|
Plagegeister aller Art und deren Bekämpfung: Unberechtigte Remotezugriffe auf meinem Rechner ?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
10.10.2012, 09:49 | #1 |
| Unberechtigte Remotezugriffe auf meinem Rechner ? Guten morgen, ich habe mich vorgestern in Wikipedia über das "Netbus"-Programm informiert, dabei dann nach der sysedit.exe auf meinem system gesucht, und bingo, auch gefunden. Als ich gestern morgen die sysedit.exe nochmals suchen und ansehen wollte, war sie nicht mehr aufzufinden. Ansonsten hab ich eigentlich keine Probleme mit meinem PC. Vorgestern wurden nur auf einmal anscheinend alle Seitenaufrufe im Firefox über eine Pishing Seite geleitet, die WEB.DE toolbar meldete sich jedenfalls und hat das wohl verhindert und eine Meldung herausgegeben. Ich bin durch eine Freundin darauf gekommen, mal danach zu suchen. Wir sind zusammen in einer Gruppe und dort gibt es jemanden, den wir leider verdächtigen, unberechtigte Remote-Zugriffe vor allem bei der Freundin zu tätigen. Sie hat jedenfalls ständig Probleme mit ihrem PC, die sich auch durch eine Neuinstallation nicht verringern ließen bzw. 4 Tage hatte sie Ruhe, und dann ging es wieder los. Was kann ich jetzt tun, oder sollte ich jetzt tun? Ich hab die Avira Internet Security auf meinem Rechner, sie hat nix gemeldet. Mit freundlichen Grüßen janeway hier mein OTL-Text:OTL Logfile: Code:
ATTFilter OTL logfile created on: 10.10.2012 07:57:58 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,98 Gb Total Physical Memory | 1,59 Gb Available Physical Memory | 39,89% Memory free 13,94 Gb Paging File | 11,14 Gb Available in Paging File | 79,90% Paging File free Paging file location(s): d:\pagefile.sys 0 0m:\pagefile.sys 6117 6117 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 52,51 Gb Total Space | 1,54 Gb Free Space | 2,93% Space Free | Partition Type: NTFS Drive D: | 239,26 Gb Total Space | 41,99 Gb Free Space | 17,55% Space Free | Partition Type: NTFS Drive E: | 30,76 Gb Total Space | 0,84 Gb Free Space | 2,74% Space Free | Partition Type: NTFS Drive F: | 28,07 Gb Total Space | 0,42 Gb Free Space | 1,49% Space Free | Partition Type: NTFS Drive G: | 616,82 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF Drive I: | 14,96 Gb Total Space | 2,51 Gb Free Space | 16,75% Space Free | Partition Type: FAT32 Drive M: | 878,90 Gb Total Space | 574,75 Gb Free Space | 65,39% Space Free | Partition Type: NTFS Computer Name: *** | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.10.10 07:45:11 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe PRC - [2012.10.10 07:42:26 | 000,050,477 | ---- | M] () -- M:\Downloads\Downloads ab 3-10-12\Defogger.exe PRC - [2012.10.08 22:59:21 | 001,807,800 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe PRC - [2012.09.13 07:35:42 | 000,212,432 | ---- | M] (Google Inc.) -- C:\Users\***\AppData\Local\Google\Update\1.3.21.123\GoogleCrashHandler.exe PRC - [2012.09.09 04:49:20 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2012.08.15 15:18:40 | 000,357,016 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnetdhcp.exe PRC - [2012.08.15 15:17:26 | 000,435,864 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnat.exe PRC - [2012.08.15 13:19:58 | 000,079,872 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe PRC - [2012.08.08 11:24:51 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.07.05 18:41:46 | 003,048,136 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe PRC - [2012.06.29 12:25:23 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2012.06.29 12:24:26 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe PRC - [2012.06.29 12:24:20 | 000,375,760 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe PRC - [2012.06.29 12:24:19 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2012.06.29 12:24:18 | 000,619,472 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe PRC - [2012.06.28 18:31:12 | 000,692,432 | ---- | M] (Star Finanz - Software Entwicklung und Vertriebs GmbH) -- m:\Program Files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe PRC - [2012.05.24 20:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe PRC - [2012.05.16 15:44:58 | 001,084,840 | ---- | M] (Nokia) -- C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe PRC - [2012.05.14 11:28:22 | 006,149,120 | ---- | M] (FreeDownloadManager.ORG) -- C:\Program Files (x86)\Free Download Manager\fdm.exe PRC - [2012.04.22 13:51:04 | 000,720,936 | ---- | M] (Nokia) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe PRC - [2012.04.22 13:50:32 | 000,148,520 | ---- | M] (Nokia) -- C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe PRC - [2011.06.05 18:28:54 | 001,546,648 | ---- | M] (Discordia, LTD) -- C:\Program Files (x86)\Windows jZip Toolbar\Datamngr\datamngrUI.exe PRC - [2011.05.09 12:37:06 | 000,175,472 | ---- | M] (GFI Software Development Ltd.) -- C:\Program Files (x86)\GFI\LANguard 10 Agent\lnssatt.exe PRC - [2011.04.01 05:11:52 | 000,428,640 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe PRC - [2011.03.14 11:22:06 | 002,125,472 | ---- | M] (Audible, Inc.) -- C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe PRC - [2010.12.23 10:42:02 | 002,236,416 | ---- | M] () -- C:\Program Files (x86)\Vtune\TBPANEL.exe PRC - [2010.12.12 22:42:38 | 000,369,256 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2010.11.21 05:25:10 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe PRC - [2010.11.16 15:37:30 | 000,230,912 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\ProgramData\DataCardService\DCSHelper.exe PRC - [2010.11.11 18:07:12 | 000,199,600 | ---- | M] (Telefónica I+D) -- C:\Program Files (x86)\o2\Mobile Connection Manager\ImpWiFiSvc.exe PRC - [2009.10.14 13:36:56 | 002,793,304 | ---- | M] () -- C:\Programme\Logitech\Logitech WebCam Software\LWS.exe PRC - [2009.10.14 13:34:18 | 000,560,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\logishrd\LQCVFX\COCIManager.exe PRC - [2009.10.07 01:47:22 | 000,125,464 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\LVPrS64H.exe PRC - [2009.07.27 17:54:14 | 000,110,592 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Users\***\AppData\Roaming\Mobile Partner\ouc.exe PRC - [2009.01.30 18:02:18 | 002,542,528 | ---- | M] (SlySoft, Inc.) -- C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe PRC - [2009.01.30 00:20:49 | 000,057,344 | ---- | M] (SlySoft, Inc.) -- C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe PRC - [2008.11.09 22:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe ========== Modules (No Company Name) ========== MOD - [2012.10.10 07:42:26 | 000,050,477 | ---- | M] () -- M:\Downloads\Downloads ab 3-10-12\Defogger.exe MOD - [2012.10.08 22:59:21 | 009,814,968 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll MOD - [2012.09.09 04:49:20 | 002,244,064 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll MOD - [2012.05.16 15:45:56 | 000,276,392 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\phonon4.dll MOD - [2012.05.16 15:45:40 | 002,652,584 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtXmlPatterns4.dll MOD - [2012.05.16 15:45:40 | 000,363,944 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtXml4.dll MOD - [2012.05.16 15:45:38 | 011,166,120 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtWebKit4.dll MOD - [2012.05.16 15:45:36 | 001,346,472 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtScript4.dll MOD - [2012.05.16 15:45:36 | 000,205,736 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtSql4.dll MOD - [2012.05.16 15:45:34 | 001,013,672 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtNetwork4.dll MOD - [2012.05.16 15:45:34 | 000,720,296 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtOpenGL4.dll MOD - [2012.05.16 15:45:32 | 008,506,280 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtGui4.dll MOD - [2012.05.16 15:45:32 | 000,520,104 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtMultimediaKit1.dll MOD - [2012.05.16 15:45:30 | 002,480,552 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtDeclarative4.dll MOD - [2012.05.16 15:45:30 | 002,353,576 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtCore4.dll MOD - [2012.05.16 15:45:28 | 000,445,864 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\sqldrivers\qsqlite4.dll MOD - [2012.05.16 15:45:22 | 000,206,760 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\Imageformats\qjpeg4.dll MOD - [2012.05.16 15:45:22 | 000,035,240 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\Imageformats\qico4.dll MOD - [2012.05.16 15:45:20 | 000,032,680 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\Imageformats\qgif4.dll MOD - [2012.05.16 15:44:54 | 000,437,672 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\NService.dll MOD - [2012.05.16 15:44:16 | 000,604,072 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\CommonUpdateChecker.dll MOD - [2012.05.16 13:46:28 | 000,391,056 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\ssoengine.dll MOD - [2012.05.16 13:46:28 | 000,059,280 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\securestorage.dll MOD - [2012.05.16 13:45:30 | 000,110,080 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\mediaservice\dsengine.dll MOD - [2012.05.14 11:29:58 | 003,538,944 | ---- | M] () -- C:\Program Files (x86)\Free Download Manager\fdmbtsupp.dll MOD - [2012.05.14 11:25:36 | 000,083,968 | ---- | M] () -- C:\Program Files (x86)\Free Download Manager\fdmumsp.dll MOD - [2011.08.22 01:18:06 | 000,925,696 | ---- | M] () -- C:\Program Files (x86)\Yahoo!\Messenger\yui.dll MOD - [2011.07.14 14:21:22 | 000,046,592 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libwaveout_plugin.dll MOD - [2011.07.14 14:21:20 | 002,169,856 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libskins2_plugin.dll MOD - [2011.07.14 14:21:16 | 000,046,592 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libhotkeys_plugin.dll MOD - [2011.07.14 14:21:16 | 000,033,792 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libmemcpymmxext_plugin.dll MOD - [2011.07.14 14:21:14 | 000,210,944 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libdshow_plugin.dll MOD - [2011.07.14 14:21:14 | 000,067,072 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libdirectx_plugin.dll MOD - [2011.07.14 14:21:12 | 000,046,592 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\libaout_directx_plugin.dll MOD - [2011.07.14 14:21:10 | 002,263,552 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\libvlccore.dll MOD - [2011.07.14 14:21:10 | 000,101,376 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\libvlc.dll MOD - [2010.12.23 10:42:02 | 002,236,416 | ---- | M] () -- C:\Program Files (x86)\Vtune\TBPANEL.exe MOD - [2009.10.14 13:36:56 | 002,793,304 | ---- | M] () -- C:\Programme\Logitech\Logitech WebCam Software\LWS.exe MOD - [2009.10.14 13:34:18 | 000,560,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\logishrd\LQCVFX\COCIManager.exe MOD - [1998.10.31 04:55:56 | 000,005,120 | ---- | M] () -- C:\Program Files (x86)\Vtune\TBMANAGE.DLL MOD - [1996.12.14 00:00:00 | 000,022,016 | ---- | M] () -- C:\Windows\SysWOW64\DOCOBJ.DLL ========== Services (SafeList) ========== SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2012.10.08 22:59:22 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.09.19 11:29:44 | 002,365,792 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc) SRV - [2012.09.09 04:49:20 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.08.28 07:41:08 | 000,092,632 | ---- | M] (TomTom) [Disabled | Stopped] -- M:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService) SRV - [2012.08.15 15:18:40 | 000,357,016 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP) SRV - [2012.08.15 15:17:26 | 000,435,864 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service) SRV - [2012.08.15 13:19:58 | 000,079,872 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe -- (VMAuthdService) SRV - [2012.08.01 17:10:32 | 000,917,656 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe -- (VMUSBArbService) SRV - [2012.07.16 16:31:32 | 002,673,064 | ---- | M] (TeamViewer GmbH) [Disabled | Stopped] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7) SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.07.05 18:41:46 | 003,048,136 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service) SRV - [2012.06.29 12:25:23 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.06.29 12:24:26 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService) SRV - [2012.06.29 12:24:20 | 000,375,760 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService) SRV - [2012.06.29 12:24:19 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.06.29 12:24:18 | 000,619,472 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe -- (AntiVirFirewallService) SRV - [2012.06.28 18:31:12 | 000,692,432 | ---- | M] (Star Finanz - Software Entwicklung und Vertriebs GmbH) [Auto | Running] -- m:\Program Files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe -- (StarMoney 8.0 OnlineUpdate) SRV - [2012.04.22 13:51:04 | 000,720,936 | ---- | M] (Nokia) [On_Demand | Running] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.05.09 12:37:06 | 000,175,472 | ---- | M] (GFI Software Development Ltd.) [Auto | Running] -- C:\Program Files (x86)\GFI\LANguard 10 Agent\lnssatt.exe -- (gfi_lanss10_attservice) SRV - [2011.04.15 11:43:20 | 002,280,312 | ---- | M] (TeamViewer GmbH) [Disabled | Stopped] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6) SRV - [2011.04.01 05:11:52 | 000,428,640 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv) SRV - [2011.03.28 21:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2010.12.12 22:42:38 | 000,369,256 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2010.11.16 15:38:16 | 000,339,456 | ---- | M] () [Auto | Running] -- C:\ProgramData\DataCardService\HWDeviceService64.exe -- (HWDeviceService64.exe) SRV - [2010.11.11 18:07:12 | 000,199,600 | ---- | M] (Telefónica I+D) [Auto | Running] -- C:\Program Files (x86)\o2\Mobile Connection Manager\ImpWiFiSvc.exe -- (TGCM_ImportWiFiSvc) SRV - [2010.06.25 19:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.10.07 01:47:10 | 000,191,000 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Programme\Common Files\logishrd\LVMVFM\LVPrcSrv.exe -- (LVPrcS64) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2008.11.09 22:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.08.15 15:18:16 | 000,067,224 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmx86.sys -- (vmx86) DRV:64bit: - [2012.08.15 15:18:08 | 000,030,360 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetuserif.sys -- (VMnetuserif) DRV:64bit: - [2012.08.15 15:16:52 | 000,045,720 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetbridge.sys -- (VMnetBridge) DRV:64bit: - [2012.08.15 15:16:50 | 000,020,120 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vmnetadapter.sys -- (VMnetAdapter) DRV:64bit: - [2012.08.15 15:16:16 | 000,032,920 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VMkbd.sys -- (vmkbd) DRV:64bit: - [2012.08.01 17:10:36 | 000,052,376 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hcmon.sys -- (hcmon) DRV:64bit: - [2012.08.01 17:10:24 | 000,037,680 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmusb.sys -- (vmusb) DRV:64bit: - [2012.07.06 12:29:52 | 000,085,104 | ---- | M] (VMware, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vmci.sys -- (vmci) DRV:64bit: - [2012.07.06 12:29:52 | 000,070,256 | ---- | M] (VMware, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vsock.sys -- (vsock) DRV:64bit: - [2012.06.29 12:25:53 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012.06.29 12:25:53 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2012.06.29 12:25:50 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.06.29 12:25:49 | 000,139,360 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avfwot.sys -- (avfwot) DRV:64bit: - [2012.06.29 12:25:49 | 000,114,128 | ---- | M] (Avira GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avfwim.sys -- (avfwim) DRV:64bit: - [2012.04.22 13:51:38 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.01.09 17:28:20 | 000,171,008 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdnsux64.sys -- (nmwcdnsux64) DRV:64bit: - [2012.01.09 17:28:20 | 000,019,968 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd) DRV:64bit: - [2012.01.09 17:28:20 | 000,012,800 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdnsucx64.sys -- (nmwcdnsucx64) DRV:64bit: - [2012.01.09 17:28:20 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys -- (UsbserFilt) DRV:64bit: - [2012.01.09 17:28:20 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev) DRV:64bit: - [2012.01.09 17:28:18 | 000,027,136 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdc) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.01.30 19:19:32 | 000,086,016 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ew_jubusenum.sys -- (huawei_enumerator) DRV:64bit: - [2010.12.24 12:48:38 | 000,221,312 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard) DRV:64bit: - [2010.12.23 10:48:28 | 000,421,376 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbwwan.sys -- (ewusbmbb) DRV:64bit: - [2010.12.23 07:40:24 | 000,155,752 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.21 05:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc) DRV:64bit: - [2010.11.21 05:23:48 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser) DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010.10.26 05:08:08 | 000,406,632 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2010.10.19 23:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2010.07.27 10:52:16 | 000,117,248 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys -- (ew_hwusbdev) DRV:64bit: - [2010.06.25 19:07:26 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF) DRV:64bit: - [2010.02.22 17:41:42 | 000,121,344 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbser6k.sys -- (ZTEusbser6k) DRV:64bit: - [2010.02.22 17:41:42 | 000,121,344 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys -- (ZTEusbnmea) DRV:64bit: - [2010.02.22 17:41:42 | 000,121,344 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k) DRV:64bit: - [2009.12.28 15:52:12 | 000,012,800 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\massfilter.sys -- (massfilter) DRV:64bit: - [2009.10.07 10:49:27 | 006,379,288 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64) DRV:64bit: - [2009.10.07 10:47:44 | 000,327,704 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64) DRV:64bit: - [2009.10.07 10:45:37 | 000,271,640 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvpopf64.sys -- (lvpopf64) DRV:64bit: - [2009.10.07 01:45:50 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2Mon) DRV:64bit: - [2009.10.07 01:45:50 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2M64) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.02.17 19:11:25 | 000,031,400 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO) DRV:64bit: - [2009.02.03 17:00:04 | 000,012,800 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\massfilter_hs.sys -- (massfilter_hs) DRV:64bit: - [2009.01.30 01:02:44 | 000,120,256 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AnyDVD.sys -- (AnyDVD) DRV:64bit: - [2007.02.16 02:57:06 | 000,040,648 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ElbyCDFL.sys -- (ElbyCDFL) DRV - [2012.09.19 10:50:50 | 000,011,880 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv) DRV - [2011.06.28 13:00:06 | 000,131,336 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\avfwot.sys -- (avfwot) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2009.01.30 01:02:44 | 000,120,256 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\AnyDVD.sys -- (AnyDVD) DRV - [2007.02.16 02:57:06 | 000,040,648 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\ElbyCDFL.sys -- (ElbyCDFL) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2102} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=0&systemid=102&q={searchTerms} IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2102} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=0&systemid=102&q={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.jzip.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 18 28 E1 A8 33 11 CC 01 [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.) IE - HKCU\..\SearchScopes,DefaultScope = {FC0FFD96-FB77-41C6-993C-350E6E70AEB8} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searcerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=0&systemid=102&q={searchTerms} IE - HKCU\..\SearchScopes\{FC0FFD96-FB77-41C6-993C-350E6E70AEB8}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "" FF - prefs.js..browser.search.order.1: "Search Results" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://search.jzip.com/" FF - prefs.js..extensions.enabledAddons: toolbar@web.de:2.2 FF - prefs.js..extensions.enabledAddons: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.5 FF - prefs.js..extensions.enabledAddons: {C9B68337-E93A-44EA-94DC-CB300EC06444}:5.30.4 FF - prefs.js..extensions.enabledAddons: foxmarks@kei.com:4.1.3 FF - prefs.js..keyword.URL: "hxxp://dts.search-results.com/sr?src=ffb&appid=0&systemid=102&q=" FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found FF - HKLM\Software\MozillaPlugins\@nokia.com/EnablerPlugin: C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( ) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\***\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\***\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.10.19 07:59:02 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\webbooster@iminent.com: C:\Program Files (x86)\Iminent\webbooster@iminent.com FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.09.09 04:49:20 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.09.09 04:49:20 | 000,000,000 | ---D | M] [2012.09.26 16:51:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2012.09.26 16:51:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\home2@tomtom.com [2012.10.03 12:15:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\e22c6l5h.default\extensions [2012.05.19 08:10:13 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\e22c6l5h.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2011.10.09 04:51:35 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\e22c6l5h.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.08.20 07:45:17 | 000,000,000 | ---D | M] (IMinent Toolbar) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\e22c6l5h.default\extensions\{C9B68337-E93A-44EA-94DC-CB300EC06444} [2012.10.03 06:34:42 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\e22c6l5h.default\extensions\foxmarks@kei.com [2012.08.29 07:30:45 | 000,518,756 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\e22c6l5h.default\extensions\toolbar@web.de.xpi [2012.07.25 19:50:37 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\e22c6l5h.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011.08.01 00:26:52 | 000,002,497 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\e22c6l5h.default\searchplugins\SearchResults.xml [2011.08.25 11:17:38 | 000,004,140 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\e22c6l5h.default\searchplugins\youtube.xml [2012.03.18 06:32:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2012.08.20 22:37:11 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2011.12.23 08:00:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\distribution\extensions [2011.12.23 08:00:25 | 000,000,000 | ---D | M] (WEB.DE Toolbar) -- C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\toolbar@web.de [2012.09.09 04:49:20 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.06.20 06:00:32 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.09.09 04:49:20 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.06.20 06:00:32 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.06.20 06:00:32 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2011.08.01 00:26:52 | 000,002,497 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\SearchResults.xml [2012.06.20 06:00:32 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.20 06:00:32 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: hxxp://www.google.com/ CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}, CHR - homepage: hxxp://www.google.com/ CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\22.0.1229.79\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\22.0.1229.79\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\22.0.1229.79\gcswf32.dll CHR - plugin: Shockwave Flash (Disabled) = C:\Users\***\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll CHR - plugin: PDF-XChange Viewer (Enabled) = C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll CHR - Extension: YouTube = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google-Suche = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: DealPly = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaiilaahiahdejapggenmdmafpmbipje\3.0.7.2_0\ CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.126_1\ CHR - Extension: Google Mail = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (UrlHelper Class) - {41C4AA37-1DDD-4345-B8DC-734E4B38414D} - C:\Program Files (x86)\Windows jZip Toolbar\Datamngr\x64\IEBHO.dll (Discordia, LTD) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.) O2 - BHO: (jZip Toolbar) - {1e48c56f-08cd-43aa-a6ef-c1ec891551ab} - C:\Program Files (x86)\Windows jZip Toolbar\Datamngr\ToolBar\jzipdtx.dll () O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (UrlHelper Class) - {41C4AA37-1DDD-4345-B8DC-734E4B38414D} - C:\Program Files (x86)\Windows jZip Toolbar\Datamngr\IEBHO.dll (Discordia, LTD) O2 - BHO: (DealPly) - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Program Files (x86)\DealPly\DealPlyIE.dll (DealPly Technologies Ltd) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Free Download Manager) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll (FreeDownloadManager.ORG) O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc) O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKLM\..\Toolbar: (jZip Toolbar) - {1e48c56f-08cd-43aa-a6ef-c1ec891551ab} - C:\Program Files (x86)\Windows jZip Toolbar\Datamngr\ToolBar\jzipdtx.dll () O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.) O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [CloneCDTray] C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe (SlySoft, Inc.) O4 - HKLM..\Run: [DATAMNGR] C:\Program Files (x86)\Windows jZip Toolbar\Datamngr\datamngrUI.exe (Discordia, LTD) O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe () O4 - HKCU..\Run: [] File not found O4 - HKCU..\Run: [AnyDVD] C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe (SlySoft, Inc.) O4 - HKCU..\Run: [FixMyRegistry] C:\Program Files (x86)\SmartTweak Software\FixMyRegistry\FixMyRegistry.exe () O4 - HKCU..\Run: [Free Download Manager] C:\Program Files (x86)\Free Download Manager\fdm.exe (FreeDownloadManager.ORG) O4 - HKCU..\Run: [HW_OPENEYE_OUC_Mobile Partner] C:\Program Files (x86)\Mobile Partner\UpdateDog\ouc.exe (Huawei Technologies Co., Ltd.) O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.) O4 - HKCU..\Run: [NokiaSuite.exe] C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe (Nokia) O4 - HKCU..\Run: [TBPanel] C:\Program Files (x86)\Vtune\TBPanel.exe () O4 - HKCU..\Run: [TomTomHOME.exe] M:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe (TomTom) O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found O8:64bit: - Extra context menu item: Alles mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlall.htm () O8:64bit: - Extra context menu item: Auswahl mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlselected.htm () O8:64bit: - Extra context menu item: Datei mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dllink.htm () O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8:64bit: - Extra context menu item: Videos mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm () O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Alles mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlall.htm () O8 - Extra context menu item: Auswahl mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlselected.htm () O8 - Extra context menu item: Datei mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dllink.htm () O8 - Extra context menu item: Free YouTube Download - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8 - Extra context menu item: Videos mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm () O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000020 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000021 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://javadl-esd.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab (Reg Error: Key error.) O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0E9259C5-6CD2-484A-A14E-62D3193B2BA7}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DE27E9D9-CBA2-4A79-AC25-4AD2A9C086D5}: NameServer = 193.189.244.206 193.189.244.225 O18:64bit: - Protocol\Handler\ipp - No CLSID value found O18:64bit: - Protocol\Handler\ipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\WIF0E7~1\Datamngr\x64\datamngr.dll) - C:\Program Files (x86)\Windows jZip Toolbar\Datamngr\x64\datamngr.dll (Discordia, LTD) O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\WIF0E7~1\Datamngr\x64\IEBHO.dll) - C:\Program Files (x86)\Windows jZip Toolbar\Datamngr\x64\IEBHO.dll (Discordia, LTD) O20 - AppInit_DLLs: (C:\PROGRA~2\WIF0E7~1\Datamngr\datamngr.dll) - C:\Program Files (x86)\Windows jZip Toolbar\Datamngr\datamngr.dll (Discordia, LTD) O20 - AppInit_DLLs: (C:\PROGRA~2\WIF0E7~1\Datamngr\IEBHO.dll) - C:\Program Files (x86)\Windows jZip Toolbar\Datamngr\IEBHO.dll (Discordia, LTD) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O27:64bit: - HKLM IFEO\AcroRd32.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\teamviewer.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\tomtomhome.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\AcroRd32.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\teamviewer.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\tomtomhome.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.11.18 12:26:07 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2010.10.18 00:00:00 | 000,000,074 | R--- | M] () - G:\autorun.inf -- [ UDF ] O33 - MountPoints2\{9a0a1a39-3b4c-11e1-89d6-005056c00008}\Shell - "" = AutoRun O33 - MountPoints2\{9a0a1a39-3b4c-11e1-89d6-005056c00008}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL N:\Start.hta O33 - MountPoints2\{f6bfdb0d-56d6-11e1-853f-005056c00008}\Shell - "" = AutoRun O33 - MountPoints2\{f6bfdb0d-56d6-11e1-853f-005056c00008}\Shell\AutoRun\command - "" = N:\AutoRun.exe O33 - MountPoints2\{f6bfdb29-56d6-11e1-853f-001e101f1843}\Shell - "" = AutoRun O33 - MountPoints2\{f6bfdb29-56d6-11e1-853f-001e101f1843}\Shell\AutoRun\command - "" = N:\AutoRun.exe O33 - MountPoints2\{f6bfdb4b-56d6-11e1-853f-001e101f1843}\Shell - "" = AutoRun O33 - MountPoints2\{f6bfdb4b-56d6-11e1-853f-001e101f1843}\Shell\AutoRun\command - "" = N:\AutoRun.exe O33 - MountPoints2\{f6bfdb57-56d6-11e1-853f-001e101f1843}\Shell - "" = AutoRun O33 - MountPoints2\{f6bfdb57-56d6-11e1-853f-001e101f1843}\Shell\AutoRun\command - "" = N:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.10.10 07:47:28 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2012.10.09 22:33:45 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{341A9EC9-066C-435F-BEBF-D1EFE1640C77} [2012.10.09 10:33:23 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{5882ADBA-1A87-4D43-9445-17F30E02EF48} [2012.10.08 22:32:49 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{5E9C5A0A-A77F-46B4-8B07-6024C3F5D929} [2012.10.08 10:32:26 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{338B9490-755D-4C98-8AC1-36CAEAB94142} [2012.10.07 22:32:02 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{06EE4724-1238-4A48-B2F1-F19B805F0650} [2012.10.07 19:23:28 | 000,000,000 | ---D | C] -- C:\Users\***\von mausi [2012.10.07 10:09:24 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{B6828345-D609-493F-85CC-A4F359EBA12B} [2012.10.06 20:29:18 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{ADF786B3-CAF6-4B8B-89BF-5CE885BEA87B} [2012.10.06 14:06:41 | 000,000,000 | ---D | C] -- C:\Users\***\vw [2012.10.06 14:06:41 | 000,000,000 | ---D | C] -- C:\Users\***\VisualRoute [2012.10.06 14:06:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VisualRoute Lite Edition [2012.10.06 08:28:56 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{4539CABC-DBE8-43F6-BA88-8C4F05486006} [2012.10.05 20:48:43 | 000,034,656 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\TURegOpt.exe [2012.10.05 20:48:43 | 000,025,952 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\authuitu.dll [2012.10.05 20:48:43 | 000,021,344 | ---- | C] (TuneUp Software) -- C:\Windows\SysWow64\authuitu.dll [2012.10.05 20:48:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2013 [2012.10.05 20:48:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TuneUp Utilities 2013 [2012.10.05 20:47:07 | 000,000,000 | -HSD | C] -- C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F} [2012.10.05 20:28:22 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{8C6D5BAA-E7C9-431C-815A-A2D926B05905} [2012.10.05 10:54:48 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files [2012.10.05 10:54:48 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\MFAData [2012.10.05 10:54:48 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData [2012.10.05 10:54:48 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Avg2013 [2012.10.05 08:27:59 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{6FC48A87-5CB1-4C3D-9254-AA9FEDBDCEF1} [2012.10.04 20:27:25 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{B89D56CD-FD38-4D93-B3D4-4C02D1A67F1A} [2012.10.04 08:26:50 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{39B8E43D-D3E3-44FC-AB30-C83B3559D081} [2012.10.03 20:26:15 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{FCC8708B-4EC4-4CDE-A5DC-F7328F32F8BC} [2012.10.03 12:15:19 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Free Download Manager [2012.10.03 12:15:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Download Manager [2012.10.03 12:15:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free Download Manager [2012.10.03 08:25:53 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{D3E12DA0-0061-4767-B715-36737DBDAF5C} [2012.10.02 20:25:18 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{E495F7A4-DA22-46E8-A2E0-70BB7488B7C4} [2012.10.02 08:24:44 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{5247DC70-D775-43EE-99D1-E01812E4EE3A} [2012.10.01 20:24:09 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{5D2160F0-C1E2-498A-A190-B710A39B227A} [2012.10.01 08:23:47 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{50F5567D-F5A3-4F98-B49D-741C5E9D5641} [2012.09.30 20:23:12 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{9CCC32C1-8761-4331-8F8E-FF66042BC164} [2012.09.30 08:22:38 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{E88555E4-B271-4650-BD95-EF8ED10ECFE3} [2012.09.29 20:22:14 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{0EBFFCF6-4095-43E6-9BD9-AF20A4F55377} [2012.09.29 08:21:51 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{D49A605F-B15B-4A7F-AF4C-B875B300D93E} [2012.09.28 20:21:16 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{F361DBDE-F589-40A6-9B60-9E01D609A445} [2012.09.28 08:20:54 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{93FAF486-61C4-4BED-AF15-7B425AAD8416} [2012.09.27 20:20:19 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{50C1C0A1-494B-42E8-8E78-F54BC810CE2E} [2012.09.27 08:19:57 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{86C4BEA0-5891-4DFA-8401-1576809E69DF} [2012.09.26 20:19:22 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{3D67FCE9-9D3F-450E-BB4B-2687F255475B} [2012.09.26 16:51:08 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\TomTom [2012.09.26 16:50:59 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\TomTom [2012.09.26 16:50:59 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\TomTom [2012.09.26 16:50:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TomTom [2012.09.26 16:49:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TomTom International B.V [2012.09.26 16:48:29 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Downloaded Installations [2012.09.26 08:19:00 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{4BA66D15-06C4-467D-8C72-0C31CDCC3302} [2012.09.25 20:18:25 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{6E13A13F-E674-4BE5-AD50-7D30E4C52F23} [2012.09.25 08:18:03 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{E49FC2D1-1F27-4331-A652-D835864E895C} [2012.09.24 20:17:29 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{D0DFB3C4-3C09-410A-B379-B8D092B468FB} [2012.09.24 08:17:06 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{841114C9-DB12-4ADD-9F3E-FAF93C586BEB} [2012.09.23 20:16:31 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{665E7D7E-0CD3-4A31-9B5A-2C00F5E5E0AA} [2012.09.23 08:15:56 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{4160B602-9363-49D1-A28C-9794DC090BBF} [2012.09.23 07:42:10 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA% [2012.09.22 20:15:18 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{06AD825D-3D85-49CA-BE2D-AAD916E23FBA} [2012.09.22 08:14:43 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{5990F235-0AC1-4505-998D-8C005E82BFAA} [2012.09.21 20:14:08 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{52284EA2-52C2-4A13-B47E-BA3F048E5A6F} [2012.09.21 08:13:46 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{30AE0A09-06C1-4CE2-ADDA-BBABFC770852} [2012.09.20 20:13:12 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{7BCE812F-9A89-4233-B1FE-A7C71894C8BE} [2012.09.20 08:13:01 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{48761CE3-4C62-4262-A91E-1F22D8D31624} [2012.09.19 19:35:34 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{21DFEBEE-6797-4F8C-953C-50FB016109B2} [2012.09.19 07:35:12 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{EA6F3CC3-41BA-4890-A1C7-AEEDDC84690A} [2012.09.18 19:34:38 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{90AB8789-1826-49EF-A37C-53B3DA8C7E01} [2012.09.18 07:34:12 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{133D4792-F9C6-48E2-986F-C25C12E409F4} [2012.09.17 18:17:20 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{281DC3E5-3F13-43DB-A0A1-068E3A7EC83E} [2012.09.16 23:57:35 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{07C6792F-DEAE-4E91-8A4B-58D25CE3B685} [2012.09.16 11:57:12 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{9F9C5BA9-2E0D-47CD-998E-41D2B7EDE13B} [2012.09.15 22:27:35 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{66F71285-CF90-4824-BEEA-B51CD601B7E4} [2012.09.15 10:27:13 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{BFDBB2D9-0E58-453B-9C52-6D88A23A7D4E} [2012.09.14 22:26:38 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{372B6760-A422-420E-A546-C85854DA762A} [2012.09.14 10:26:27 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{72D68EA7-A446-488C-8312-291B651751C1} [2012.09.13 19:12:19 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{CC6F5E8C-8B2A-485D-BD0A-CB18CEC979E6} [2012.09.13 07:11:57 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{47F7FC4A-5D88-4B0A-A4A8-B1A7C597187B} [2012.09.12 19:11:23 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{D23C5281-7B36-4E12-8FCA-877E729063C6} [2012.09.12 07:11:01 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{0A5E6F53-7CFB-4867-8442-43ACB6E8BFCD} [2012.09.11 19:10:26 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{24FEA246-36FD-4ABC-93C5-B01D4DF6EC14} [2012.09.11 10:09:26 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Steuer [2012.09.11 07:10:05 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{7D7607FA-91AE-45A4-BD3F-9C56D5FE27F3} [2012.09.10 19:09:54 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{135E301B-F5DC-46ED-AF86-6F5B570FFEA8} [1 C:\Users\***\Documents\*.tmp files -> C:\Users\***\Documents\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.10.10 07:59:00 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.10.10 07:59:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.10.10 07:45:11 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2012.10.10 07:44:16 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable [2012.10.10 07:40:00 | 000,001,136 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2503762395-4116910774-783905613-1000UA.job [2012.10.10 07:40:00 | 000,001,084 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2503762395-4116910774-783905613-1000Core.job [2012.10.10 05:42:58 | 000,021,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.10.10 05:42:58 | 000,021,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.10.10 05:34:13 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.10.10 05:33:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.10.10 05:33:17 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\lvuvc.hs [2012.10.10 05:33:11 | 3207,303,168 | -HS- | M] () -- C:\hiberfil.sys [2012.10.09 22:09:38 | 000,016,881 | ---- | M] () -- C:\Users\***\Documents\tracrerouten.odt [2012.10.09 21:15:55 | 000,007,334 | ---- | M] () -- C:\Users\***\Desktop\OpenDocument Text (neu).odt [2012.10.09 13:41:24 | 000,002,501 | ---- | M] () -- C:\Users\***\Desktop\Google Chrome.lnk [2012.10.07 22:32:22 | 001,507,020 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.10.07 22:32:22 | 000,656,872 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.10.07 22:32:22 | 000,618,754 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.10.07 22:32:22 | 000,131,270 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.10.07 22:32:22 | 000,107,660 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.10.07 01:45:03 | 000,118,045 | ---- | M] () -- C:\Users\***\Desktop\von ulli der tracert Kopie.jpg [2012.10.07 01:44:20 | 000,662,818 | ---- | M] () -- C:\Users\***\Desktop\von ulli der tracert.psd [2012.10.07 01:42:56 | 000,472,239 | ---- | M] () -- C:\Users\***\Desktop\IMG_07102012_014301.png [2012.10.07 01:32:35 | 000,263,991 | ---- | M] () -- C:\Users\***\Desktop\IMG_07102012_013242.png [2012.10.06 14:20:25 | 000,223,811 | ---- | M] () -- C:\Users\***\Desktop\horch.png [2012.10.06 14:06:27 | 000,000,047 | ---- | M] () -- C:\Users\***\VisualRoute Lite Edition-Path [2012.10.06 13:50:53 | 000,112,766 | ---- | M] () -- C:\Users\***\Desktop\Simone 3.jpg [2012.10.05 21:43:25 | 000,212,107 | ---- | M] () -- C:\Users\***\Desktop\Greenshot_2012-10-05_21-41-50.png [2012.10.05 21:42:50 | 000,171,427 | ---- | M] () -- C:\Users\***\Desktop\route zu atlan Kopie.jpg [2012.10.05 21:41:10 | 000,874,179 | ---- | M] () -- C:\Users\***\Desktop\route zu atlan.psd [2012.10.05 20:48:41 | 000,002,169 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk [2012.10.05 20:48:41 | 000,002,149 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp Utilities 2013.lnk [2012.10.03 12:15:17 | 000,001,027 | ---- | M] () -- C:\Users\***\Desktop\Free Download Manager.lnk [2012.10.03 10:39:33 | 000,001,874 | ---- | M] () -- C:\Users\***\Desktop\DVD Flick.lnk [2012.10.02 07:58:45 | 000,024,064 | ---- | M] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.09.24 10:26:43 | 000,000,898 | ---- | M] () -- C:\Windows\SysWow64\InstallUtil.InstallLog [2012.09.19 11:29:46 | 000,034,656 | ---- | M] (TuneUp Software) -- C:\Windows\SysNative\TURegOpt.exe [2012.09.19 11:29:40 | 000,025,952 | ---- | M] (TuneUp Software) -- C:\Windows\SysNative\authuitu.dll [2012.09.19 11:29:40 | 000,021,344 | ---- | M] (TuneUp Software) -- C:\Windows\SysWow64\authuitu.dll [2012.09.17 11:28:28 | 000,000,666 | ---- | M] () -- C:\Users\***\Documents\inSpeak Communicator.lnk [2012.09.12 07:52:30 | 000,000,218 | ---- | M] () -- C:\Users\***\AppData\Local\recently-used.xbel [2012.09.11 08:37:41 | 000,000,622 | ---- | M] () -- C:\Windows\wiso.ini [1 C:\Users\***\Documents\*.tmp files -> C:\Users\***\Documents\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.10.10 07:44:16 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable [2012.10.09 21:19:48 | 000,016,881 | ---- | C] () -- C:\Users\***\Documents\tracrerouten.odt [2012.10.09 21:15:55 | 000,007,334 | ---- | C] () -- C:\Users\***\Desktop\OpenDocument Text (neu).odt [2012.10.07 01:45:00 | 000,118,045 | ---- | C] () -- C:\Users\***\Desktop\von ulli der tracert Kopie.jpg [2012.10.07 01:44:20 | 000,662,818 | ---- | C] () -- C:\Users\***\Desktop\von ulli der tracert.psd [2012.10.07 01:42:50 | 000,472,239 | ---- | C] () -- C:\Users\***\Desktop\IMG_07102012_014301.png [2012.10.07 01:32:31 | 000,263,991 | ---- | C] () -- C:\Users\***\Desktop\IMG_07102012_013242.png [2012.10.06 14:20:05 | 000,223,811 | ---- | C] () -- C:\Users\***\Desktop\horch.png [2012.10.06 14:06:27 | 000,000,047 | ---- | C] () -- C:\Users\***\VisualRoute Lite Edition-Path [2012.10.06 13:50:35 | 000,112,766 | ---- | C] () -- C:\Users\***\Desktop\Simone 3.jpg [2012.10.05 21:43:05 | 000,212,107 | ---- | C] () -- C:\Users\***\Desktop\Greenshot_2012-10-05_21-41-50.png [2012.10.05 21:42:47 | 000,171,427 | ---- | C] () -- C:\Users\***\Desktop\route zu atlan Kopie.jpg [2012.10.05 21:41:10 | 000,874,179 | ---- | C] () -- C:\Users\***\Desktop\route zu atlan.psd [2012.10.05 20:48:41 | 000,002,169 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk [2012.10.05 20:48:41 | 000,002,161 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2013.lnk [2012.10.05 20:48:41 | 000,002,149 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp Utilities 2013.lnk [2012.10.03 12:15:17 | 000,001,027 | ---- | C] () -- C:\Users\***\Desktop\Free Download Manager.lnk [2012.09.12 07:52:30 | 000,000,218 | ---- | C] () -- C:\Users\***\AppData\Local\recently-used.xbel [2012.05.17 00:36:19 | 000,000,022 | ---- | C] () -- C:\Windows\op70.ini [2012.03.24 10:53:24 | 000,000,622 | ---- | C] () -- C:\Windows\wiso.ini [2012.02.18 12:27:12 | 012,781,358 | ---- | C] () -- C:\Users\***\20120218_Lokalzeit_Münsterland-Die_goldene_Pracht.mp4 [2012.02.05 00:37:48 | 000,007,609 | ---- | C] () -- C:\Users\***\AppData\Local\Resmon.ResmonCfg [2011.12.26 13:31:17 | 000,000,081 | -HS- | C] () -- C:\ProgramData\.zreglib [2011.12.23 14:14:01 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI [2011.12.08 02:04:56 | 000,000,600 | ---- | C] () -- C:\Users\***\AppData\Local\PUTTY.RND [2011.12.03 22:04:54 | 000,000,693 | ---- | C] () -- C:\Users\***\*** - Verknüpfung.lnk [2011.10.17 13:02:36 | 000,084,480 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll [2011.10.17 12:39:03 | 000,904,192 | ---- | C] () -- C:\Users\***\cut_assistant.exe [2011.10.17 12:39:03 | 000,042,537 | ---- | C] () -- C:\Users\***\cut_assistant.de.lng [2011.06.17 11:30:15 | 000,024,064 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.06.06 09:52:21 | 000,000,600 | ---- | C] () -- C:\Users\***\AppData\Roaming\winscp.rnd [2011.06.06 00:57:23 | 001,526,976 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.05.14 10:47:56 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2011.05.14 08:29:36 | 000,001,658 | ---- | C] () -- C:\Windows\ODBCINST.INI [2011.05.14 08:29:36 | 000,000,774 | ---- | C] () -- C:\Windows\ODBC.INI [2011.05.13 07:45:20 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini [2011.05.13 07:45:16 | 000,021,565 | ---- | C] () -- C:\Windows\Ascd_tmp.ini [2011.04.01 05:07:02 | 010,877,272 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll [2011.04.01 05:07:02 | 000,102,744 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe [2011.04.01 05:06:56 | 000,331,608 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2011.05.30 15:19:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Amazon [2011.07.23 11:55:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Audacity [2012.08.12 21:27:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\BSW [2012.03.24 10:53:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Buhl Data Service [2011.12.13 20:31:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Canneverbe Limited [2011.08.04 09:54:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Canon [2012.01.15 22:03:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\CloneSpy [2012.10.10 05:41:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Dropbox [2011.10.09 04:51:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoft [2011.10.09 04:51:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers [2012.10.10 07:59:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Free Download Manager [2011.06.08 01:50:47 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FreeDoko [2012.04.27 12:24:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FRITZ! [2011.12.23 14:13:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FRITZ!fax für FRITZ!Box [2012.09.24 10:29:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\go [2012.08.20 07:45:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Iminent [2011.05.14 11:30:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Leadertech [2012.02.28 22:50:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Mobile Partner [2012.09.06 21:47:54 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MySQL [2011.10.30 07:27:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\NCH Swift Sound [2012.06.25 10:13:54 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nokia [2011.06.17 11:06:50 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nokia Ovi Suite [2012.03.18 23:06:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nokia Suite [2011.12.13 20:30:54 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenCandy [2011.05.26 16:22:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org [2011.06.17 11:05:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PC Suite [2011.05.15 07:05:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Reviversoft [2012.06.29 13:37:10 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TeamViewer [2011.09.30 14:20:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Telefónica [2012.09.26 16:50:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TomTom [2012.02.29 13:01:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TS3Client [2011.12.07 00:02:11 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ts3overlay [2012.10.05 20:48:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TuneUp Software [2011.05.16 08:07:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Windows Live Writer [2011.09.13 10:12:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Wireshark ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 973 bytes -> C:\Users\***\Documents\Ihr neues Handy jetzt mit -60%, Frau ***!.eml:OECustomProperty @Alternate Data Stream - 920 bytes -> C:\Users\***\Documents\Fw_ Robert.eml:OECustomProperty @Alternate Data Stream - 809 bytes -> C:\Users\***\Documents\Info Wiedereröffnung.eml:OECustomProperty @Alternate Data Stream - 629 bytes -> C:\Users\***\Documents\ursula wagner.eml:OECustomProperty @Alternate Data Stream - 48 bytes -> C:\Windows:115BF82199800267 @Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:08948D52 @Alternate Data Stream - 1080 bytes -> C:\Users\Public\Documents\http___vacancies24_de_job_tischler-nach-borken-gesucht-arbeitsort-borken-westfalen_.eml:OECustomProperty < End of report > |
10.10.2012, 16:15 | #2 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Unberechtigte Remotezugriffe auf meinem Rechner ? Bitte erstmal routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
__________________Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Die Funde mit Malwarebytes bitte alle entfernen, sodass sie in der Quarantäne von Malwarebytes aufgehoben werden! NICHTS voreilig aus der Quarantäne entfernen! Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten! ESET Online Scanner
Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
__________________ |
10.10.2012, 16:15 | #3 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Unberechtigte Remotezugriffe auf meinem Rechner ? Bitte erstmal routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
__________________Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Die Funde mit Malwarebytes bitte alle entfernen, sodass sie in der Quarantäne von Malwarebytes aufgehoben werden! NICHTS voreilig aus der Quarantäne entfernen! Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten! ESET Online Scanner
Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
__________________ |
12.10.2012, 12:15 | #4 |
| Unberechtigte Remotezugriffe auf meinem Rechner ? Hallo, hier zwei Malwarebyte-logs: Code:
ATTFilter Windows 7 Service Pack 1 x64 NTFS Internet Explorer 8.0.7601.17514 *** :: ULRIKE [Administrator] Schutz: Aktiviert 11.10.2012 06:00:01 mbam-log-2012-10-11 (06-00-01).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|M:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 808387 Laufzeit: 2 Stunde(n), 43 Minute(n), 21 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 11 D:\Data1\Datenträger G von Arbeit\Karten Gerd\Andrea\ragnarok\Ragnarok\skink\euRO_Char_viewer.exe (Trojan.Dropper) -> Erfolgreich gelöscht und in Quarantäne gestellt. D:\Data1\Datenträger G von Arbeit\Karten Gerd\Andrea\ragnarok\Ragnarok\skink\euRO_Char_viewer\euRO_Char_viewer.exe (Trojan.Dropper) -> Erfolgreich gelöscht und in Quarantäne gestellt. D:\Data1\Datenträger G von Arbeit\Karten Gerd\Andrea\ragnarok\Ragnarok\update\euRO_Char_viewer\euRO_Char_viewer.exe (Trojan.Dropper) -> Erfolgreich gelöscht und in Quarantäne gestellt. D:\Data1\Datenträger G von Arbeit\Karten Gerd\CloneCDUpdate\setupclonecd2.exe (Trojan.Agent.CK) -> Erfolgreich gelöscht und in Quarantäne gestellt. D:\Data1\TEXT\parkinson\alle dateien vom Kassenwart Lapptop\***\Documents\Adobe\Adobe Creative Suite 2\CRACK\adobecs2-keygen.exe (Malware.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt. D:\Data1\TEXT\parkinson\alle dateien vom Kassenwart Lapptop\***\Documents\Adobe\Adobe Creative Suite 2\CRACK\golive-keygen.exe (Malware.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt. D:\Sicherungen\Slysoft\CloneCDUpdate\setupclonecd2.exe (Trojan.Agent.CK) -> Erfolgreich gelöscht und in Quarantäne gestellt. D:\Sicherungen\WinNT\NT-SVR\I386\INETSRV\KEYGEN.EXE (Riskware.Tool.CK) -> Erfolgreich gelöscht und in Quarantäne gestellt. D:\Sicherungen\WinNT\NT-WS\I386\INETSRV\KEYGEN.EXE (Riskware.Tool.CK) -> Erfolgreich gelöscht und in Quarantäne gestellt. M:\TEXT\parkinson\alle dateien vom Kassenwart Lapptop\***\Documents\Adobe\Adobe Creative Suite 2\CRACK\adobecs2-keygen.exe (Malware.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt. M:\TEXT\parkinson\alle dateien vom Kassenwart Lapptop\***\Documents\Adobe\Adobe Creative Suite 2\CRACK\golive-keygen.exe (Malware.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Code:
ATTFilter 2012/10/11 05:46:48 +0200 ULRIKE *** MESSAGE Starting protection 2012/10/11 05:46:48 +0200 ULRIKE *** MESSAGE Protection started successfully 2012/10/11 05:46:48 +0200 ULRIKE *** MESSAGE Starting IP protection 2012/10/11 05:46:49 +0200 ULRIKE *** MESSAGE IP Protection started successfully 2012/10/11 05:52:19 +0200 ULRIKE *** MESSAGE Executing scheduled update: Daily 2012/10/11 05:52:29 +0200 ULRIKE *** MESSAGE Scheduled update executed successfully: database updated from version v2012.10.10.07 to version v2012.10.11.04 2012/10/11 05:52:29 +0200 ULRIKE *** MESSAGE Starting database refresh 2012/10/11 05:52:29 +0200 ULRIKE *** MESSAGE Stopping IP protection 2012/10/11 05:52:29 +0200 ULRIKE *** MESSAGE IP Protection stopped successfully 2012/10/11 05:52:31 +0200 ULRIKE *** MESSAGE Database refreshed successfully 2012/10/11 05:52:31 +0200 ULRIKE *** MESSAGE Starting IP protection 2012/10/11 05:52:31 +0200 ULRIKE *** MESSAGE IP Protection started successfully 2012/10/11 06:41:10 +0200 ULRIKE *** IP-BLOCK 109.163.231.139 (Type: outgoing, Port: 50772, Process: avwebgrd.exe) 2012/10/11 06:41:10 +0200 ULRIKE *** IP-BLOCK 109.163.231.139 (Type: outgoing, Port: 50774, Process: avwebgrd.exe) 2012/10/11 06:41:10 +0200 ULRIKE *** IP-BLOCK 109.163.231.139 (Type: outgoing, Port: 50776, Process: avwebgrd.exe) 2012/10/11 06:41:26 +0200 ULRIKE *** IP-BLOCK 109.163.231.139 (Type: outgoing, Port: 50784, Process: avwebgrd.exe) 2012/10/11 06:41:34 +0200 ULRIKE *** IP-BLOCK 109.163.231.139 (Type: outgoing, Port: 50789, Process: avwebgrd.exe) 2012/10/11 06:41:34 +0200 ULRIKE *** IP-BLOCK 109.163.231.139 (Type: outgoing, Port: 50791, Process: avwebgrd.exe) 2012/10/11 06:41:34 +0200 ULRIKE *** IP-BLOCK 109.163.231.139 (Type: outgoing, Port: 50793, Process: avwebgrd.exe) 2012/10/11 06:41:58 +0200 ULRIKE *** IP-BLOCK 109.163.231.139 (Type: outgoing, Port: 50805, Process: avwebgrd.exe) 2012/10/11 06:41:58 +0200 ULRIKE *** IP-BLOCK 109.163.231.139 (Type: outgoing, Port: 50807, Process: avwebgrd.exe) 2012/10/11 06:41:58 +0200 ULRIKE *** IP-BLOCK 109.163.231.139 (Type: outgoing, Port: 50809, Process: avwebgrd.exe) 2012/10/11 06:41:58 +0200 ULRIKE *** IP-BLOCK 109.163.231.139 (Type: outgoing, Port: 50811, Process: avwebgrd.exe) 2012/10/11 06:42:06 +0200 ULRIKE *** IP-BLOCK 109.163.231.139 (Type: outgoing, Port: 50813, Process: avwebgrd.exe) 2012/10/11 09:08:33 +0200 ULRIKE *** MESSAGE Starting protection 2012/10/11 09:08:33 +0200 ULRIKE *** MESSAGE Protection started successfully 2012/10/11 09:08:33 +0200 ULRIKE *** MESSAGE Starting IP protection 2012/10/11 09:08:34 +0200 ULRIKE *** MESSAGE IP Protection started successfully und hier das Eset-log: Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=8ace78f3753ea149beba2db5da51f3a8 # end=finished # remove_checked=true # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2012-10-12 09:04:44 # local_time=2012-10-12 11:04:44 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=1792 16777215 100 0 161397 161397 0 0 # compatibility_mode=5893 16776574 100 94 44584167 101646593 0 0 # compatibility_mode=8192 67108863 100 0 159 159 0 0 # scanned=572006 # found=17 # cleaned=17 # scan_time=15941 C:\Program Files (x86)\Windows jZip Toolbar\Datamngr\datamngr.dll a variant of Win32/Toolbar.SearchSuite application (cleaned by deleting (after the next restart) - quarantined) 00000000000000000000000000000000 C C:\Program Files (x86)\Windows jZip Toolbar\Datamngr\datamngrUI.exe a variant of Win32/Toolbar.SearchSuite application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Program Files (x86)\Windows jZip Toolbar\Datamngr\IEBHO.dll probably a variant of Win32/Toolbar.SearchSuite application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Users\***\AppData\Local\Temp\NOD7BB3.tmp a variant of Win32/Toolbar.SearchSuite application (cleaned by deleting (after the next restart) - quarantined) 00000000000000000000000000000000 C C:\Users\***\AppData\Roaming\OpenCandy\OpenCandy_D4806F4F52B648DCA9FF28455F96AF24\RegistryReviverSetup-ppi_.exe Win32/RegistryReviver application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Users\***\Downloads\SoftonicDownloader_fuer_banner-maker-pro.exe a variant of Win32/SoftonicDownloader.E application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C D:\Data1\Datenträger G von Arbeit\Alle Spiele\Andrea s\front9.exe Win32/Adware.WildTangent application (deleted - quarantined) 00000000000000000000000000000000 C D:\Data1\Downloads\Firtzbox sicherung\installer_abc_amber_text_converter_5_07_Deutsch_Deutsch.exe Win32/Toggle application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C D:\Data1\Downloads\Firtzbox sicherung\Nicht verwendete Desktopverknüpfungen\eBay.lnk Win32/Adware.ADON application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C D:\Downloads\SoftonicDownloader_fuer_audacity.exe a variant of Win32/SoftonicDownloader.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C D:\Downloads\Neuer Ordner\freeripmp3_2-setup.exe Win32/Adware.ADON application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C E:\Dokumente und Einstellungen\***\Anwendungsdaten\Microsoft\Internet Explorer\Quick Launch\eBay.lnk Win32/Adware.ADON application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C E:\Dokumente und Einstellungen\***\Desktop\Nicht verwendete Desktopverknüpfungen\eBay.lnk Win32/Adware.ADON application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C E:\Dokumente und Einstellungen\***\Startmenü\eBay.lnk Win32/Adware.ADON application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C E:\RECYCLER\S-1-5-21-1390067357-1284227242-725345543-1003\Dd16.exe Win32/Toggle application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C M:\Downloads\jZipV1c.exe a variant of Win32/Toolbar.SearchSuite application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C M:\Downloads\registrybooster.exe Win32/RegistryBooster application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C lg janeway |
12.10.2012, 14:40 | #5 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Unberechtigte Remotezugriffe auf meinem Rechner ?Code:
ATTFilter D:\Data1\TEXT\parkinson\alle dateien vom Kassenwart Lapptop\***\Documents\Adobe\Adobe Creative Suite 2\CRACK\adobecs2-keygen.exe (Malware.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt. D:\Data1\TEXT\parkinson\alle dateien vom Kassenwart Lapptop\***\Documents\Adobe\Adobe Creative Suite 2\CRACK\golive-keygen.exe (Malware.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt. D:\Sicherungen\Slysoft\CloneCDUpdate\setupclonecd2.exe (Trojan.Agent.CK) -> Erfolgreich gelöscht und in Quarantäne gestellt. D:\Sicherungen\WinNT\NT-SVR\I386\INETSRV\KEYGEN.EXE (Riskware.Tool.CK) -> Erfolgreich gelöscht und in Quarantäne gestellt. D:\Sicherungen\WinNT\NT-WS\I386\INETSRV\KEYGEN.EXE (Riskware.Tool.CK) -> Erfolgreich gelöscht und in Quarantäne gestellt. M:\TEXT\parkinson\alle dateien vom Kassenwart Lapptop\***\Documents\Adobe\Adobe Creative Suite 2\CRACK\adobecs2-keygen.exe (Malware.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt. M:\TEXT\parkinson\alle dateien vom Kassenwart Lapptop\***\Documents\Adobe\Adobe Creative Suite 2\CRACK\golive-keygen.exe (Malware.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt. Siehe auch => http://www.trojaner-board.de/95393-c...-software.html Falls wir Hinweise auf illegal erworbene Software finden, werden wir den Support ohne jegliche Diskussion beenden. Cracks/Keygens sind zu 99,9% gefährliche Schädlinge, mit denen man nicht spaßen sollte. Ausserdem sind diese illegal und wir unterstützen die Verwendung von geklauter Software nicht. Somit beschränkt sich der Support auf Anleitung zur kompletten Neuinstallation!! Dass illegale Cracks und Keygens im Wesentlichen dazu dienen, Malware zu verbreiten ist kein Geheimnis und muss jedem klar sein! In Zukunft Finger weg von: Softonic, Registry-Bereinigern und illegalem Zeugs Cracks/Keygens/Serials
__________________ Logfiles bitte immer in CODE-Tags posten |
Themen zu Unberechtigte Remotezugriffe auf meinem Rechner ? |
adobe, antivir, application/pdf:, aufrufe, avg, avira, dealply, error, firefox, fixmyregistry, flash player, format, free download, google, gruppe, home, iminent toolbar, internet, logfile, mozilla, object, pishing, plug-in, realtek, registry, rundll, scan, security, software, starmoney, system, temp, tracker, usb, windows |