Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Deutsche Post Service E-Mail; Anhang geöffnet (Trojaner?)

Deutsche Post Service E-Mail; Anhang geöffnet (Trojaner?)


Log-Analyse und Auswertung: Deutsche Post Service E-Mail; Anhang geöffnet (Trojaner?)

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 19.01.2013, 15:32   #1
Andreas78
 
Deutsche Post Service E-Mail; Anhang geöffnet (Trojaner?) - Standard

Deutsche Post Service E-Mail; Anhang geöffnet (Trojaner?)


Hallo Zusammen.

Wie der Titel schon sagt habe ich in einem Zustand der "geistigen Verwirrung" die ZIP Datei eine "Deutsche Post Service" E-Mail geöffent.

"Lieber Kunde,

Es ist unserem Boten leider*+++ misslungen einen Postsendung an Ihre Adresse zuzustellen.
Grund: Ein Fehler in der Leiferanschrift.
Sie konnen Ihre Postsendung in unserer Postabteilung personlich kriegen.
Sie sollen dieses Postetikett drucken lassen, um Ihre Postsendung in der Postabteilung empfangen zu konnen.

Vielen Dank!
Deutsche Post AG."
von "no_reply-525@buchloe.de"

Ich hatte diese E-Mail im Postfach meines Onlinekontos bei t-online. Im Anhang war eine zip-Datei, welche ich runtergeladen habe um diese auf meinem Rechner zu entpacken. Aus Gewohnheit habe ich dies vorher noch durch AVIRA Internetsecurity 2012 geprüft, ohne Warnung.

Bei "ersten" Entpackversuch kam eine Fehlermeldung: ca. "unzip konnte nicht ausgeführt werden, da der Pfad xyz ungültig ist. Geistesgegenwärtig habe ich dies gleich nochmals versucht, mit selben Resultat.

Danach habe ich 7-zip runtergeladen und installiert, in dem "Irrglauben" meine ZIP Software geht nicht.
Danach das selbe Spiel. Runterladen, Entpackungsversuch, Fehlermeldung.
Nachdem ich dies dann nochmals versucht habe, kam ich doch mal auf die Idee, dass ich hier massiv daneben gegriffen habe.

Bin dann über Google auf euer Forum gestoßen und habe mich durch einige der vorhandenen gleichartigen Vorgänge gelesen. Nun hoffe ich, ob mir hier einer für mein System Entwarnung geben kann.

Malwarebytes, defogger, OTL und GMER habe ich durchgeführt (logfiles folgen unten). Zudem dem habe ich mit Antivir Internet Security 2012 mein komplettes System prüfen lassen.

Keins der Systeme hat eine Warnung oder sonstiges gefunden.

Vielleicht hilft es euch bei den logfiles. Bei OTL ist schön bei FILES/FOLDERS die Installation von 7-zip zu sehen. 18.01.2012; 18:53 Uhr. D.h. davor und danach habe ich versucht die zip-Datei zu entpacken.

Die zip Datei habe ich auf meinem Rechner gelöscht. Die E-Mail inkl. zip Datei habe ich noch (online).
Falls diese benötigt wird, bitte kurz beschreiben wie und wem ich diese weiterleiten soll.

Malware logfile:
Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.01.18.08

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Andreas :: ANDREAS-PC [Administrator]

Schutz: Aktiviert

18.01.2013 20:58:04
mbam-log-2013-01-18 (20-58-04).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 327022
Laufzeit: 1 Stunde(n), 33 Minute(n), 33 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
OTL logfile
Code:
ATTFilter
OTL logfile created on: 18.01.2013 23:17:56 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Andreas\Downloads
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,59 Gb Available Physical Memory | 53,15% Memory free
6,00 Gb Paging File | 4,08 Gb Available in Paging File | 68,11% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 298,09 Gb Total Space | 242,56 Gb Free Space | 81,37% Space Free | Partition Type: NTFS
 
Computer Name: ANDREAS-PC | User Name: Andreas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.01.18 23:17:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Andreas\Downloads\OTL.exe
PRC - [2012.12.29 00:02:24 | 028,539,392 | ---- | M] (Dropbox, Inc.) -- C:\Users\Andreas\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012.12.15 13:45:12 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\Macromed\Flash\FlashUtil32_11_5_502_135_ActiveX.exe
PRC - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.12.14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.11.30 03:55:25 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2012.11.23 03:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012.11.16 17:33:24 | 000,757,280 | ---- | M] (Microsoft Corporation) -- C:\Programme\Internet Explorer\iexplore.exe
PRC - [2012.09.19 15:27:56 | 001,100,680 | ---- | M] (Spigot, Inc.) -- C:\Programme\Common Files\Spigot\Search Settings\SearchSettings.exe
PRC - [2012.09.19 15:21:14 | 000,795,072 | ---- | M] (Spigot, Inc.) -- C:\Programme\Application Updater\ApplicationUpdater.exe
PRC - [2012.08.13 17:48:26 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.07.30 18:52:25 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2012.07.30 18:50:18 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe
PRC - [2012.07.30 18:50:13 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012.07.30 18:49:49 | 000,375,760 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avmailc.exe
PRC - [2012.07.30 18:49:44 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.07.30 18:49:38 | 000,619,472 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avfwsvc.exe
PRC - [2012.07.20 13:01:51 | 014,134,784 | ---- | M] (Deutsche Telekom AG) -- C:\Programme\Netzmanager\netzmanager.exe
PRC - [2012.07.20 13:00:51 | 002,635,776 | ---- | M] (Deutsche Telekom AG) -- C:\Programme\Netzmanager\NMInfraIS2\Netzmanager_Service.exe
PRC - [2012.06.20 12:18:08 | 001,568,976 | ---- | M] (Ask) -- C:\Programme\Ask.com\Updater\Updater.exe
PRC - [2011.07.31 14:07:18 | 000,189,808 | ---- | M] (Haufe-Lexware GmbH & Co. KG) -- C:\Programme\Common Files\Lexware\Update Manager\LxUpdateManager.exe
PRC - [2011.05.28 13:46:56 | 000,803,728 | ---- | M] (IObit) -- C:\Programme\IObit\Advanced SystemCare 4\PMonitor.exe
PRC - [2011.05.28 13:46:56 | 000,412,560 | ---- | M] (IObit) -- C:\Programme\IObit\Advanced SystemCare 4\ASCTray.exe
PRC - [2011.05.28 13:46:56 | 000,353,168 | ---- | M] (IObit) -- C:\Programme\IObit\Advanced SystemCare 4\ASCService.exe
PRC - [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.11.20 13:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2010.03.05 09:01:46 | 000,862,480 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe
PRC - [2010.03.05 08:43:50 | 000,473,360 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2010.01.09 20:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
PRC - [2009.03.30 14:00:54 | 000,221,184 | ---- | M] (Brother Industries, Ltd.) -- C:\Programme\Brother\Brmfcmon\BrMfcMon.exe
PRC - [2009.02.24 14:47:06 | 000,143,360 | ---- | M] (Brother Industries, Ltd.) -- C:\Programme\Brother\Brmfcmon\BrMfimon.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.01.13 12:55:03 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\302207b4fa3083899fd8ab4db98cecc5\System.Management.ni.dll
MOD - [2013.01.13 12:54:29 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\77dfcfed5fd5f67d0d3edc545935bb21\System.Core.ni.dll
MOD - [2013.01.13 12:51:35 | 017,478,656 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\3e79256ce40faa9682f9e3511ca115ea\System.ServiceModel.ni.dll
MOD - [2013.01.13 12:51:13 | 002,347,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\2ad51da1b752b19c992fcefd56eb7c01\System.Runtime.Serialization.ni.dll
MOD - [2013.01.13 12:51:09 | 001,084,928 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\219c68f83fa608b496b163fd6782e696\System.IdentityModel.ni.dll
MOD - [2013.01.13 12:51:07 | 000,256,000 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\eb33bf977e97e97b12e82c18e36fbaee\SMDiagnostics.ni.dll
MOD - [2013.01.13 12:50:38 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d7d20811a7ce7cc589153648cbb1ce5c\PresentationFramework.Aero.ni.dll
MOD - [2013.01.13 12:50:21 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\0ac577a8ad6528ff03b50db5eeeac8be\System.Web.ni.dll
MOD - [2013.01.13 12:50:09 | 000,628,224 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\01c6cb58745f397c9b7ccf3ab7bfc9cd\System.EnterpriseServices.ni.dll
MOD - [2013.01.13 12:50:08 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\536d704e93ffec9b54e4a0312fb5b996\System.Transactions.ni.dll
MOD - [2013.01.13 12:50:06 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\dd20416f723ee13ffb4173ec1afc4ec4\System.Data.ni.dll
MOD - [2013.01.13 12:49:49 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\ff7c9a4f41f7cccc47e696c11b9f8469\PresentationFramework.ni.dll
MOD - [2013.01.13 12:49:25 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\865d2bf19a7af7fab8660a42d92550fe\System.Windows.Forms.ni.dll
MOD - [2013.01.13 12:49:15 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013.01.13 12:49:09 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\19b3d17c3ce0e264c4fb62028161adf7\PresentationCore.ni.dll
MOD - [2013.01.13 12:48:56 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll
MOD - [2013.01.13 12:48:47 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
MOD - [2013.01.13 12:48:41 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll
MOD - [2013.01.13 12:48:40 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013.01.13 12:48:30 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2013.01.12 17:57:16 | 013,199,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\e43f80b6a3a40323520dd89cb77500a8\System.Windows.Forms.ni.dll
MOD - [2013.01.12 17:57:05 | 001,667,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\b573c6a62bb88df0ee2af59b6a8ca910\System.Drawing.ni.dll
MOD - [2013.01.12 17:56:51 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\43cd41484df96d15df949eb17dd88152\System.Xml.ni.dll
MOD - [2013.01.12 17:56:46 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\5de5d8c1c02e33789e3cf7e3f54c0ec9\System.Configuration.ni.dll
MOD - [2013.01.12 17:56:32 | 009,094,656 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\15872842e3e63ddf0f720f406706198e\System.ni.dll
MOD - [2013.01.12 17:56:20 | 014,412,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3f95a6d480ed1ebe45cf27b770ba94ed\mscorlib.ni.dll
MOD - [2011.05.28 13:47:00 | 000,127,376 | ---- | M] () -- C:\Programme\IObit\Advanced SystemCare 4\ASCv4ExtMenu.dll
MOD - [2011.05.28 13:46:58 | 000,347,024 | ---- | M] () -- C:\Programme\IObit\Advanced SystemCare 4\madexcept_.bpl
MOD - [2011.05.28 13:46:58 | 000,179,088 | ---- | M] () -- C:\Programme\IObit\Advanced SystemCare 4\madbasic_.bpl
MOD - [2011.05.28 13:46:58 | 000,046,480 | ---- | M] () -- C:\Programme\IObit\Advanced SystemCare 4\maddisAsm_.bpl
MOD - [2010.11.13 00:19:34 | 000,098,304 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Serialization.resources\3.0.0.0_de_b77a5c561934e089\System.Runtime.Serialization.resources.dll
MOD - [2010.11.13 00:19:04 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010.11.05 02:58:05 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2009.07.14 09:47:20 | 000,110,592 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationCore.resources\3.0.0.0_de_31bf3856ad364e35\PresentationCore.resources.dll
MOD - [2009.07.14 09:47:15 | 000,167,936 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Xml.resources\2.0.0.0_de_b77a5c561934e089\System.Xml.resources.dll
MOD - [2009.06.10 22:23:19 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2009.02.27 15:38:20 | 000,139,264 | R--- | M] () -- C:\Programme\Brother\BrUtilities\BrLogAPI.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.11.09 11:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.09.19 15:21:14 | 000,795,072 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Programme\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2012.07.30 18:52:25 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.07.30 18:50:18 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService)
SRV - [2012.07.30 18:49:49 | 000,375,760 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService)
SRV - [2012.07.30 18:49:44 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.07.30 18:49:38 | 000,619,472 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avfwsvc.exe -- (AntiVirFirewallService)
SRV - [2012.07.20 13:00:51 | 002,635,776 | ---- | M] (Deutsche Telekom AG) [Auto | Running] -- C:\Programme\Netzmanager\NMInfraIS2\Netzmanager_Service.exe -- (Netzmanager Service)
SRV - [2011.05.28 13:46:56 | 000,353,168 | ---- | M] (IObit) [Auto | Running] -- C:\Programme\IObit\Advanced SystemCare 4\ASCService.exe -- (AdvancedSystemCareService)
SRV - [2010.11.20 13:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2010.03.05 09:01:46 | 000,862,480 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2010.03.05 08:43:50 | 000,473,360 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2010.01.09 20:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010.01.09 20:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2012.12.14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012.12.04 01:12:16 | 000,078,960 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BrSerIb.sys -- (BrSerIb)
DRV - [2012.12.04 01:12:16 | 000,018,800 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BrUsbSib.sys -- (BrUsbSIb)
DRV - [2012.11.13 15:32:10 | 000,112,584 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avfwot.sys -- (avfwot)
DRV - [2012.11.13 15:32:10 | 000,092,008 | ---- | M] (Avira GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avfwim.sys -- (avfwim)
DRV - [2012.07.30 18:53:55 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2012.05.09 17:51:11 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.05.09 17:51:11 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010.11.20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.09.16 16:02:33 | 000,035,040 | ---- | M] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH) [Kernel | On_Demand | Running] -- C:\Programme\Netzmanager\NMInfraIS2\Driver\TelekomNM3.sys -- (TelekomNM3)
DRV - [2010.07.09 23:37:00 | 011,008,040 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010.06.17 14:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.05.31 10:58:34 | 006,638,080 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (netw5v32)
DRV - [2009.12.03 15:48:44 | 000,625,224 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATSwpWDF.sys -- (ATSwpWDF)
DRV - [2009.02.05 17:39:08 | 000,017,064 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SiWinAcc.sys -- (SiFilter)
DRV - [2009.02.05 17:39:00 | 000,012,200 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SiRemFil.sys -- (SiRemFil)
DRV - [2009.02.05 17:38:24 | 000,212,520 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\Si3531.sys -- (Si3531)
DRV - [2007.01.26 20:09:40 | 000,068,954 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\jl2005c.sys -- (JL2005C)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.web.de/br/ie9_startpage
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.web.de/br/ie9_startpage
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 67 FC AA B3 53 3C CB 01  [binary data]
IE - HKCU\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\6.3\pdfforgeToolbarIE.dll (Spigot, Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {6B1D1FB7-7233-4F7C-802C-21A1DDB12754}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{09038620-190C-402B-A92F-18864E6AB22F}: "URL" = hxxp://go.1und1.de/br/ie9_search_web/?su={searchTerms}
IE - HKCU\..\SearchScopes\{40064957-18EB-412d-9146-3F57E8D92EEC}: "URL" = hxxp://go.web.de/br/ie9_search_pic/?su={searchTerms}
IE - HKCU\..\SearchScopes\{5A817CF6-92D5-4DE5-AC38-82DF8A73EF28}: "URL" = hxxp://go.gmx.net/br/ie9_search_web/?su={searchTerms}
IE - HKCU\..\SearchScopes\{6B1D1FB7-7233-4F7C-802C-21A1DDB12754}: "URL" = hxxp://go.web.de/br/ie9_search_web/?su={searchTerms}
IE - HKCU\..\SearchScopes\{8D27B32E-89EE-460e-82D2-5FC354078EAD}: "URL" = hxxp://go.web.de/br/ie9_search_produkte/?su={searchTerms}
IE - HKCU\..\SearchScopes\{DAFD5B58-85CE-4FF0-BDCA-4F57FA4BF57D}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=302398&p={searchTerms}
IE - HKCU\..\SearchScopes\{DCE59F23-A446-45a5-9459-E68FDC0DE38D}: "URL" = hxxp://go.web.de/br/ie9_search_maps/?su={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Andreas\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\toolbar@web.de: C:\Program Files\WEB.DE Toolbar IE8\Firefox\WEBDE_toolbar [2011.04.03 06:59:09 | 000,000,000 | ---D | M]
 
[2012.01.21 13:33:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andreas\AppData\Roaming\mozilla\Extensions
[2012.01.21 13:33:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andreas\AppData\Roaming\mozilla\Extensions\ideskbrowser@haufe.de
 
O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (WEB.DE Konfiguration) - {17166733-40EA-4432-A85C-AE672FF0E236} - C:\ProgramData\1und1InternetExplorerAddon\BHOXML.dll (1&1 Mail & Media GmbH)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\6.3\pdfforgeToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (WEB.DE Toolbar BHO) - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Programme\WEB.DE Toolbar IE8\uitb.dll (1und1 Mail und Media GmbH)
O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\6.3\pdfforgeToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (WEB.DE Toolbar) - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Programme\WEB.DE Toolbar IE8\uitb.dll (1und1 Mail und Media GmbH)
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (WEB.DE Toolbar) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Programme\WEB.DE Toolbar IE8\uitb.dll (1und1 Mail und Media GmbH)
O3 - HKCU\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [LexwareInfoService] C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG)
O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKCU..\Run: [Advanced SystemCare 4] C:\Programme\IObit\Advanced SystemCare 4\ASCTray.exe (IObit)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Andreas\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Meine Dienste.lnk = C:\Programme\Telekom\Meine Dienste\StartMeineDienste.exe (Deutsche Telekom AG)
O4 - Startup: C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Netzmanager.lnk = C:\Programme\Netzmanager\netzmanager.exe (Deutsche Telekom AG)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {BF3CD111-6278-11D2-9EA3-00A0C9251384} hxxp://www.o2c.de/download/O2CPlayer.CAB (O2C-Player Version 1.x)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2E2443F6-C445-46A8-BA35-8501B93201D8}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\haufereader - No CLSID value found
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\webde {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Programme\WEB.DE Toolbar IE8\uitb.dll (1und1 Mail und Media GmbH)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{0d3bf3c8-a843-11df-b797-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{0d3bf3c8-a843-11df-b797-806e6f6e6963}\Shell\AutoRun\command - "" = D:\ArcticReporter.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.01.18 21:19:22 | 000,000,000 | ---D | C] -- C:\Users\Andreas\Desktop\Stick
[2013.01.18 20:43:19 | 000,000,000 | ---D | C] -- C:\Users\Andreas\AppData\Roaming\Malwarebytes
[2013.01.18 20:43:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.01.18 20:43:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.01.18 20:43:12 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013.01.18 20:43:11 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013.01.18 20:42:55 | 000,000,000 | ---D | C] -- C:\Users\Andreas\AppData\Local\Programs
[2013.01.18 18:53:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2013.01.18 18:53:23 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2013.01.16 20:00:47 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.12.30 12:54:08 | 000,000,000 | ---D | C] -- C:\Users\Andreas\AppData\Local\Telekom
[2012.12.30 12:54:00 | 000,457,336 | ---- | C] (Deutsche Telekom AG) -- C:\Windows\System32\MDS_Uninstall.exe
[2012.12.30 12:54:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Telekom
[2012.12.30 12:53:58 | 000,000,000 | ---D | C] -- C:\Program Files\Telekom
[2012.12.30 11:42:20 | 000,000,000 | ---D | C] -- C:\Users\Andreas\AppData\Local\ElevatedDiagnostics
[2012.12.25 10:46:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Netzmanager
[2012.12.25 10:46:18 | 000,000,000 | ---D | C] -- C:\Program Files\Netzmanager
[2012.12.25 10:46:08 | 000,000,000 | -H-D | C] -- C:\ProgramData\{87B61FE8-334F-4066-B7AA-68DC81782D4D}
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.01.18 23:22:53 | 000,472,749 | ---- | M] () -- C:\Users\Andreas\Documents\ANDREAS-PC_Andreas_2013_ 1_18.csv
[2013.01.18 23:16:26 | 000,000,000 | ---- | M] () -- C:\Users\Andreas\defogger_reenable
[2013.01.18 21:19:57 | 000,654,166 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.01.18 21:19:57 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.01.18 21:19:57 | 000,130,006 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.01.18 21:19:57 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.01.18 20:44:29 | 000,014,608 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.01.18 20:44:29 | 000,014,608 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.01.18 20:43:14 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.01.18 20:36:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.01.18 20:36:00 | 2414,682,112 | -HS- | M] () -- C:\hiberfil.sys
[2013.01.18 18:33:07 | 000,002,669 | ---- | M] () -- C:\Users\Public\Desktop\TAXMAN 2013.lnk
[2013.01.16 20:01:02 | 000,001,984 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2013.01.13 12:46:58 | 000,421,328 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.01.05 16:26:28 | 000,000,425 | ---- | M] () -- C:\Windows\BRWMARK.INI
[2013.01.05 16:26:28 | 000,000,027 | ---- | M] () -- C:\Windows\BRPP2KA.INI
[2013.01.01 14:04:08 | 000,000,922 | ---- | M] () -- C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Meine Dienste.lnk
[2012.12.30 12:54:00 | 000,002,254 | ---- | M] () -- C:\Users\Public\Desktop\Meine Dienste.lnk
[2012.12.30 10:42:26 | 000,001,053 | ---- | M] () -- C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012.12.30 10:42:04 | 000,001,025 | ---- | M] () -- C:\Users\Andreas\Desktop\Dropbox.lnk
[2012.12.25 10:46:37 | 000,001,063 | ---- | M] () -- C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Netzmanager.lnk
[2012.12.25 10:46:19 | 000,001,003 | ---- | M] () -- C:\Users\Public\Desktop\Netzmanager.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.01.18 23:16:26 | 000,000,000 | ---- | C] () -- C:\Users\Andreas\defogger_reenable
[2013.01.18 21:24:47 | 000,472,749 | ---- | C] () -- C:\Users\Andreas\Documents\ANDREAS-PC_Andreas_2013_ 1_18.csv
[2013.01.18 20:43:14 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.12.30 12:54:00 | 000,002,254 | ---- | C] () -- C:\Users\Public\Desktop\Meine Dienste.lnk
[2012.12.30 12:54:00 | 000,000,922 | ---- | C] () -- C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Meine Dienste.lnk
[2012.12.25 10:46:37 | 000,001,063 | ---- | C] () -- C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Netzmanager.lnk
[2012.12.25 10:46:19 | 000,001,003 | ---- | C] () -- C:\Users\Public\Desktop\Netzmanager.lnk
[2012.02.27 10:41:52 | 000,202,240 | ---- | C] () -- C:\Windows\System32\LXPrnUtil10.dll
[2012.02.27 10:40:44 | 000,304,128 | ---- | C] () -- C:\Windows\System32\LxDNT100.dll
[2012.02.27 10:38:36 | 000,133,120 | ---- | C] () -- C:\Windows\System32\LxDNTvmc100.dll
[2012.02.27 10:38:18 | 000,069,120 | ---- | C] () -- C:\Windows\System32\LxDNTvm100.dll
[2011.04.03 06:58:41 | 000,000,038 | ---- | C] () -- C:\Windows\System32\ZX9EQJT7_{CBC83C20-7F51-4867-8CFD-E55E5FA6877B}.dat
[2011.03.27 18:42:18 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2010.10.24 13:40:31 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\becker
[2013.01.18 20:37:40 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Dropbox
[2012.01.21 13:33:10 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Haufe Mediengruppe
[2011.07.24 08:49:28 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\IObit
[2010.08.15 12:19:40 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Lexware
[2010.08.15 14:25:25 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Uniblue
[2012.01.15 16:27:21 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Zoner
 
========== Purity Check ==========
 
 

< End of report >
OTL Logfile "extras"?:
Code:
ATTFilter
OTL Extras logfile created on: 18.01.2013 23:17:56 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Andreas\Downloads
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,59 Gb Available Physical Memory | 53,15% Memory free
6,00 Gb Paging File | 4,08 Gb Available in Paging File | 68,11% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 298,09 Gb Total Space | 242,56 Gb Free Space | 81,37% Space Free | Partition Type: NTFS
 
Computer Name: ANDREAS-PC | User Name: Andreas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00E977C5-96DB-4032-9289-CFAAF63E25A4}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{0615A8B2-D8B4-4899-983A-2BDDFAFBE02C}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe | 
"{360E4024-DA02-4F45-A91B-B6CE8FDCDCB4}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{389C62D5-2596-4FA4-A640-0ADD7B5889D4}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{40AA739B-EF99-42B0-B92F-E6D6A250107C}" = lport=139 | protocol=6 | dir=in | app=system | 
"{4893262A-E606-4837-8127-EC1A4D67C8CA}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{4F6E1C88-6FD3-4D9B-934B-1B9ABAF5883F}" = lport=445 | protocol=6 | dir=in | app=system | 
"{57F130B6-0215-485C-A454-B57074E64ACB}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{618FF688-3369-4298-80F2-F62463E0F01E}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{6F8B8F18-0B5E-48A5-85EA-1BF9F0950B87}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{6F8C59BA-2E6B-4860-ACFE-7DE03B2D4BC3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{7BE5CCBD-359F-49B9-9431-F0F28D0FB163}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{7E5EAE7F-180F-411B-A176-718AA7749F25}" = rport=445 | protocol=6 | dir=out | app=system | 
"{8726A51A-257E-4254-BD51-788816D14C09}" = rport=137 | protocol=17 | dir=out | app=system | 
"{93A120DE-F6AF-4BC8-99A3-08E94EFF317D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{99DCD916-B83E-445A-B776-E6573BF82E9C}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{AF6D3409-EF12-48EB-8005-2E44A4A95690}" = lport=137 | protocol=17 | dir=in | app=system | 
"{B7051344-1D0F-49BF-97D3-F8AAF0A5D2E5}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{C99018A0-9EC2-4C9E-9751-DD6755B06261}" = lport=138 | protocol=17 | dir=in | app=system | 
"{CB18B8C3-690D-420B-93BF-ACEF84F0024F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{CF1079A4-76D5-4158-839C-4E75BB6672BE}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{D615C4FE-9B38-4983-B1BE-031C4EE69D8F}" = rport=138 | protocol=17 | dir=out | app=system | 
"{DB235EC6-99A6-438B-A4BA-EFFAED0344AB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{E6A493FE-3C20-43D1-8E75-B308137505AD}" = rport=139 | protocol=6 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{11FDB3FE-A8DE-42C9-82F8-CBBC66FFFCB1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{307E300A-6739-46C9-8780-9D8E1DCF06F2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{340375C7-7E53-44F2-A7EB-B1E7A497F83A}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{5429B0D2-2F46-44A7-B646-34DCE43EEB58}" = protocol=17 | dir=in | app=c:\users\andreas\appdata\roaming\dropbox\bin\dropbox.exe | 
"{552200B4-C59E-4474-A5F1-42670CE77658}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{57CFFC62-8D1A-4D34-83A8-F77A513C7AB4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{5E49D7F9-8245-40B9-89DA-35B53C579BF0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{6FC8360F-D3D4-48B2-98CB-76734930D599}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{887EC8C9-01C0-4441-B23E-4274BAD53D0F}" = protocol=17 | dir=in | app=c:\program files\brother\bradmin light\bradmlight.exe | 
"{962DB5BE-3EB6-4D37-9D25-258BFE9822E6}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{BA94ADD4-5ADE-43F9-B740-87181FC1F69D}" = protocol=6 | dir=in | app=c:\program files\brother\bradmin light\bradmlight.exe | 
"{BEA222FE-B508-42F2-B4B1-9D144E4F3CE4}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{C1E6741A-78B9-4D7A-B8D5-3971E9AB2747}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{C6D9EEE7-B2CB-4729-BB59-EFCCF654FE66}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{CFB58312-4B8F-4F67-B5E4-5F2053535AFB}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{D05EAD91-2832-4C52-AF9F-2EA506560AC5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{D6452021-C45A-4B0A-92CA-B1BEBFD51D04}" = protocol=6 | dir=in | app=c:\users\andreas\appdata\roaming\dropbox\bin\dropbox.exe | 
"{DC88D12C-A897-4A8D-A436-3D6271BF2F2E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{DF65F043-2375-4B03-9F4C-32D9841BC832}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{E2223F77-E660-4D30-BD33-83075FD5BD32}" = protocol=6 | dir=out | app=system | 
"{F2CFDFDA-5374-4D15-B66B-563ED79E0CD1}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{F6581681-D975-442A-8700-D6688F87CE07}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{FE5E598A-8859-40F8-A6EF-DDB81515F3A4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"TCP Query User{87AFBA19-2CD4-444A-84D9-C65240C13606}C:\program files\phenomedia\die ersten 10 jahre\moorhuhn kart 3\moorhuhn_kart3.exe" = protocol=6 | dir=in | app=c:\program files\phenomedia\die ersten 10 jahre\moorhuhn kart 3\moorhuhn_kart3.exe | 
"TCP Query User{C5809F17-71D2-4E29-9A92-EB98F5310E5B}C:\users\andreas\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\andreas\appdata\roaming\dropbox\bin\dropbox.exe | 
"TCP Query User{F08C25F8-5DE8-4B79-87C2-4688FFD6ADFF}C:\users\andreas\appdata\local\microsoft\windows\temporary internet files\content.ie5\ees8t46k\blackshot_garenamessenger_installer.exe" = protocol=6 | dir=in | app=c:\users\andreas\appdata\local\microsoft\windows\temporary internet files\content.ie5\ees8t46k\blackshot_garenamessenger_installer.exe | 
"TCP Query User{FCD4FE47-BFDB-431B-8979-BF520C0FBCFC}C:\program files\phenomedia\die ersten 10 jahre\moorhuhn kart 3\moorhuhn_kart3.exe" = protocol=6 | dir=in | app=c:\program files\phenomedia\die ersten 10 jahre\moorhuhn kart 3\moorhuhn_kart3.exe | 
"UDP Query User{440BD34E-C73E-4D8F-BDEB-87AF8D7D4F0D}C:\users\andreas\appdata\local\microsoft\windows\temporary internet files\content.ie5\ees8t46k\blackshot_garenamessenger_installer.exe" = protocol=17 | dir=in | app=c:\users\andreas\appdata\local\microsoft\windows\temporary internet files\content.ie5\ees8t46k\blackshot_garenamessenger_installer.exe | 
"UDP Query User{66480C7D-1BCB-421C-BEEA-D6E424848D0E}C:\users\andreas\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\andreas\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{76C07919-F096-4D80-847D-7073A5D899D5}C:\program files\phenomedia\die ersten 10 jahre\moorhuhn kart 3\moorhuhn_kart3.exe" = protocol=17 | dir=in | app=c:\program files\phenomedia\die ersten 10 jahre\moorhuhn kart 3\moorhuhn_kart3.exe | 
"UDP Query User{F919533B-0651-442A-BBD8-B952DD04C2C2}C:\program files\phenomedia\die ersten 10 jahre\moorhuhn kart 3\moorhuhn_kart3.exe" = protocol=17 | dir=in | app=c:\program files\phenomedia\die ersten 10 jahre\moorhuhn kart 3\moorhuhn_kart3.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{0197D136-598D-4968-BEEA-91C1B764F05D}" = Lexware buchhalter 2012
"{0F32914F-A633-4516-B531-7084C8F19F93}" = Haufe iDesk-Browser
"{1923679F-C14B-4790-BC54-EFA3FCDE147B}" = Lexware Elster
"{1C12B0B2-91FB-439A-A64D-1A239F0B7FAB}" = Die ersten 10 Jahre
"{1D081AB0-B1CC-11E0-80C0-005056B12123}" = Haufe iDesk-Service
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20E970DF-A7B2-4345-9DEB-72213A29645E}" = Brother MFL-Pro Suite MFC-6490CW
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 37
"{3526C5B8-60EE-4199-BEFD-6BCC86F051B9}" = TAXMAN 2011
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{43B74FAB-FB58-447D-8D3A-5F638AF36FD1}" = Netzmanager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{537575D6-3B96-474C-BD8F-DFF667363DBD}" = Naviextras Toolbox Prerequesities
"{5C5B0836-9648-4057-8044-2DF181E073E2}" = TAXMAN 2010
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8AE7E507-BC49-4DF0-A236-26878691AB53}" = Lexware Info Service
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{97BBECCF-B1FD-4010-8D4B-EFC9E3CCEECF}" = Driver Whiz
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.3 - Deutsch
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{C2F6A415-2A69-48F1-8F91-B9381B33FF1A}" = pdfforge Toolbar v6.3
"{C9CF5815-A175-46F2-A802-F49B9F6A580A}" = FormsForWeb® Filler 3.2
"{D16A2127-B927-4379-B153-3DEC091E4EEB}" = Intel(R) PROSet/Wireless WiFi-Software
"{DB75941E-30C4-4D97-B000-D17C764B998C}" = Brother BRAdmin Light 1.18.0001
"{DF344785-0900-471E-B9F5-6F28C89AF638}" = TAXMAN Bibliothek 2012
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E6C44758-FF49-47D1-8182-65E3818ACE23}" = AuthenTec TrueSuite
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{EB788378-C27A-468F-BEAC-00C123D216E6}" = WEB.DE Toolbar MSVC90 CRT
"{EC2F8A30-787F-4DA5-9A8F-8E7DFE777CC2}" = Servicepack Datumsaktualisierung
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F289D934-2224-473B-B57E-0040D2693F83}" = TAXMAN 2013
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FA3FDB06-3368-4579-B2F2-5AE8AD6E7871}" = TAXMAN 2012
"1&1 Mail & Media GmbH 1und1InternetExplorerAddon" = WEB.DE Internet Explorer Addon
"1&1 Mail & Media GmbH 1und1Softwareaktualisierung" = WEB.DE Softwareaktualisierung
"1&1 Mail & Media GmbH Toolbar IE8" = WEB.DE Toolbar für Internet Explorer
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Advanced SystemCare 4_is1" = Advanced SystemCare 4
"Avira AntiVir Desktop" = Avira Internet Security 2012
"Content Manager 2" = Content Manager 2
"Dual Mode Camera_is1" = Uninstall Dual Mode Camera
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Meine Dienste Software" = Meine Dienste Software
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Netzmanager" = Netzmanager
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"ProInst" = Intel PROSet Wireless
"SystemRequirementsLab" = System Requirements Lab
"Video Journal_is1" = Video Journal Version 2.04
"VLC media player" = VLC media player 1.0.3
"ZonerPhotoStudio10_GER_is1" = Zoner Photo Studio 10
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Avira SearchFree Toolbar plus Web Protection Updater
"Dropbox" = Dropbox
"UnityWebPlayer" = Unity Web Player
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 18.01.2013 18:30:56 | Computer Name = Andreas-PC | Source = Brother BrLog | ID = 1001
Description = WDLMW BrtWDLMW: [2013/01/18 23:30:56.231]: [00003108]: lperrcode->api
 = 1 , lperrcode->code = 2   
 
Error - 18.01.2013 18:30:57 | Computer Name = Andreas-PC | Source = Brother BrLog | ID = 1001
Description = WDLMW BrtWDLMW: [2013/01/18 23:30:57.775]: [00003108]: lperrcode->api
 = 1 , lperrcode->code = 2   
 
Error - 18.01.2013 18:30:59 | Computer Name = Andreas-PC | Source = Brother BrLog | ID = 1001
Description = WDLMW BrtWDLMW: [2013/01/18 23:30:59.320]: [00003108]: lperrcode->api
 = 1 , lperrcode->code = 2   
 
Error - 18.01.2013 18:31:00 | Computer Name = Andreas-PC | Source = Brother BrLog | ID = 1001
Description = WDLMW BrtWDLMW: [2013/01/18 23:31:00.864]: [00003108]: lperrcode->api
 = 1 , lperrcode->code = 2   
 
Error - 18.01.2013 18:31:02 | Computer Name = Andreas-PC | Source = Brother BrLog | ID = 1001
Description = WDLMW BrtWDLMW: [2013/01/18 23:31:02.408]: [00003108]: lperrcode->api
 = 1 , lperrcode->code = 2   
 
Error - 18.01.2013 18:31:03 | Computer Name = Andreas-PC | Source = Brother BrLog | ID = 1001
Description = WDLMW BrtWDLMW: [2013/01/18 23:31:03.953]: [00003108]: lperrcode->api
 = 1 , lperrcode->code = 2   
 
Error - 18.01.2013 18:31:05 | Computer Name = Andreas-PC | Source = Brother BrLog | ID = 1001
Description = WDLMW BrtWDLMW: [2013/01/18 23:31:05.513]: [00003108]: lperrcode->api
 = 1 , lperrcode->code = 2   
 
Error - 18.01.2013 18:31:07 | Computer Name = Andreas-PC | Source = Brother BrLog | ID = 1001
Description = WDLMW BrtWDLMW: [2013/01/18 23:31:07.057]: [00003108]: lperrcode->api
 = 1 , lperrcode->code = 2   
 
Error - 18.01.2013 18:31:08 | Computer Name = Andreas-PC | Source = Brother BrLog | ID = 1001
Description = WDLMW BrtWDLMW: [2013/01/18 23:31:08.602]: [00003108]: lperrcode->api
 = 1 , lperrcode->code = 2   
 
Error - 18.01.2013 18:31:10 | Computer Name = Andreas-PC | Source = Brother BrLog | ID = 1001
Description = WDLMW BrtWDLMW: [2013/01/18 23:31:10.146]: [00003108]: lperrcode->api
 = 1 , lperrcode->code = 2   
 
[ System Events ]
Error - 07.10.2012 02:31:54 | Computer Name = Andreas-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 01.11.2012 13:16:30 | Computer Name = Andreas-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (60000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst ShellHWDetection erreicht.
 
Error - 29.11.2012 11:17:55 | Computer Name = Andreas-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (60000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst LanmanServer erreicht.
 
Error - 02.01.2013 11:38:44 | Computer Name = Andreas-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Netzmanager Infrastruktur Informationssystem Dienst" wurde
 unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen
 werden in 5000 Millisekunden durchgeführt: Neustart des Diensts.
 
Error - 12.01.2013 09:19:03 | Computer Name = Andreas-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Netzmanager Infrastruktur Informationssystem Dienst" wurde
 unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen
 werden in 5000 Millisekunden durchgeführt: Neustart des Diensts.
 
Error - 12.01.2013 12:50:16 | Computer Name = Andreas-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 18.01.2013 17:33:11 | Computer Name = Andreas-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR5 gefunden.
 
Error - 18.01.2013 17:33:12 | Computer Name = Andreas-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR5 gefunden.
 
Error - 18.01.2013 17:33:12 | Computer Name = Andreas-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR5 gefunden.
 
Error - 18.01.2013 17:33:13 | Computer Name = Andreas-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR5 gefunden.
 
 
< End of report >
gmer logfile:
Code:
ATTFilter
GMER 2.0.18444 - hxxp://www.gmer.net
Rootkit scan 2013-01-19 14:22:22
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4 WDC_WD3200BEVT-22ZCT0 rev.11.01A11 298,09GB
Running: gmer-2.0.18444.exe; Driver: C:\Users\Andreas\AppData\Local\Temp\uwtiqfob.sys


---- System - GMER 2.0 ----

SSDT   8EA53076                                                                                                                      ZwCreateSection
SSDT   8EA5304E                                                                                                                      ZwCreateSymbolicLinkObject
SSDT   8EA53053                                                                                                                      ZwLoadDriver
SSDT   8EA53049                                                                                                                      ZwOpenSection
SSDT   8EA53080                                                                                                                      ZwRequestWaitReplyPort
SSDT   8EA5307B                                                                                                                      ZwSetContextThread
SSDT   8EA53085                                                                                                                      ZwSetSecurityObject
SSDT   8EA53058                                                                                                                      ZwSetSystemInformation
SSDT   8EA5308A                                                                                                                      ZwSystemDebugControl
SSDT   8EA53017                                                                                                                      ZwTerminateProcess
SSDT   8EA53012                                                                                                                      ZwWriteVirtualMemory

---- Kernel code sections - GMER 2.0 ----

.text  ntkrnlpa.exe!ZwRollbackEnlistment + 140D                                                                                      82C47A49 1 Byte  [06]
.text  ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                                                        82C814D2 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text  ntkrnlpa.exe!KeRemoveQueueEx + 11F7                                                                                           82C8862C 4 Bytes  [76, 30, A5, 8E]
.text  ntkrnlpa.exe!KeRemoveQueueEx + 11FF                                                                                           82C88634 4 Bytes  [4E, 30, A5, 8E]
.text  ntkrnlpa.exe!KeRemoveQueueEx + 1313                                                                                           82C88748 4 Bytes  [53, 30, A5, 8E]
.text  ntkrnlpa.exe!KeRemoveQueueEx + 13AF                                                                                           82C887E4 4 Bytes  [49, 30, A5, 8E]
.text  ntkrnlpa.exe!KeRemoveQueueEx + 1553                                                                                           82C88988 4 Bytes  [80, 30, A5, 8E]
.text  ...                                                                                                                           
PAGE   peauth.sys                                                                                                                    9C561B9B 72 Bytes  [27, E8, 7F, A4, BD, B9, 83, ...]

---- User code sections - GMER 2.0 ----

.text  C:\Program Files\Internet Explorer\iexplore.exe[3924] kernel32.dll!CreateThread                                               75E7DCC2 5 Bytes  JMP 64FD75DB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[3924] ADVAPI32.dll!RegSetValueExW                                             75D914D6 6 Bytes  JMP 73481581 C:\Program Files\Common Files\Spigot\Search Settings\wth153.dll (WTH Dynamic Link Library/Spigot, Inc.)
.text  C:\Program Files\Internet Explorer\iexplore.exe[3924] USER32.dll!EnableWindow                                                 76448D02 5 Bytes  JMP 65019EB4 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[3924] USER32.dll!GetAsyncKeyState                                             7644A256 5 Bytes  JMP 64FBDED5 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[3924] USER32.dll!CallNextHookEx                                               7644ABE1 5 Bytes  JMP 65037FDF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[3924] USER32.dll!UnhookWindowsHookEx                                          7644ADF9 5 Bytes  JMP 6505ED00 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[3924] USER32.dll!DefWindowProcA                                               7644BB1C 7 Bytes  JMP 64FD9805 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[3924] USER32.dll!CreateWindowExA                                              7644BF40 5 Bytes  JMP 64FE363B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[3924] USER32.dll!SetWindowsHookExW                                            7644E30C 5 Bytes  JMP 650125AC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[3924] USER32.dll!CreateWindowExW                                              7644EC7C 5 Bytes  JMP 650403CF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[3924] USER32.dll!GetKeyState                                                  76452B4D 5 Bytes  JMP 64FBDDAB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[3924] USER32.dll!IsDialogMessageW                                             76454104 5 Bytes  JMP 65169A7A C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[3924] USER32.dll!DefWindowProcW                                               7645507D 7 Bytes  JMP 65038042 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[3924] USER32.dll!CreateDialogParamA                                           76461F42 5 Bytes  JMP 651692E8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[3924] USER32.dll!IsDialogMessage                                              76462019 5 Bytes  JMP 65169A52 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[3924] USER32.dll!DialogBoxParamW                                              76463B9B 5 Bytes  JMP 64F71893 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[3924] USER32.dll!CreateDialogIndirectParamA                                   7646721D 5 Bytes  JMP 65169358 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[3924] USER32.dll!CreateDialogIndirectParamW                                   7646EA10 5 Bytes  JMP 65169390 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[3924] USER32.dll!DialogBoxIndirectParamW                                      76473B7F 5 Bytes  JMP 65168FB6 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[3924] USER32.dll!EndDialog                                                    76473BA3 5 Bytes  JMP 65169D26 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[3924] USER32.dll!CreateDialogParamW                                           76475630 5 Bytes  JMP 65169320 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[3924] USER32.dll!SetKeyboardState                                             7647695A 5 Bytes  JMP 6516A341 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[3924] USER32.dll!SendInput                                                    76477019 5 Bytes  JMP 6516A2E9 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[3924] USER32.dll!SetCursorPos                                                 7648C1B0 5 Bytes  JMP 6516A3C2 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[3924] USER32.dll!DialogBoxParamA                                              7648CF42 5 Bytes  JMP 65168F51 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[3924] USER32.dll!DialogBoxIndirectParamA                                      7648D274 5 Bytes  JMP 6516901B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[3924] USER32.dll!MessageBoxIndirectA                                          7649E869 5 Bytes  JMP 65168ED8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[3924] USER32.dll!MessageBoxIndirectW                                          7649E963 5 Bytes  JMP 65168E5F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[3924] USER32.dll!MessageBoxExA                                                7649E9C9 5 Bytes  JMP 65168DFB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[3924] USER32.dll!MessageBoxExW                                                7649E9ED 5 Bytes  JMP 65168D97 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[3924] USER32.dll!keybd_event                                                  7649EC3B 5 Bytes  JMP 6516A2A6 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[3924] SHELL32.dll!RealDriveType + 173D                                        7682FE30 4 Bytes  [CF, 01, E2, 72]
.text  C:\Program Files\Internet Explorer\iexplore.exe[3924] SHELL32.dll!RealDriveType + 1745                                        7682FE38 8 Bytes  [E0, 61, E1, 72, 79, F7, E1, ...] {LOOPNZ 0x63; LOOPZ 0x76; JNS 0xfffffffd; LOOPZ 0x7a}
.text  C:\Program Files\Internet Explorer\iexplore.exe[3924] ole32.dll!OleLoadFromStream                                             773E6143 5 Bytes  JMP 65169784 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[4544] ADVAPI32.dll!RegSetValueExW                                             75D914D6 6 Bytes  JMP 73481581 C:\Program Files\Common Files\Spigot\Search Settings\wth153.dll (WTH Dynamic Link Library/Spigot, Inc.)
.text  C:\Program Files\Internet Explorer\iexplore.exe[4544] ADVAPI32.dll!RegSetValueW                                               75DAA68A 6 Bytes  JMP 7348155E C:\Program Files\Common Files\Spigot\Search Settings\wth153.dll (WTH Dynamic Link Library/Spigot, Inc.)
.text  C:\Program Files\Internet Explorer\iexplore.exe[4544] USER32.dll!EnableWindow                                                 76448D02 5 Bytes  JMP 65019EB4 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[4544] USER32.dll!DialogBoxParamW                                              76463B9B 5 Bytes  JMP 64F71893 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[4544] USER32.dll!DialogBoxIndirectParamW                                      76473B7F 5 Bytes  JMP 65168FB6 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[4544] USER32.dll!DialogBoxParamA                                              7648CF42 5 Bytes  JMP 65168F51 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[4544] USER32.dll!DialogBoxIndirectParamA                                      7648D274 5 Bytes  JMP 6516901B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[4544] USER32.dll!MessageBoxIndirectA                                          7649E869 5 Bytes  JMP 65168ED8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[4544] USER32.dll!MessageBoxIndirectW                                          7649E963 5 Bytes  JMP 65168E5F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[4544] USER32.dll!MessageBoxExA                                                7649E9C9 5 Bytes  JMP 65168DFB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[4544] USER32.dll!MessageBoxExW                                                7649E9ED 5 Bytes  JMP 65168D97 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[5836] kernel32.dll!CreateThread                                               75E7DCC2 5 Bytes  JMP 64FD75DB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[5836] ADVAPI32.dll!RegSetValueExW                                             75D914D6 6 Bytes  JMP 73481581 C:\Program Files\Common Files\Spigot\Search Settings\wth153.dll (WTH Dynamic Link Library/Spigot, Inc.)
.text  C:\Program Files\Internet Explorer\iexplore.exe[5836] USER32.dll!EnableWindow                                                 76448D02 5 Bytes  JMP 65019EB4 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[5836] USER32.dll!GetAsyncKeyState                                             7644A256 5 Bytes  JMP 64FBDED5 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[5836] USER32.dll!CallNextHookEx                                               7644ABE1 5 Bytes  JMP 65037FDF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[5836] USER32.dll!UnhookWindowsHookEx                                          7644ADF9 5 Bytes  JMP 6505ED00 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[5836] USER32.dll!DefWindowProcA                                               7644BB1C 7 Bytes  JMP 64FD9805 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[5836] USER32.dll!CreateWindowExA                                              7644BF40 5 Bytes  JMP 64FE363B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[5836] USER32.dll!SetWindowsHookExW                                            7644E30C 5 Bytes  JMP 650125AC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[5836] USER32.dll!CreateWindowExW                                              7644EC7C 5 Bytes  JMP 650403CF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[5836] USER32.dll!GetKeyState                                                  76452B4D 5 Bytes  JMP 64FBDDAB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[5836] USER32.dll!IsDialogMessageW                                             76454104 5 Bytes  JMP 65169A7A C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[5836] USER32.dll!DefWindowProcW                                               7645507D 7 Bytes  JMP 65038042 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[5836] USER32.dll!CreateDialogParamA                                           76461F42 5 Bytes  JMP 651692E8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[5836] USER32.dll!IsDialogMessage                                              76462019 5 Bytes  JMP 65169A52 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[5836] USER32.dll!DialogBoxParamW                                              76463B9B 5 Bytes  JMP 64F71893 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[5836] USER32.dll!CreateDialogIndirectParamA                                   7646721D 5 Bytes  JMP 65169358 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[5836] USER32.dll!CreateDialogIndirectParamW                                   7646EA10 5 Bytes  JMP 65169390 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[5836] USER32.dll!DialogBoxIndirectParamW                                      76473B7F 5 Bytes  JMP 65168FB6 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[5836] USER32.dll!EndDialog                                                    76473BA3 5 Bytes  JMP 65169D26 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[5836] USER32.dll!CreateDialogParamW                                           76475630 5 Bytes  JMP 65169320 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[5836] USER32.dll!SetKeyboardState                                             7647695A 5 Bytes  JMP 6516A341 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[5836] USER32.dll!SendInput                                                    76477019 5 Bytes  JMP 6516A2E9 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[5836] USER32.dll!SetCursorPos                                                 7648C1B0 5 Bytes  JMP 6516A3C2 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[5836] USER32.dll!DialogBoxParamA                                              7648CF42 5 Bytes  JMP 65168F51 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[5836] USER32.dll!DialogBoxIndirectParamA                                      7648D274 5 Bytes  JMP 6516901B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[5836] USER32.dll!MessageBoxIndirectA                                          7649E869 5 Bytes  JMP 65168ED8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[5836] USER32.dll!MessageBoxIndirectW                                          7649E963 5 Bytes  JMP 65168E5F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[5836] USER32.dll!MessageBoxExA                                                7649E9C9 5 Bytes  JMP 65168DFB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[5836] USER32.dll!MessageBoxExW                                                7649E9ED 5 Bytes  JMP 65168D97 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[5836] USER32.dll!keybd_event                                                  7649EC3B 5 Bytes  JMP 6516A2A6 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text  C:\Program Files\Internet Explorer\iexplore.exe[5836] SHELL32.dll!RealDriveType + 173D                                        7682FE30 4 Bytes  [CF, 01, E2, 72]
.text  C:\Program Files\Internet Explorer\iexplore.exe[5836] SHELL32.dll!RealDriveType + 1745                                        7682FE38 8 Bytes  [E0, 61, E1, 72, 79, F7, E1, ...] {LOOPNZ 0x63; LOOPZ 0x76; JNS 0xfffffffd; LOOPZ 0x7a}
.text  C:\Program Files\Internet Explorer\iexplore.exe[5836] ole32.dll!OleLoadFromStream                                             773E6143 5 Bytes  JMP 65169784 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

---- Registry - GMER 2.0 ----

Reg    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ffwp\OpenWithProgids@Lucom GmbH.FormsForWeb\xae Filler 3.2  

---- EOF - GMER 2.0 ----
Vielen Dank für eure Hilfe.

 

Themen zu Deutsche Post Service E-Mail; Anhang geöffnet (Trojaner?)
7-zip, antivir, autorun, avira, avira searchfree toolbar, bho, desktop, e-mail, error, fehler, firefox, flash player, google, helper, home, installation, kunde, object, pdfforge toolbar, plug-in, registry, scan, security, senden, software, svchost.exe, system, systemcare, trojaner, trojaner?, zip-datei


« exploit.drop.gsa eingefangen | GVU Trojaner eingefangen.Windows XP.Abgesicherter Modus nicht moeglich. »


Ähnliche Themen: Deutsche Post Service E-Mail; Anhang geöffnet (Trojaner?)


  1. Trojaner durch Fake- Deutsche Post Mail eingefangen
    Log-Analyse und Auswertung - 10.01.2015 (14)
  2. E-Mail Anhang herruntergeladen und geöffnet von eindeutig unseriösem Absender (Service AG Download)
    Log-Analyse und Auswertung - 07.05.2014 (10)
  3. Mail mit ZIP-Datei im Anhang geöffnet - Trojaner?
    Log-Analyse und Auswertung - 14.05.2013 (9)
  4. E-Mail Deutsche Post - ein Fehler in der Lieferanschrift
    Plagegeister aller Art und deren Bekämpfung - 04.04.2013 (4)
  5. Misteriöse e-mail von: Deutsche Post !
    Diskussionsforum - 12.02.2013 (11)
  6. Deutsche Post Mail
    Plagegeister aller Art und deren Bekämpfung - 05.02.2013 (17)
  7. Deutsche Post E-Mail
    Plagegeister aller Art und deren Bekämpfung - 05.02.2013 (5)
  8. Deutsche Post Email Anhang geöffnet
    Log-Analyse und Auswertung - 31.12.2012 (24)
  9. Deutsche Post-mail mit Rogue.PCDefenderPlus
    Plagegeister aller Art und deren Bekämpfung - 25.12.2012 (20)
  10. Trojaner durch Deutsche Post E-Mail
    Log-Analyse und Auswertung - 14.11.2012 (3)
  11. Trojaner aus Deutsche Post Fake Mail
    Plagegeister aller Art und deren Bekämpfung - 12.11.2012 (22)
  12. Deutsche Post Mail-Attacke - Live Platinum Trojaner + Kazy Trojaner
    Log-Analyse und Auswertung - 02.10.2012 (5)
  13. E-Mail: Deutsche Post. Ein Fehler in der Lieferanschrift.
    Plagegeister aller Art und deren Bekämpfung - 03.08.2012 (33)
  14. Trojaner auf dem PC wg Phishing-Mail (Deutsche Post) (BrowserModifier win32 zwangi)
    Plagegeister aller Art und deren Bekämpfung - 25.07.2012 (10)
  15. Trojaner nach falscher Deutsche-Post e-mail.
    Log-Analyse und Auswertung - 13.06.2012 (1)
  16. GMX Mail mit Anhang Rechnung geöffnet= Trojaner
    Plagegeister aller Art und deren Bekämpfung - 04.06.2012 (1)
  17. UPS-Mail Anhang geöffnet -> Verschiedene Trojaner auf Rechner
    Log-Analyse und Auswertung - 09.02.2010 (3)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Deutsche Post Service E-Mail; Anhang geöffnet (Trojaner?) - Hallo Zusammen. Wie der Titel schon sagt habe ich in einem Zustand der "geistigen Verwirrung" die ZIP Datei eine "Deutsche Post Service" E-Mail geöffent. "Lieber Kunde, Es ist unserem Boten - Deutsche Post Service E-Mail; Anhang geöffnet (Trojaner?)...
Archiv
Du betrachtest: Deutsche Post Service E-Mail; Anhang geöffnet (Trojaner?) auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19