 001,528,608 | ---- | M] (Cisco Systems, Inc.) [Auto | Stopped] -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2006.11.02 21:40:12 | 000,174,656 | ---- | M] () [Disabled | Stopped] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Johannes\AppData\Local\Temp\ALSysIO.sys -- (ALSysIO)
DRV - [2012.06.15 19:11:46 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2012.06.13 15:03:41 | 000,033,696 | ---- | M] (Sophos Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sdcfilter.sys -- (sdcfilter)
DRV - [2012.06.13 15:03:32 | 000,123,680 | ---- | M] (Sophos Limited) [File_System | System | Stopped] -- C:\Windows\System32\drivers\savonaccess.sys -- (SAVOnAccess)
DRV - [2012.04.04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011.11.15 12:51:08 | 000,031,736 | ---- | M] (Sophos Plc) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\skmscan.sys -- (SKMScan)
DRV - [2011.11.15 12:49:43 | 000,022,536 | ---- | M] (Sophos Plc) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\SophosBootDriver.sys -- (SophosBootDriver)
DRV - [2011.06.07 09:37:40 | 000,015,928 | ---- | M] (Resplendence Software Projects Sp.) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\rspAux32.sys -- (rspAux)
DRV - [2011.05.18 10:12:38 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2011.05.18 10:12:36 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2011.05.18 10:12:32 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2011.05.18 10:12:28 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2010.11.25 07:59:16 | 000,603,240 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTL8192su.sys -- (RTL8192su)
DRV - [2010.11.20 14:30:18 | 000,296,064 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\vpcvmm.sys -- (vpcvmm)
DRV - [2010.11.20 14:30:18 | 000,172,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpchbus.sys -- (vpcbus)
DRV - [2010.11.20 12:50:40 | 000,078,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vpcusb.sys -- (vpcusb)
DRV - [2010.11.20 12:50:38 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV - [2010.11.20 12:50:38 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vpcuxd.sys -- (vpcuxd)
DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.11.10 16:56:06 | 000,231,248 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\truecrypt.sys -- (truecrypt)
DRV - [2010.09.19 11:01:36 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WsAudio_DeviceS(5).sys -- (WsAudio_DeviceS(5)) WsAudio_DeviceS(5)
DRV - [2010.09.19 11:01:36 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WsAudio_DeviceS(4).sys -- (WsAudio_DeviceS(4)) WsAudio_DeviceS(4)
DRV - [2010.09.19 11:01:36 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WsAudio_DeviceS(3).sys -- (WsAudio_DeviceS(3)) WsAudio_DeviceS(3)
DRV - [2010.09.19 11:01:36 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WsAudio_DeviceS(2).sys -- (WsAudio_DeviceS(2)) WsAudio_DeviceS(2)
DRV - [2010.09.19 11:01:36 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WsAudio_DeviceS(1).sys -- (WsAudio_DeviceS(1)) WsAudio_DeviceS(1)
DRV - [2010.07.04 21:51:26 | 000,004,096 | ---- | M] () [Kernel | Unavailable | Unknown] -- C:\Programme\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5)
DRV - [2010.02.17 17:12:59 | 011,539,880 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009.11.12 06:14:28 | 000,066,664 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2009.08.07 23:46:56 | 000,023,112 | ---- | M] (SiSoftware) [Kernel | On_Demand | Stopped] -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2011.SP1\WNt500x86\sandra.sys -- (SANDRA)
DRV - [2009.07.14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009.07.07 23:48:14 | 000,011,832 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\amdide.sys -- (amdide)
DRV - [2009.06.05 04:53:42 | 000,027,320 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usbfilter.sys -- (usbfilter)
DRV - [2009.05.05 11:00:28 | 000,014,392 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV - [2008.08.29 14:57:18 | 000,306,299 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2008.08.26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008.03.29 18:36:28 | 000,125,328 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE)
DRV - [2007.01.18 19:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.medion.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://medion.msn.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.klingebiel-design.de/
IE - HKCU\..\SearchScopes,DefaultScope = {888BC754-39F2-4C37-8168-9C99793EEE54}
IE - HKCU\..\SearchScopes\{021909F8-EA94-4A00-B433-47347B513AAF}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{888BC754-39F2-4C37-8168-9C99793EEE54}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=MEDTDF&pc=MAMD&src=IE-SearchBox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/ig"
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.10
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: secureLogin@blueimp.net:0.9.7
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.2
FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.9
FF - prefs.js..extensions.enabledItems: {c75a27d8-4529-449f-b67b-aba65d7a1c0a}:0.5
FF - prefs.js..extensions.enabledItems: en-US@dictionaries.addons.mozilla.org:5.0.1
FF - prefs.js..extensions.enabledItems: de-DE@dictionaries.addons.mozilla.org:2.0.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: inspector@mozilla.org:2.0.9
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.4
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_257.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.4: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Johannes\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.02.02 10:15:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.06.14 22:27:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2011.09.07 16:30:49 | 000,000,000 | ---D | M]
 
[2010.11.06 21:45:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Johannes\AppData\Roaming\mozilla\Extensions
[2012.06.14 17:09:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Johannes\AppData\Roaming\mozilla\Firefox\Profiles\wuhfngp6.default\extensions
[2012.06.14 17:09:30 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Johannes\AppData\Roaming\mozilla\Firefox\Profiles\wuhfngp6.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2012.05.22 09:21:07 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Johannes\AppData\Roaming\mozilla\Firefox\Profiles\wuhfngp6.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011.01.07 19:16:19 | 000,000,000 | ---D | M] (Web Developer) -- C:\Users\Johannes\AppData\Roaming\mozilla\Firefox\Profiles\wuhfngp6.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
[2012.06.10 12:25:59 | 000,000,000 | ---D | M] (Evernote Web Clipper) -- C:\Users\Johannes\AppData\Roaming\mozilla\Firefox\Profiles\wuhfngp6.default\extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}
[2012.05.20 11:38:28 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Johannes\AppData\Roaming\mozilla\Firefox\Profiles\wuhfngp6.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010.11.27 13:21:32 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\Johannes\AppData\Roaming\mozilla\Firefox\Profiles\wuhfngp6.default\extensions\de-DE@dictionaries.addons.mozilla.org
[2012.05.20 11:38:15 | 000,000,000 | ---D | M] (United States English Spellchecker) -- C:\Users\Johannes\AppData\Roaming\mozilla\Firefox\Profiles\wuhfngp6.default\extensions\en-US@dictionaries.addons.mozilla.org
[2012.06.14 16:48:22 | 000,000,000 | ---D | M] (DOM Inspector) -- C:\Users\Johannes\AppData\Roaming\mozilla\Firefox\Profiles\wuhfngp6.default\extensions\inspector@mozilla.org
[2012.02.22 08:58:11 | 000,000,000 | ---D | M] (Minus - Share simply) -- C:\Users\Johannes\AppData\Roaming\mozilla\Firefox\Profiles\wuhfngp6.default\extensions\jid0-IqTRXaCOez4eRl9nE76oWp1G2iE@jetpack
[2011.02.07 12:45:13 | 000,001,185 | ---- | M] () -- C:\Users\Johannes\AppData\Roaming\Mozilla\Firefox\Profiles\wuhfngp6.default\searchplugins\am-lat-deu.xml
[2012.02.09 00:41:23 | 000,002,118 | ---- | M] () -- C:\Users\Johannes\AppData\Roaming\Mozilla\Firefox\Profiles\wuhfngp6.default\searchplugins\utrace.xml
[2012.06.14 22:27:41 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.06.14 22:27:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2012.04.13 13:07:25 | 000,340,198 | ---- | M] () (No name found) -- C:\USERS\JOHANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WUHFNGP6.DEFAULT\EXTENSIONS\{A7C6CF7F-112C-4500-A7EA-39801A327E5F}.XPI
[2012.05.22 08:37:50 | 000,069,995 | ---- | M] () (No name found) -- C:\USERS\JOHANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WUHFNGP6.DEFAULT\EXTENSIONS\{C75A27D8-4529-449F-B67B-ABA65D7A1C0A}.XPI
[2012.01.05 20:05:33 | 000,634,964 | ---- | M] () (No name found) -- C:\USERS\JOHANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WUHFNGP6.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012.02.11 20:22:28 | 000,709,293 | ---- | M] () (No name found) -- C:\USERS\JOHANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WUHFNGP6.DEFAULT\EXTENSIONS\{DDC359D1-844A-42A7-9AA1-88A850A938A8}.XPI
[2012.04.16 19:42:25 | 000,341,918 | ---- | M] () (No name found) -- C:\USERS\JOHANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WUHFNGP6.DEFAULT\EXTENSIONS\READABLE@EVERNOTE.COM.XPI
[2011.11.01 17:10:31 | 000,083,513 | ---- | M] () (No name found) -- C:\USERS\JOHANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WUHFNGP6.DEFAULT\EXTENSIONS\SECURELOGIN@BLUEIMP.NET.XPI
[2012.02.02 10:15:55 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.10.12 09:06:05 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.10.12 09:06:05 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.10.12 09:06:05 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.10.12 09:06:05 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.10.12 09:06:05 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.10.12 09:06:05 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2012.05.30 14:07:22 | 000,000,905 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 nemetschek.net
O1 - Hosts: 127.0.0.1 vectorworks.net
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Translator) - {FF284F5C-7CF9-4682-8701-D467C1DBB99F} - C:\Programme\PRMT7\PRMTIE\prmtie.dll (PROMT Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Sophos AutoUpdate Monitor] C:\Programme\Sophos\AutoUpdate\ALMon.exe (Sophos Limited)
O4 - HKLM..\Run: [SwitchBoard] C:\Programme\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Zune Launcher] C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Johannes\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk = C:\Programme\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Öffnen mit WordPerfect - C:\Programme\WordPerfect Office X3\Programs\WPLauncher.hta ()
O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Translate - {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} - C:\Programme\PRMT7\PRMTIE\prmtie5.htm ()
O9 - Extra 'Tools' menuitem : Customize translation options - {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} - C:\Programme\PRMT7\PRMTIE\OPTIONS.HTM ()
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O13 - gopher Prefix: missing
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx (WRC Class)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D1DDD267-36D0-4427-802C-9AE478D5E963}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL) - C:\Programme\Sophos\Sophos Anti-Virus\sophos_detoured.dll (Sophos Limited)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{ac2313b8-2baa-11e1-b9fc-406186e5119a}\Shell - "" = AutoRun
O33 - MountPoints2\{ac2313b8-2baa-11e1-b9fc-406186e5119a}\Shell\AutoRun\command - "" = L:\Setup.exe
O33 - MountPoints2\I\Shell - "" = AutoRun
O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O33 - MountPoints2\J\Shell - "" = AutoRun
O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\autorun.exe
O33 - MountPoints2\K\Shell - "" = AutoRun
O33 - MountPoints2\K\Shell\AutoRun\command - "" = K:\Autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.06.15 19:11:46 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012.06.15 10:18:11 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Local\{AA088295-ED44-4E7F-8E0C-EE168452B114}
[2012.06.14 22:27:13 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012.06.14 21:42:56 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Roaming\Malwarebytes
[2012.06.14 21:42:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.06.14 21:42:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.06.14 21:42:47 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.06.14 21:42:47 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.06.14 21:24:00 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Local\{890E4C94-1921-4F0D-9F88-75E8613BEB52}
[2012.06.14 21:23:49 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Local\{118A0253-8D43-4A64-9015-8F08E89D54C4}
[2012.06.14 16:15:15 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Local\Macromedia
[2012.06.14 08:24:15 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Local\{7367C0E8-E093-4784-AECC-764EF12701EE}
[2012.06.14 08:23:47 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Local\{4CB6289B-9F95-4C3A-B914-F5AD5CA5023B}
[2012.06.13 23:49:24 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Local\{70E19AF1-ECD8-45AA-850F-FA613D14C0E6}
[2012.06.13 23:49:13 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Local\{876C4741-D43B-4BFC-BE12-0B7FFE2F0AFB}
[2012.06.13 15:06:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
[2012.06.13 15:06:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Cisco Systems
[2012.06.13 15:06:01 | 000,030,744 | ---- | C] (Sophos Limited) -- C:\Windows\System32\SophosBootTasks.exe
[2012.06.13 15:03:41 | 000,033,696 | ---- | C] (Sophos Limited) -- C:\Windows\System32\drivers\sdcfilter.sys
[2012.06.13 15:03:32 | 000,123,680 | ---- | C] (Sophos Limited) -- C:\Windows\System32\drivers\savonaccess.sys
[2012.06.13 08:35:19 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Local\{AA50886B-CB1D-4655-8DCE-DFEB09D78E92}
[2012.06.13 08:34:57 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Local\{19B21600-4529-4712-8F04-2711D96F0599}
[2012.06.12 20:34:39 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Local\{9916097D-2B93-4738-9CEF-9E9AF7FDDC1A}
[2012.06.12 20:34:17 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Local\{DCA8BCEA-46F7-492A-A459-6662826F31DC}
[2012.06.12 08:33:19 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Local\{DFE30713-61F2-4D66-9561-97CB16284A06}
[2012.06.12 08:33:07 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Local\{88329155-010A-42B4-A875-B082D69916E5}
[2012.06.11 09:19:41 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Local\{36073863-5488-424F-BB30-02025969F567}
[2012.06.11 09:19:18 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Local\{103A182B-02C8-4DB6-819A-50FC95BB0A1D}
[2012.06.10 10:43:42 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Local\{C3D47369-831B-4BD0-B872-40D5150E463F}
[2012.06.10 10:42:38 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Local\{C9206CD1-3FA4-4734-9603-80B03AC9D6B5}
[2012.06.07 09:07:30 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Local\{3DCE464F-8E1D-4E80-9AA6-A644EFD98853}
[2012.06.07 09:07:01 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Local\{5BEA6CBF-664E-4DEE-BB47-987837492E99}
[2012.06.06 20:00:11 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Local\{8024115B-50A7-4F87-BDA4-5F53430A6ADC}
[2012.06.06 19:59:50 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Local\{05CE1A29-6016-41C7-850B-039D667DB632}
[2012.06.06 17:44:37 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Local\MAD
[2012.06.06 17:44:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GearMage
[2012.06.06 17:44:16 | 000,000,000 | ---D | C] -- C:\Program Files\GearMage
[2012.06.06 17:43:16 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Local\Downloaded Installations
[2012.06.06 07:59:19 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Local\{CBB9C856-FA76-4E25-B7EC-502264CCEDEF}
[2012.06.06 07:58:50 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Local\{8BD4CC74-82B3-425A-B1E6-87FC41814EC8}
[2012.06.05 20:36:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2012.06.05 13:28:49 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Local\{0162BACA-6B9F-4EDA-8F3B-C6FFBE398C0B}
[2012.06.05 13:28:38 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Local\{9248CA24-0EE1-461B-9EB9-8EC269AFE5A4}
[2012.06.05 08:16:33 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Local\{461CC06B-3A85-4800-BAA7-089683A29054}
[2012.06.05 08:16:20 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Local\{DC9D7A8F-DD7C-4EB6-8A92-5601590B04B5}
[2012.06.04 09:30:53 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Local\{D1995E49-C9AB-440A-895F-5DB6A604B59F}
[2012.06.04 09:30:43 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Local\{666F7C67-CF89-46D9-8FA4-22BD5B84BB5F}
[2012.06.03 10:16:54 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Local\{AAE75CBC-5F72-46C9-863E-24D26E609061}
[2012.06.03 10:16:43 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Local\{B34B50CE-7C3D-46EE-9854-83AB28AC56ED}
[2012.06.02 10:49:39 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Local\{0E161234-FFF0-4303-B862-6F1F6EAB3DFC}
[2012.06.02 10:49:02 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Local\{69030007-56A3-48BC-B74B-6DB9AEA36CCE}
[2012.06.01 09:57:43 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Local\{365D1731-21C6-4107-86E3-89AAC9657CF4}
[2012.06.01 09:57:21 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Local\{9EF5DE0A-3479-48E5-AFF3-7F4927E5AD3E}
[2012.05.31 21:56:50 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Local\{E56283F1-072B-41BF-9D3D-EFFF89683A4D}
[2012.05.31 21:56:39 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Local\{04916CA1-9C2D-4DCE-B07C-44CDCECBA30D}
[2012.05.31 07:49:02 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Local\{422F6870-0981-4D80-AC16-6C5D57625387}
[2012.05.31 07:48:44 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Local\{D5DA5BB4-3FC1-44FE-B92C-A8AF9CF332EE}
[2012.05.30 14:25:58 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Local\KSPrograms
[2012.05.30 14:18:12 | 000,000,000 | ---D | C] -- C:\Program Files\Reverse Algorithm
[2012.05.30 11:07:57 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Local\{B57A87C8-A84F-4EAB-A60F-20BE03B24C5C}
[2012.05.30 11:07:32 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Local\{41F68021-4978-4C6D-A4FE-73E90A5D8E67}
[2012.05.29 21:07:38 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Local\{9990EB2D-935F-4CD3-95F0-DBD4A58620E1}
[2012.05.29 09:46:32 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Roaming\Google
[2012.05.29 09:46:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Google
[2012.05.29 09:08:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google SketchUp 8
[2012.05.29 09:00:20 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Local\{FF6EF246-83EE-499E-A074-8AD82EA461D1}
[2012.05.29 09:00:07 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Local\{FB456BAF-2BC9-4454-AFC4-F5EF930AB00B}
[2012.05.28 17:20:15 | 000,000,000 | ---D | C] -- D:\Eigene Dokumente\Wolfgang&Tanja Hochzeit
[2012.05.28 11:23:28 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Local\{EB052C1B-C949-466F-86E1-542AC36146AF}
[2012.05.28 11:23:00 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Local\{842F63A3-B2AA-406F-8B45-7365E84217C0}
[2012.05.27 10:15:55 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Local\{F4E0CB1E-F59C-4A94-A636-075863C42DEC}
[2012.05.27 10:15:34 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Local\{9A2B8BD6-48F6-499E-A61F-7980621AF3A2}
[2012.05.26 11:04:09 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Local\{D5841CD9-FA9E-4E70-A3A3-74BE9BE41269}
[2012.05.26 11:03:57 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Local\{6B4760EA-B8B3-47D0-8F0F-02ABCB23690F}
[2012.05.25 08:32:28 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Local\{CF118ECA-5AED-4510-B9D7-5D4B56E5A902}
[2012.05.25 08:32:01 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Local\{986811C7-260B-4A59-8911-4187FE3D4D4F}
[2012.05.24 08:29:43 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Local\{8AEC26BF-D047-4D37-BAEA-BCD69A27FDA0}
[2012.05.24 08:29:29 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Local\{D7360572-72CB-4173-98FE-F7FA2ED6271B}
[2012.05.23 20:57:21 | 000,978,432 | ---- | C] (GNU <www.gnu.org>) -- C:\Windows\System32\libiconv2.dll
[2012.05.23 10:23:30 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Local\{92D8F06C-D73F-4AE8-8637-A70354BB600E}
[2012.05.23 10:23:15 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Local\{2BBA466B-FC0E-4003-BD00-748088CFCFE1}
[2012.05.22 07:59:09 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Local\{DEA648C4-CA66-4C5C-8526-F2DF33D880E6}
[2012.05.22 07:58:58 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Local\{74EC38F5-B567-4429-83FF-72B4F41BBAB1}
[2012.05.20 11:37:38 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Local\{283063FF-F525-4563-B00F-68BF5285E6F0}
[2012.05.20 11:37:25 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Local\{7AEBF9B2-3BC6-4FBA-857E-1E40E0A2B348}
[2012.05.19 12:43:58 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Local\{64163145-060C-4E2A-A8BC-DE1427A52ED4}
[2012.05.19 12:43:29 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Local\{A5AF4E62-8AAC-46BD-8AC6-6CCD19A8407D}
[2012.05.18 07:52:21 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Local\{046BEF64-8D28-4E9F-BA5D-80530D0820D5}
[2012.05.18 07:52:06 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Local\{7FA15043-3622-42B4-83E1-D40A878743DE}
[2012.05.17 18:10:35 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Local\{58589DBD-1E9D-477C-B7CD-A38B5DAE9C10}
[2012.05.17 18:10:24 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Local\{45CC308C-21DD-4A13-BF9A-1630FA275EC6}
[2012.05.16 20:00:22 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Local\{E21DBF0F-366F-4C68-B3CD-11461549B341}
[2012.05.16 20:00:00 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Local\{3B5753C2-94BD-4153-AA2B-3D61FDE89977}
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.06.15 19:16:10 | 000,654,042 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.06.15 19:16:10 | 000,615,924 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.06.15 19:16:10 | 000,129,914 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.06.15 19:16:10 | 000,106,304 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.06.15 19:11:46 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012.06.15 19:09:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.06.15 19:09:30 | 2515,247,104 | -HS- | M] () -- C:\hiberfil.sys
[2012.06.15 18:56:21 | 000,010,096 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.06.15 18:56:21 | 000,010,096 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.06.15 18:51:46 | 000,000,000 | ---- | M] () -- C:\Users\Johannes\defogger_reenable
[2012.06.15 18:49:34 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.06.15 18:48:33 | 004,069,392 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.06.15 10:33:01 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.06.15 10:05:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.06.14 21:42:49 | 000,001,075 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.06.13 17:27:12 | 000,000,680 | RHS- | M] () -- C:\Users\Johannes\ntuser.pol
[2012.06.13 15:03:41 | 000,033,696 | ---- | M] (Sophos Limited) -- C:\Windows\System32\drivers\sdcfilter.sys
[2012.06.13 15:03:33 | 000,030,744 | ---- | M] (Sophos Limited) -- C:\Windows\System32\SophosBootTasks.exe
[2012.06.13 15:03:32 | 000,123,680 | ---- | M] (Sophos Limited) -- C:\Windows\System32\drivers\savonaccess.sys
[2012.06.11 11:27:44 | 000,007,611 | ---- | M] () -- C:\Users\Johannes\AppData\Local\Resmon.ResmonCfg
[2012.06.05 14:06:25 | 000,008,016 | ---- | M] () -- D:\Desktop\Namenlos-4.pdf
[2012.06.02 17:54:21 | 000,060,928 | ---- | M] () -- C:\Users\Johannes\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.06.02 12:41:37 | 000,001,059 | ---- | M] () -- C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012.06.02 11:34:18 | 000,000,391 | ---- | M] () -- D:\Desktop\backup examensarbeit.bat
[2012.05.29 12:24:03 | 000,041,588 | ---- | M] () -- D:\Desktop\Konto - Inlandsüberweisung.pdf
[2012.05.29 10:43:09 | 000,011,670 | ---- | M] () -- D:\Desktop\Wolfgang-Borchert-Theater.pdf
[2012.05.29 10:21:02 | 000,090,968 | ---- | M] () -- D:\Eigene Dokumente\Modell.skp
[2012.05.29 10:08:28 | 000,017,507 | ---- | M] () -- D:\Eigene Dokumente\Modell.skb
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.06.15 18:51:46 | 000,000,000 | ---- | C] () -- C:\Users\Johannes\defogger_reenable
[2012.06.14 21:42:49 | 000,001,075 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.06.05 14:06:19 | 000,008,016 | ---- | C] () -- D:\Desktop\Namenlos-4.pdf
[2012.05.29 12:24:01 | 000,041,588 | ---- | C] () -- D:\Desktop\Konto - Inlandsüberweisung.pdf
[2012.05.29 10:43:09 | 000,011,670 | ---- | C] () -- D:\Desktop\Wolfgang-Borchert-Theater.pdf
[2012.05.29 10:21:02 | 000,017,507 | ---- | C] () -- D:\Eigene Dokumente\Modell.skb
[2012.05.29 10:08:27 | 000,090,968 | ---- | C] () -- D:\Eigene Dokumente\Modell.skp
[2012.05.23 20:57:22 | 005,875,200 | ---- | C] () -- C:\Windows\System32\pdftk.exe
[2012.05.05 13:58:57 | 004,069,392 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.04.28 17:43:24 | 000,011,910 | ---- | C] () -- C:\Windows\System32\Genmidi.dll
[2012.04.28 17:43:24 | 000,011,910 | ---- | C] () -- C:\Windows\Genmidi.dll
[2012.04.20 19:30:10 | 000,003,821 | ---- | C] () -- C:\Windows\luther.ini
[2012.02.22 21:32:00 | 000,001,472 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys
[2012.01.14 18:00:51 | 000,000,046 | ---- | C] () -- C:\Windows\System32\DonationCoder_urlsnooper_InstallInfo.dat
[2011.11.06 09:53:02 | 000,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll
[2011.11.06 09:53:02 | 000,045,056 | ---- | C] () -- C:\Windows\System32\unredmon.exe
[2011.09.24 12:08:49 | 000,038,420 | ---- | C] () -- C:\Users\Johannes\AppData\Roaming\Microsoft Excel 97-2003.ADR
[2011.09.24 12:07:28 | 000,038,423 | ---- | C] () -- C:\Users\Johannes\AppData\Roaming\Kommagetrennte Werte (DOS).ADR
[2011.09.24 12:04:59 | 000,038,431 | ---- | C] () -- C:\Users\Johannes\AppData\Roaming\Tabulatorgetrennte Werte (Windows).ADR
[2011.09.24 11:59:14 | 000,038,427 | ---- | C] () -- C:\Users\Johannes\AppData\Roaming\Kommagetrennte Werte (Windows).ADR
[2011.07.13 07:44:11 | 000,000,600 | ---- | C] () -- C:\Users\Johannes\AppData\Local\PUTTY.RND
[2011.07.13 07:15:08 | 000,000,600 | ---- | C] () -- C:\Users\Johannes\AppData\Roaming\winscp.rnd
[2011.07.08 15:17:43 | 000,000,555 | ---- | C] () -- C:\Users\Johannes\AppData\Roaming\AutoGK.ini
[2011.06.10 06:34:52 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2011.03.10 15:20:14 | 000,132,608 | ---- | C] () -- C:\Windows\System32\gswin32c.exe
[2011.03.10 14:59:46 | 000,053,248 | ---- | C] () -- C:\Windows\System32\bbox.exe
[2011.02.17 12:53:44 | 010,977,280 | ---- | C] () -- C:\ProgramData\sandra.mda
[2010.11.17 12:08:05 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2010.11.12 20:22:15 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.11.09 21:14:29 | 000,060,928 | ---- | C] () -- C:\Users\Johannes\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.11.09 20:12:23 | 000,007,611 | ---- | C] () -- C:\Users\Johannes\AppData\Local\Resmon.ResmonCfg
[2010.11.09 19:16:05 | 000,084,480 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2010.11.09 12:18:29 | 001,982,464 | ---- | C] () -- C:\Windows\System32\bwbits70.dll
[2010.11.09 12:18:29 | 000,181,760 | ---- | C] () -- C:\Windows\System32\patchw32.dll
[2010.11.09 12:18:29 | 000,116,736 | ---- | C] () -- C:\Windows\System32\patchw.dll
[2010.11.09 12:18:29 | 000,081,920 | ---- | C] () -- C:\Windows\System32\bwplay.exe
[2010.11.09 12:18:29 | 000,055,808 | ---- | C] () -- C:\Windows\System32\zlib1.dll
[2010.11.09 12:18:29 | 000,020,992 | ---- | C] () -- C:\Windows\System32\bwntsend.dll
[2010.11.09 12:18:29 | 000,016,896 | ---- | C] () -- C:\Windows\System32\bwnthook.dll
[2010.11.06 21:22:10 | 000,000,000 | ---- | C] () -- C:\Users\Johannes\AppData\Roaming\wklnhst.dat
[2010.11.06 20:54:58 | 000,000,044 | ---- | C] () -- C:\Windows\System32\IsConfig.ini
 
========== LOP Check ==========
 
[2012.06.13 11:28:28 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\.purple
[2011.02.01 21:28:01 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\Audacity
[2012.04.29 12:11:38 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\Babylon
[2011.11.02 11:10:58 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010.11.21 13:45:44 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\com.adobe.newhope.NHProject.edu.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1
[2011.02.13 21:01:01 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\CrypTool
[2011.03.18 16:05:26 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\DeepBurner
[2012.01.14 18:00:51 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\DonationCoder
[2012.06.15 18:51:23 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\Dropbox
[2010.12.11 12:02:41 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\EAC
[2011.12.09 15:39:01 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\elsterformular
[2010.11.06 21:49:58 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\enchant
[2012.06.14 18:33:29 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\foobar2000
[2011.11.06 09:53:00 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\FreePDF
[2012.04.17 21:37:13 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\FRITZ!
[2012.04.17 21:30:42 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\FRITZ!fax für FRITZ!Box
[2012.02.06 07:57:04 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\gpdf2swf
[2012.05.31 08:27:12 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\gtk-2.0
[2011.02.19 19:13:37 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\ICAClient
[2010.11.23 12:43:40 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\inkscape
[2011.01.23 12:09:21 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\IrfanView
[2012.06.13 18:44:21 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\Mp3tag
[2011.08.10 11:14:42 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\Nokia
[2011.08.10 11:14:44 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\Nokia Ovi Suite
[2010.11.08 18:59:50 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\Notepad++
[2012.02.27 09:35:28 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\Opera
[2011.08.10 11:13:53 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\PC Suite
[2010.11.21 13:37:34 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\Project MT
[2011.09.04 19:14:41 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\Simfy
[2011.09.18 11:59:10 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\SmartTools
[2012.04.28 17:33:26 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\Steinberg
[2012.03.08 12:21:28 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\Subversion
[2012.01.22 17:39:10 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\TeamViewer
[2010.11.06 21:22:39 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\Template
[2011.03.26 19:22:54 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\TIPP10
[2010.11.10 17:21:52 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\TrueCrypt
[2012.05.26 12:44:48 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\TV-Browser
[2010.11.06 21:56:38 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1
[2012.05.22 19:52:04 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\uTorrent
[2011.07.19 07:21:28 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\Windows Live Writer
[2011.12.06 10:33:41 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\xrecode2
[2012.04.18 17:29:27 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
Wenn irgendwer ne Idee hat, was mit meinem PC los ist, wäre ich sehr dankbar.

Gruß Johannes
Geändert von 2xJoe (16.06.2012 um 16:02 Uhr) Grund: OTL-Log noch direkt eingefügt

Alt 17.06.2012, 18:58   #2
2xJoe
 
PC stürzt ständig ab nach Infektion mit Yahoo-E-Mail-Wurm - Zusammenhang? - Standard

PC stürzt ständig ab nach Infektion mit Yahoo-E-Mail-Wurm - Zusammenhang?


Scheinbar bin ich der einzige, dessen PC betroffen ist, wenn ich die anderen Threads hier und auf chip.de zum aktuellen Yahoo-Wurm so lese. Vielleicht hängt es ja wirklich überhaupt nicht mit dem Yahoo-Wurm zusammen und war bei mir nur ein dummer Zufall.
Das komische ist ja, dass bei meiner Frau ein unbefugter Zugriff auf das Yahoo-Account erfolgte, nachdem sie das Passwort schon geändert hatte.
Vielleicht gab/gibt es einfach eine Schwachstelle in der API von Yahoo, über die man ohne Passwort auf den Account zugreifen kann? Evtl. mit Hilfe der IP der Opfer, die den Link angeklickt haben? Also so, dass der Hacker/Bot/wasauchimmer durch anklicken des Links oder Laden des HTMLs der infizierten Mail meine Mailadresse + aktueller IP bekommen hat und damit bei Yahoo einen Login vorgaukeln konnte, ohne das Passwort zu besitzen.
Nen Trojaner, der nen Keylogger eingeschleust hat, sollten die Virenscanner doch wohl entdecken, oder?
Ich check's nich...
__________________
Antwort

Themen zu PC stürzt ständig ab nach Infektion mit Yahoo-E-Mail-Wurm - Zusammenhang?
32 bit, abgesichert modus, anleitung, anzeige, avira, bingbar, booten, canon, chromium, document, format, friert, gmer, google earth, griechische, infektion, infiziert, link, links, live, locker, mail, mail-wurm, minidump, passwort, plug-in, problem, programm, reaktion, scan, scanner finden nichts, searchscopes, sketchup, sophos, strg, virus, windows, windows live, windows live mail, windows live mail 2011, wordpress, wurm, yahoo, öffnen


« Infizierte Datei bei Andi-Malware | [Ticket#73232454] No Subject - Email die ich nie verschickt habe! »


Ähnliche Themen: PC stürzt ständig ab nach Infektion mit Yahoo-E-Mail-Wurm - Zusammenhang?


  1. Firefox öfnnet ständig Websiten & Avast schlägt die ganze Zeit Alarm. Infektion URL Mail
    Log-Analyse und Auswertung - 09.03.2015 (13)
  2. Win 8 nach Neuinstallation immernoch extrem langsam und stürzt ständig ab
    Log-Analyse und Auswertung - 17.05.2014 (1)
  3. Yahoo-Mail versendet Spam
    Plagegeister aller Art und deren Bekämpfung - 27.04.2014 (13)
  4. Yahoo mail versendt Spam
    Plagegeister aller Art und deren Bekämpfung - 17.04.2014 (21)
  5. Yahoo-acoount versendet E-Mail mit Spam-Link
    Plagegeister aller Art und deren Bekämpfung - 14.04.2014 (1)
  6. Meine Yahoo! Mail versendet Spam eMails
    Plagegeister aller Art und deren Bekämpfung - 14.04.2014 (1)
  7. Yahoo Mail SPAM
    Überwachung, Datenschutz und Spam - 29.10.2013 (31)
  8. System Care Antivirus: Infektion behoben oder nicht? Zusammenhang mit Online-Banking?
    Plagegeister aller Art und deren Bekämpfung - 08.07.2013 (13)
  9. E-Mail von mms@t-mobile-sms.de! Zusammenhang mit Trojan:Win32/Bublik.B?
    Plagegeister aller Art und deren Bekämpfung - 25.02.2013 (46)
  10. Yahoo Mail Account verschickt Spam Mails
    Log-Analyse und Auswertung - 16.12.2012 (29)
  11. Yahoo-Mail Account versendet Spam Mails
    Log-Analyse und Auswertung - 25.05.2012 (10)
  12. PC stürzt nach erfolgreichem Virenscan ständig ab
    Plagegeister aller Art und deren Bekämpfung - 06.05.2012 (34)
  13. In Yahoo Mail Account gehackt
    Log-Analyse und Auswertung - 18.01.2012 (18)
  14. Yahoo E-Mail Account verschickt Spam
    Plagegeister aller Art und deren Bekämpfung - 20.10.2011 (3)
  15. nach heftigem Virenbefall: PC stürzt ständig ab, AntiVir zeigt TR/Crypt.XPACK.Gen an
    Plagegeister aller Art und deren Bekämpfung - 27.05.2010 (0)
  16. Probleme nach Wurm Infektion
    Plagegeister aller Art und deren Bekämpfung - 14.01.2009 (1)
  17. ICQ Wurm Infektion
    Plagegeister aller Art und deren Bekämpfung - 30.05.2007 (1)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema PC stürzt ständig ab nach Infektion mit Yahoo-E-Mail-Wurm - Zusammenhang? - Hallo, mein Yahoo-Account wurde vorgestern von einem Wurm infiziert, der sich ans ganze Adressbuch geschickt hat. Seit gestern stürzt nun mein PC ständig ab, aber kein Virenprogramm findet was. Am - PC stürzt ständig ab nach Infektion mit Yahoo-E-Mail-Wurm - Zusammenhang?...
Archiv
Du betrachtest: PC stürzt ständig ab nach Infektion mit Yahoo-E-Mail-Wurm - Zusammenhang? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131