|
Log-Analyse und Auswertung: Passwörter wurden ausspioniertWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
14.02.2013, 11:03 | #16 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Passwörter wurden ausspioniert Unauffällig adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen Downloade Dir bitte AdwCleaner auf deinen Desktop.
Danach eine Kontrolle mit OTL bitte:
__________________ Logfiles bitte immer in CODE-Tags posten |
14.02.2013, 15:04 | #17 |
| Passwörter wurden ausspioniert Ergebnis adwCleaner:
__________________Code:
ATTFilter # AdwCleaner v2.112 - Datei am 14/02/2013 um 14:36:25 erstellt # Aktualisiert am 10/02/2013 von Xplode # Betriebssystem : Windows 7 Professional Service Pack 1 (32 bits) # Benutzer : ***** - *****-PC # Bootmodus : Normal # Ausgeführt unter : C:\Users\*****\Desktop\adwcleaner0.exe # Option [Löschen] **** [Dienste] **** ***** [Dateien / Ordner] ***** Datei Gelöscht : C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\5wwtk2d4.default\searchplugins\Askcom.xml Ordner Gelöscht : C:\ProgramData\Ask ***** [Registrierungsdatenbank] ***** Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\PriceGong Schlüssel Gelöscht : HKCU\Software\Blabbers Schlüssel Gelöscht : HKCU\Software\BrowserCompanion Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{31AD400D-1B06-4E33-A59A-90C2C140CBA0} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{31AD400D-1B06-4E33-A59A-90C2C140CBA0} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113} Schlüssel Gelöscht : HKLM\Software\BrowserCompanion Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{20EDC024-43C5-423E-B7F5-FD93523E0D9F} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{373ED12D-B306-43AC-9485-A7C5133DC34C} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{ED6535E7-F778-48A5-A060-549D30024511} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\tdataprotocol.DLL Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\updatebho.DLL Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\wit4ie.DLL Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{63E471BB-23F1-3A92-8D43-4079E7B7FA8E} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{B397BC55-576C-39E6-BF64-9E2A96317447} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{B973AB12-952F-31C4-A321-E8FA6FE4421E} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EC5983DF-8DE2-31B5-989F-850F265E7F3C} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\LinkurySmartBar.BHO Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\LinkurySmartBar.DockingPanel Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\LinkurySmartBar.LinkuryMenuForm Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\LinkurySmartBar.LinkurySmartBar Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\LinkurySmartBar.LinkurySmartBarBandObject Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}] ***** [Internet Browser] ***** -\\ Internet Explorer v9.0.8112.16464 [OK] Die Registrierungsdatenbank ist sauber. -\\ Mozilla Firefox v [Version kann nicht ermittelt werden] Datei : C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\5wwtk2d4.default\prefs.js C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\5wwtk2d4.default\user.js ... Gelöscht ! Gelöscht : user_pref("browser.search.order.1", "Ask.com"); Gelöscht : user_pref("browser.search.selectedEngine", "Ask.com"); Gelöscht : user_pref("keyword.URL", "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=ORJ&o=&locale=&apn_u[...] Gelöscht : user_pref("browser.search.defaultengine", "Ask.com"); Gelöscht : user_pref("browser.search.defaultenginename", "Ask.com"); Gelöscht : user_pref("extensions.asktb.ff-original-keyword-url", """); -\\ Google Chrome v [Version kann nicht ermittelt werden] Datei : C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] Die Datei ist sauber. ************************* AdwCleaner[S1].txt - [4018 octets] - [14/02/2013 14:36:25] ########## EOF - C:\AdwCleaner[S1].txt - [4078 octets] ########## Code:
ATTFilter OTL logfile created on: 14.02.2013 14:42:17 - Run 4 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\*****\Desktop Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,99 Gb Total Physical Memory | 1,86 Gb Available Physical Memory | 61,97% Memory free 5,99 Gb Paging File | 4,58 Gb Available in Paging File | 76,56% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 119,24 Gb Total Space | 23,06 Gb Free Space | 19,34% Space Free | Partition Type: NTFS Computer Name: *****-PC | User Name: ***** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\*****\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\G Data\InternetSecurity\AVKTray\AVKTray.exe (G Data Software AG) PRC - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation) PRC - C:\Programme\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH) PRC - C:\Programme\G Data\InternetSecurity\AVK\AVKWCtl.exe (G Data Software AG) PRC - C:\Programme\G Data\InternetSecurity\Firewall\GDFirewallTray.exe (G Data Software AG) PRC - C:\Programme\G Data\InternetSecurity\Firewall\GDFwSvc.exe (G Data Software AG) PRC - C:\Programme\Common Files\G Data\AVKProxy\AVKProxy.exe (G Data Software AG) PRC - C:\Programme\G Data\InternetSecurity\AVK\AVKService.exe (G Data Software AG) PRC - C:\Programme\Secunia\PSI\sua.exe (Secunia) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Programme\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.) PRC - C:\Programme\Spybot - Search & Destroy 2\SDWSCSvc.exe (Safer-Networking Ltd.) PRC - C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.) PRC - C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.) PRC - C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe (TuneUp Software) PRC - C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe (TuneUp Software) PRC - C:\Programme\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis) PRC - C:\Programme\Internet Explorer\ielowutil.exe (Microsoft Corporation) PRC - C:\Programme\Common Files\G Data\GDScan\GDScan.exe (G Data Software AG) PRC - C:\Programme\HTC\Internet Pass-Through\PassThruSvr.exe () PRC - C:\Programme\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis) PRC - C:\Programme\Common Files\Acronis\Schedule2\schedul2.exe (Acronis) PRC - C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis) PRC - C:\Programme\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe (Acronis) PRC - C:\Programme\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft IntelliPoint\dpupdchk.exe (Microsoft Corporation) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) PRC - C:\Programme\Samsung\Easy Display Manager\dmhkcore.exe (Samsung Electronics Co., Ltd.) PRC - C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) PRC - C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.) PRC - \\?\C:\Windows\System32\wbem\WMIADAP.EXE () ========== Modules (No Company Name) ========== MOD - C:\Programme\Spybot - Search & Destroy 2\snlFileFormats150.bpl () MOD - C:\Programme\Spybot - Search & Destroy 2\snlThirdParty150.bpl () MOD - C:\Programme\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl () MOD - C:\Programme\Spybot - Search & Destroy 2\JSDialogPack150.bpl () MOD - C:\Programme\Spybot - Search & Destroy 2\DEC150.bpl () MOD - C:\Programme\Acronis\TrueImageHome\Common\ti_managers.dll () MOD - C:\Programme\Samsung\Easy Display Manager\HookDllPS2.dll () ========== Services (SafeList) ========== SRV - (SDWSCService) -- C:\Program Files\Spybot File not found SRV - (SDUpdateService) -- C:\Program Files\Spybot File not found SRV - (SDScannerService) -- C:\Program Files\Spybot File not found SRV - (HPSLPSVC) -- C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL File not found SRV - (TeamViewer8) -- C:\Programme\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (AVKWCtl) -- C:\Programme\G Data\InternetSecurity\AVK\AVKWCtl.exe (G Data Software AG) SRV - (GDFwSvc) -- C:\Programme\G Data\InternetSecurity\Firewall\GDFwSvc.exe (G Data Software AG) SRV - (AVKProxy) -- C:\Programme\Common Files\G Data\AVKProxy\AVKProxy.exe (G Data Software AG) SRV - (AVKService) -- C:\Programme\G Data\InternetSecurity\AVK\AVKService.exe (G Data Software AG) SRV - (Secunia PSI Agent) -- C:\Programme\Secunia\PSI\psia.exe (Secunia) SRV - (Secunia Update Agent) -- C:\Programme\Secunia\PSI\sua.exe (Secunia) SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies) SRV - (TuneUp.UtilitiesSvc) -- C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe (TuneUp Software) SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software) SRV - (afcdpsrv) -- C:\Programme\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis) SRV - (GDScan) -- C:\Programme\Common Files\G Data\GDScan\GDScan.exe (G Data Software AG) SRV - (PassThru Service) -- C:\Programme\HTC\Internet Pass-Through\PassThruSvr.exe () SRV - (AcrSch2Svc) -- C:\Programme\Common Files\Acronis\Schedule2\schedul2.exe (Acronis) SRV - (wlidsvc) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) SRV - (btwdins) -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.) SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (IntcAzAudAddService) -- system32\drivers\RTKVHDA.sys File not found DRV - (GRD) -- C:\Windows\System32\drivers\GRD.sys (G Data Software) DRV - (GDPkIcpt) -- C:\Windows\System32\drivers\PktIcpt.sys (G Data Software AG) DRV - (HookCentre) -- C:\Windows\System32\drivers\HookCentre.sys (G Data Software AG) DRV - (GDMnIcpt) -- C:\Windows\System32\drivers\MiniIcpt.sys (G Data Software AG) DRV - (GDBehave) -- C:\Windows\System32\drivers\GDBehave.sys (G Data Software AG) DRV - (gdwfpcd) -- C:\Windows\System32\drivers\gdwfpcd32.sys (G Data Software AG) DRV - (aswKbd) -- C:\Windows\System32\drivers\aswKbd.sys (AVAST Software) DRV - (ssudmdm) -- C:\Windows\System32\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr)) DRV - (dg_ssudbus) -- C:\Windows\System32\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr)) DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV - (nhcDriverDevice) -- C:\Windows\System32\drivers\nhcDriver.sys (pBUS-167 Software - hxxp://www.pbus-167.com) DRV - (afcdp) -- C:\Windows\System32\drivers\afcdp.sys (Acronis) DRV - (tdrpman273) -- C:\Windows\System32\drivers\tdrpm273.sys (Acronis) DRV - (timounter) -- C:\Windows\System32\drivers\timntr.sys (Acronis) DRV - (snapman) -- C:\Windows\System32\drivers\snapman.sys (Acronis) DRV - (TuneUpUtilitiesDrv) -- C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys (TuneUp Software) DRV - (SGDrv) -- C:\Windows\System32\drivers\SGDrv.sys (Phoenix Technologies Ltd.) DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation) DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation) DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation) DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation) DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation) DRV - (PSI) -- C:\Windows\System32\drivers\psi_mf.sys (Secunia) DRV - (RTL8192cu) -- C:\Windows\System32\drivers\RTL8192cu.sys (Realtek Semiconductor Corporation ) DRV - (htcnprot) -- C:\Windows\System32\drivers\htcnprot.sys (Windows (R) Win 7 DDK provider) DRV - (NETw5s32) -- C:\Windows\System32\drivers\NETw5s32.sys (Intel Corporation) DRV - (HTCAND32) -- C:\Windows\System32\drivers\ANDROIDUSB.sys (HTC, Corporation) DRV - (yukonw7) -- C:\Windows\System32\drivers\yk62x86.sys () DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation) DRV - (netw5v32) -- C:\Windows\System32\drivers\netw5v32.sys (Intel Corporation) DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-1070405161-3628688422-3222507501-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.bing.com/search?q={searchTerms} IE - HKU\S-1-5-21-1070405161-3628688422-3222507501-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms} IE - HKU\S-1-5-21-1070405161-3628688422-3222507501-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.sparkasse-donnersberg.d [Binary data over 200 bytes] IE - HKU\S-1-5-21-1070405161-3628688422-3222507501-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\S-1-5-21-1070405161-3628688422-3222507501-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-1070405161-3628688422-3222507501-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKU\S-1-5-21-1070405161-3628688422-3222507501-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = CE 5F 40 57 B1 66 CD 01 [binary data] IE - HKU\S-1-5-21-1070405161-3628688422-3222507501-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.bing.com/search?q={searchTerms} IE - HKU\S-1-5-21-1070405161-3628688422-3222507501-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.bing.com/search?q={searchTerms} IE - HKU\S-1-5-21-1070405161-3628688422-3222507501-1000\..\SearchScopes,DefaultScope = {D9980A29-828C-40F1-BB67-33A377943064} IE - HKU\S-1-5-21-1070405161-3628688422-3222507501-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\S-1-5-21-1070405161-3628688422-3222507501-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\S-1-5-21-1070405161-3628688422-3222507501-1000\..\SearchScopes\{6D5CDEFB-E9D5-43B6-AD82-AB49A83BA510}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=57B18066-1B7A-4F7F-8EBC-00009A96EF15&apn_sauid=AF125CFB-62D1-4F8C-AF52-4F337E37220A IE - HKU\S-1-5-21-1070405161-3628688422-3222507501-1000\..\SearchScopes\{D9980A29-828C-40F1-BB67-33A377943064}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}&rlz= IE - HKU\S-1-5-21-1070405161-3628688422-3222507501-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.t-online.de/|hxxp://www.sparkasse-donnersberg.de/|hxxp://www.amazon.de/|hxxp://www.google.de/|hxxp://www.androidpit.de/|hxxp://www.youtube.com/|hxxp://www.otto.de/|hxxp://www.chefkoch.de/" FF - prefs.js..extensions.enabledAddons: wrc@avast.com:7.0.1466 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101727.dll (Amazon.com, Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012.09.18 19:09:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\Extensions [2013.01.04 15:58:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\5wwtk2d4.default\extensions ========== Chrome ========== CHR - homepage: hxxp://www.google.com CHR - homepage: hxxp://www.google.com CHR - Extension: Google Drive = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\ CHR - Extension: YouTube = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google-Suche = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Browser Companion Helper = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\kolgnaidildmdbfgdnoapjdianbpajne\1.0.5_0\ CHR - Extension: Google Mail = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (G Data BankGuard) - {BA3295CF-17ED-4F49-9E95-D999A0ADBFDC} - C:\Programme\Common Files\G Data\AVKProxy\BanksafeBHO.dll (G Data Software AG) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis) O4 - HKLM..\Run: [G Data AntiVirus Tray Application] C:\Programme\G Data\InternetSecurity\AVKTray\AVKTray.exe (G Data Software AG) O4 - HKLM..\Run: [GDFirewallTray] C:\Programme\G Data\InternetSecurity\Firewall\GDFirewallTray.exe (G Data Software AG) O4 - HKLM..\Run: [Logitech Download Assistant] C:\Windows\System32\LogiLDA.dll (Logitech, Inc.) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [SAOB Monitor] C:\Programme\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe (Acronis) O4 - HKLM..\Run: [SDTray] C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.) O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis) O4 - HKU\S-1-5-21-1070405161-3628688422-3222507501-1000..\Run: [] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe File not found O4 - HKU\S-1-5-21-1070405161-3628688422-3222507501-1000..\Run: [Spybot-S&D Cleaning] C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe (Safer-Networking Ltd.) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 60 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O7 - HKU\S-1-5-21-1070405161-3628688422-3222507501-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1070405161-3628688422-3222507501-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2 O7 - HKU\S-1-5-21-1070405161-3628688422-3222507501-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1 O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E8237144-1CFB-47A0-9C7F-0F988FA1A754}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\livecall - No CLSID value found O18 - Protocol\Handler\msnim - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 0 O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{d27b381d-45f9-11e2-a2bd-0002721a8cb0}\Shell - "" = AutoRun O33 - MountPoints2\{d27b381d-45f9-11e2-a2bd-0002721a8cb0}\Shell\AutoRun\command - "" = E:\HTC_Sync_Manager_PC.exe O33 - MountPoints2\E\Shell - "" = AutoRun O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\HTC_Sync_Manager_PC.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.02.14 14:41:40 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\*****\Desktop\OTL.exe [2013.02.13 23:42:20 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\G DATA [2013.02.13 23:36:42 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{3DCC76AE-AF58-4B88-8DED-2A572C6983C9} [2013.02.13 09:20:23 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2013.02.13 09:20:21 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2013.02.13 09:20:21 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2013.02.13 09:20:21 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2013.02.13 09:20:20 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2013.02.13 09:20:19 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2013.02.13 09:20:18 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2013.02.13 09:20:16 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2013.02.13 09:04:53 | 002,347,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2013.02.13 09:04:33 | 003,967,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2013.02.13 09:04:32 | 003,913,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2013.02.13 09:04:29 | 000,187,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\FWPKCLNT.SYS [2013.02.13 09:04:25 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll [2013.02.09 20:52:38 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.4.1 [2013.02.09 20:38:03 | 000,015,600 | ---- | C] (G Data Software) -- C:\Windows\System32\drivers\GdPhyMem.sys [2013.02.09 20:35:47 | 000,030,416 | ---- | C] (G Data Software) -- C:\Windows\System32\drivers\GRD.sys [2013.02.09 20:32:03 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\Secunia PSI [2013.02.09 20:31:49 | 000,000,000 | ---D | C] -- C:\Program Files\Secunia [2013.02.02 12:51:13 | 000,011,240 | ---- | C] (G Data Software AG) -- C:\Windows\System32\GdScrSv.de.dll [2013.02.02 12:36:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\G Data InternetSecurity 2013 [2013.02.02 12:35:44 | 000,051,616 | ---- | C] (G Data Software AG) -- C:\Windows\System32\drivers\PktIcpt.sys [2013.02.02 12:32:55 | 000,050,080 | ---- | C] (G Data Software AG) -- C:\Windows\System32\drivers\HookCentre.sys [2013.02.02 12:32:11 | 000,093,600 | ---- | C] (G Data Software AG) -- C:\Windows\System32\drivers\MiniIcpt.sys [2013.02.02 12:31:57 | 000,042,016 | ---- | C] (G Data Software AG) -- C:\Windows\System32\drivers\GDBehave.sys [2013.02.02 12:31:41 | 000,054,256 | ---- | C] (G Data Software AG) -- C:\Windows\System32\drivers\gdwfpcd32.sys [2013.02.02 12:30:02 | 000,000,000 | ---D | C] -- C:\ProgramData\G DATA [2013.02.02 12:30:02 | 000,000,000 | ---D | C] -- C:\Program Files\G Data [2013.02.02 12:30:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\G Data [2013.02.02 12:21:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2 [2013.02.02 12:20:58 | 000,015,224 | ---- | C] (Safer Networking Limited) -- C:\Windows\System32\sdnclean.exe [2013.02.02 12:20:19 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe [2013.02.02 12:19:42 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe [2013.02.02 12:19:42 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe [2013.02.02 12:19:42 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll [2013.01.27 14:24:07 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{419F525A-09C7-471E-8544-D28A9446676E} [2013.01.26 21:15:45 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\HpUpdate [2013.01.26 21:15:41 | 000,000,000 | ---D | C] -- C:\Windows\Hewlett-Packard [2013.01.26 20:40:04 | 000,000,000 | R--D | C] -- C:\Backup [2013.01.26 20:36:43 | 000,088,632 | ---- | C] (Infowatch) -- C:\Windows\System32\drivers\CSCrySec.sys [2013.01.26 20:36:43 | 000,039,352 | ---- | C] (Infowatch) -- C:\Windows\System32\drivers\CSVirtualDiskDrv.sys [2013.01.26 20:36:39 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE [2013.01.26 20:33:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab [2013.01.26 20:03:59 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{333BE956-A077-4F27-A6FD-0A16C79D1BF6} [2013.01.26 18:23:58 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Malwarebytes [2013.01.26 18:23:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.01.26 17:59:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2013.01.26 17:59:27 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy 2 [2013.01.26 17:59:05 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\Programs [2013.01.26 17:36:49 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{469B57C5-0D55-47D2-A6C6-20C478E322E9} [2013.01.25 12:31:27 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{BE7D14CE-59E9-438B-8D66-85DFBF2DA942} [2013.01.24 21:30:34 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{58A625A3-68DA-4BDD-B82E-E3F6385458FF} [2013.01.24 21:24:36 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\Diagnostics [2013.01.24 21:22:04 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{0E6DC8BD-DF5F-49B8-86D8-B626F4383D2A} [2013.01.24 12:08:07 | 000,000,000 | ---D | C] -- C:\Users\*****\Desktop\Virensuche [2013.01.24 09:21:41 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{E22891F8-ACF9-4A98-AC48-F1570939BD8B} [2013.01.23 15:04:38 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{4B80E70B-7FF9-448A-BD60-1045499006CC} [2013.01.22 08:50:14 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{0775A2A8-620D-4D5D-8D87-6A27DEF2FBCB} [2013.01.21 13:12:51 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{7F1A629B-1309-418A-93BF-552B804841AE} [2013.01.19 11:07:32 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{275B37AF-DDBA-4D0F-B6F7-F5A94DCFBC28} [2013.01.18 22:44:45 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{354B22C8-203F-4509-BDD8-964C00C1AE12} [2013.01.18 10:44:10 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{DB236B57-7AE0-48C7-94BA-5F25569ECB4F} [2013.01.17 22:43:35 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{7239AA8A-5AB0-432F-856A-1D47ED58623F} [2013.01.17 10:43:12 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{30E94A3C-73B2-4246-9176-6716628620A3} [2013.01.16 15:35:23 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{12BDB702-C24E-421F-8365-41937C862C49} ========== Files - Modified Within 30 Days ========== [2013.02.14 14:45:23 | 000,654,166 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.02.14 14:45:23 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.02.14 14:45:23 | 000,130,006 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.02.14 14:45:23 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.02.14 14:45:14 | 000,014,816 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.02.14 14:45:14 | 000,014,816 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.02.14 14:38:18 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.02.14 14:37:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.02.14 14:37:56 | 2411,679,744 | -HS- | M] () -- C:\hiberfil.sys [2013.02.14 14:32:01 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.02.14 09:57:02 | 000,978,711 | ---- | M] () -- C:\Windows\System32\sig.bin [2013.02.14 09:57:02 | 000,052,040 | ---- | M] () -- C:\Windows\System32\nmp.map [2013.02.14 00:49:07 | 000,000,225 | ---- | M] () -- C:\Users\*****\Desktop\Passwörter wurden ausspioniert - Trojaner-Board.url [2013.02.14 00:48:13 | 000,000,166 | ---- | M] () -- C:\Users\*****\Desktop\Google.url [2013.02.13 09:36:43 | 000,297,248 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2013.02.10 15:50:18 | 000,000,680 | RHS- | M] () -- C:\Users\*****\ntuser.pol [2013.02.09 20:38:03 | 000,015,600 | ---- | M] (G Data Software) -- C:\Windows\System32\drivers\GdPhyMem.sys [2013.02.09 20:35:47 | 000,030,416 | ---- | M] (G Data Software) -- C:\Windows\System32\drivers\GRD.sys [2013.02.05 19:37:47 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\*****\Desktop\OTL.exe [2013.02.02 12:53:23 | 000,051,616 | ---- | M] (G Data Software AG) -- C:\Windows\System32\drivers\PktIcpt.sys [2013.02.02 12:51:37 | 000,050,080 | ---- | M] (G Data Software AG) -- C:\Windows\System32\drivers\HookCentre.sys [2013.02.02 12:51:19 | 000,093,600 | ---- | M] (G Data Software AG) -- C:\Windows\System32\drivers\MiniIcpt.sys [2013.02.02 12:51:19 | 000,042,016 | ---- | M] (G Data Software AG) -- C:\Windows\System32\drivers\GDBehave.sys [2013.02.02 12:51:13 | 000,054,256 | ---- | M] (G Data Software AG) -- C:\Windows\System32\drivers\gdwfpcd32.sys [2013.02.02 12:19:06 | 000,094,112 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll [2013.02.02 12:19:05 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll [2013.02.02 12:19:05 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll [2013.02.02 12:19:05 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe [2013.02.02 12:19:05 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe [2013.02.02 12:19:05 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe [2013.01.26 20:40:09 | 000,017,408 | ---- | M] () -- C:\Users\*****\AppData\Local\WebpageIcons.db [2013.01.26 20:11:12 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt [2013.01.17 01:28:58 | 000,232,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe ========== Files Created - No Company Name ========== [2013.02.14 00:49:07 | 000,000,225 | ---- | C] () -- C:\Users\*****\Desktop\Passwörter wurden ausspioniert - Trojaner-Board.url [2013.02.14 00:48:13 | 000,000,166 | ---- | C] () -- C:\Users\*****\Desktop\Google.url [2013.02.10 15:48:30 | 000,000,680 | RHS- | C] () -- C:\Users\*****\ntuser.pol [2013.02.09 20:31:55 | 000,001,037 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk [2013.02.04 09:07:59 | 000,978,711 | ---- | C] () -- C:\Windows\System32\sig.bin [2013.02.04 09:07:59 | 000,052,040 | ---- | C] () -- C:\Windows\System32\nmp.map [2013.02.02 12:21:03 | 000,002,141 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk [2013.01.26 20:40:07 | 000,017,408 | ---- | C] () -- C:\Users\*****\AppData\Local\WebpageIcons.db [2013.01.01 15:25:54 | 000,235,153 | ---- | C] () -- C:\Windows\hpoins21.dat.temp [2013.01.01 15:25:54 | 000,005,474 | ---- | C] () -- C:\Windows\hpomdl21.dat.temp [2012.11.28 14:17:18 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll [2012.11.28 14:17:18 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll [2012.11.28 14:17:18 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll [2012.11.28 14:17:18 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll [2012.05.27 13:29:09 | 000,008,192 | ---- | C] () -- C:\Users\*****\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.05.17 18:33:06 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2012.05.17 18:09:11 | 000,000,412 | ---- | C] () -- C:\Users\*****\AppData\Roaming\All CPU Meter_Settings.ini ========== ZeroAccess Check ========== [2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both < End of report > Code:
ATTFilter OTL Extras logfile created on: 14.02.2013 14:42:17 - Run 4 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\*****\Desktop Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,99 Gb Total Physical Memory | 1,86 Gb Available Physical Memory | 61,97% Memory free 5,99 Gb Paging File | 4,58 Gb Available in Paging File | 76,56% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 119,24 Gb Total Space | 23,06 Gb Free Space | 19,34% Space Free | Partition Type: NTFS Computer Name: *****-PC | User Name: ***** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- Reg Error: Key error. http [open] -- Reg Error: Key error. https [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.) "C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.) "C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.) "C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.) ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0A84420F-B04C-4087-A047-27D00A8A9764}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{11F0EA6F-9778-4460-B578-8FBFF8B7E234}" = lport=10243 | protocol=6 | dir=in | app=system | "{137D6561-0BB8-4158-BA2A-48202B5F14BE}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{1B452893-888A-4E9C-9BA7-2D8D6C89433F}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{2B3BFC16-722B-4F67-AC6A-71A8F8FF205A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{3BBEFB7D-363B-4BDA-9C3C-16E4AC4377EF}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{52410FC5-69F3-4958-8AB5-58ED285A7130}" = rport=137 | protocol=17 | dir=out | app=system | "{56A007D6-1B31-4FD2-8EE6-E1856981F27A}" = rport=138 | protocol=17 | dir=out | app=system | "{600DC1FE-2FCF-4B12-BD7A-9D73B9EE06D5}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{60320153-7FB4-43B6-BA0C-747C36C91CB6}" = rport=445 | protocol=6 | dir=out | app=system | "{6B74E9B7-B0F5-4966-80B3-DDDFF2702C9B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{6FA232FD-09A1-4441-8B36-7DBDE80AAF83}" = rport=10243 | protocol=6 | dir=out | app=system | "{7821DC69-AF78-434F-910C-3F147A7D408A}" = lport=445 | protocol=6 | dir=in | app=system | "{7A56CB1D-DF8D-44F4-B808-A46C8450A4ED}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{7E86921C-109F-4421-BC0B-5E78A488F807}" = lport=137 | protocol=17 | dir=in | app=system | "{9CC84DC0-A7ED-4FAC-B19E-86BD003D5BAE}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{A22D4EE3-661F-4F95-A555-1CBB9B36DB73}" = lport=138 | protocol=17 | dir=in | app=system | "{A56F50FF-1DC8-4093-BBB4-95D943FA5648}" = lport=2869 | protocol=6 | dir=in | app=system | "{AE19FE74-F3C4-491C-8915-6C939306279E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{B63981ED-7765-463E-9CD7-D868F2BDE1E2}" = lport=139 | protocol=6 | dir=in | app=system | "{C2E5FC89-2CD6-4F3E-988B-0A6AD927DF73}" = rport=139 | protocol=6 | dir=out | app=system | "{D1D91DB5-41D9-444A-8B56-D4E386AAA6E3}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{E063D58E-A535-4657-AA2C-D876227DBFB9}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe | "{E726C57E-2A7B-448D-95D3-A1B5046AF0C4}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{FE4BB067-0018-4F47-8F3C-ADB03920A0B0}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{FF2BADAB-3098-4FF6-BC86-B2AF867D3BBD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0BE2EF37-1C59-4DDD-B09C-A21EE7235751}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{108FF9AB-6524-45DF-8E8C-A7F82DFC2461}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe | "{142C24BB-FADF-4E49-9EDA-4EDB0E7E96BC}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe | "{1A0B6CEB-1ECB-43C3-B277-831C288BA366}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe | "{2030B3E7-1920-44E0-810E-83EBC21602C9}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe | "{26D809E2-DA29-457A-A3AC-1E120C83E470}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe | "{29932379-7596-4EF6-AC50-80C70A4916AD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{36D9C0CF-FFEA-4E00-A7A0-AD59B0561585}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{3A910840-2A13-46CB-B63A-1041B8C7BF7D}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqfxt08.exe | "{3AFC0E9A-9246-4413-BC19-33D30BA6F5B4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{3BED2BF4-DC6A-4572-BC5C-DA10A5E5C08C}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{413FE9F2-F6C6-40C1-AA7A-C08E5965CF8F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{4210D9D6-7929-4285-8301-E43E81156DB6}" = dir=in | app=c:\users\*****\appdata\local\temp\7zs09d9\setup\hpznui01.exe | "{4235E927-C2AA-46D5-914F-EFB132216FA9}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{49644D6A-1329-4046-A6D5-78B592538738}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe | "{50903C2D-0D5F-45CA-AB1E-37F098713F05}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqnrs08.exe | "{5316E9B3-67BE-42B0-8751-0634653FFF72}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe | "{537BFE40-B67A-4D25-A320-F2F8337D99DC}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe | "{568A4EF4-C2BA-4BB3-BB78-E780738A59EF}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqcopy2.exe | "{5ACFB9A6-BEC4-4C69-8A93-C690D270F665}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{5C6007A2-AD45-40D6-9D94-D8EA5895ED18}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{604C6807-CA45-4ABF-9577-E64FA1E080D9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{635CC938-D1BB-4682-B116-F24FF387B304}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpsapp.exe | "{6C90B9E2-23C3-4C0B-9082-F77F82EBEE52}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe | "{700D8122-422B-4077-A77E-D167A0FF23CB}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version8\teamviewer.exe | "{715BB109-54FB-44A4-85C5-C6B083819F0F}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe | "{717F60AD-2B64-45AB-BB60-3499DD53253C}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version8\teamviewer_service.exe | "{7629CF9C-522B-46D0-96DF-59DB5F262987}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpse.exe | "{7BF2B8E6-945C-4323-8CB3-9493A19645EF}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxm08.exe | "{7D1B6132-E5C3-47C1-BA8B-64BD04ADF852}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposfx08.exe | "{8659745D-90D5-433A-8EFE-0579BC58B3B2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{8B03BABE-36C1-4304-A7C2-CA9BB9700B41}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{946A9EED-BE68-4D4C-A684-BA8B7A3A7FA6}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe | "{94D83CFD-9156-4F4C-A58F-4E37DBF98197}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe | "{956B1363-7367-44F9-A06B-9B816241F611}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe | "{97F6D864-4F68-4A6D-8318-6036938DA508}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{B4ECFCAF-C924-4F87-9D15-985F5212BD78}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe | "{B8124FCC-11D3-46AF-BAAE-68F9BFB4A7AA}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | "{BA773D34-4FE4-488E-B4F6-ED744B4E290C}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version8\teamviewer.exe | "{BD1A4A52-4A3F-4CD0-98CB-56E6B8E1C819}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxs08.exe | "{BF0416CC-F8C9-40C0-BD6D-4BD97E564BEC}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{C044AF74-34CE-4A39-9492-44498A116EA1}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{C261FAD8-AD18-47F1-8573-6C47700F7D36}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{C5B23440-7CE9-4DB5-8B1A-D089453F9CD4}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqsudi.exe | "{C6E27D6F-938E-4566-BB58-BB5CBB9CB0A7}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpzwiz01.exe | "{CE0EC241-56B3-4094-9BBE-E8208B8D7AFB}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe | "{D7870A47-3499-42B6-ABBD-EBB675E42448}" = protocol=6 | dir=out | app=system | "{D9D563F8-5EBF-495D-8C53-DCDBF4E9F3C0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{E01CB880-89DA-4DFB-8EFD-1A46680854C6}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe | "{EDD9C10D-32A3-408D-B4AC-544FE3789867}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version8\teamviewer_service.exe | "TCP Query User{068893AA-65A6-439F-8E90-28256D7F7B30}C:\program files\myphoneexplorer\myphoneexplorer.exe" = protocol=6 | dir=in | app=c:\program files\myphoneexplorer\myphoneexplorer.exe | "TCP Query User{1A45C8D5-14F1-4A19-A416-7DE613177E76}C:\program files\amazon\utilities\amazon music importer\amazon music importer.exe" = protocol=6 | dir=in | app=c:\program files\amazon\utilities\amazon music importer\amazon music importer.exe | "TCP Query User{543A16C7-F6EB-4EB7-960D-48D23ED01E59}C:\program files\myphoneexplorer\myphoneexplorer.exe" = protocol=6 | dir=in | app=c:\program files\myphoneexplorer\myphoneexplorer.exe | "UDP Query User{A955192C-C0D3-4BAB-A14B-6A84F8693F4F}C:\program files\myphoneexplorer\myphoneexplorer.exe" = protocol=17 | dir=in | app=c:\program files\myphoneexplorer\myphoneexplorer.exe | "UDP Query User{BA3B5180-A581-4CC2-BC89-085B2D930E17}C:\program files\amazon\utilities\amazon music importer\amazon music importer.exe" = protocol=17 | dir=in | app=c:\program files\amazon\utilities\amazon music importer\amazon music importer.exe | "UDP Query User{F3797955-6237-49ED-8BAA-C9541D4FD70B}C:\program files\myphoneexplorer\myphoneexplorer.exe" = protocol=17 | dir=in | app=c:\program files\myphoneexplorer\myphoneexplorer.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{04A3A6B0-8E19-49BB-82FF-65C5A55F917D}" = Acronis*True*Image*Home 2011 "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager "{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser "{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger "{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1 "{26A24AE4-039D-4CA4-87B4-2F83217013FF}" = Java 7 Update 13 "{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth "{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver "{32364CEA-7855-4A3C-B674-53D8E9B97936}" = TuneUp Utilities 2012 "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer "{71A51B59-E7D3-11DB-A386-005056C00008}" = Namuga 1.3M Webcam "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer "{86107E2D-DFB9-46BC-99ED-07EACAEE0923}" = G Data InternetSecurity 2013 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{942E5031-2BD6-4C1B-918C-C8A1CBAE7B8C}" = Microsoft IntelliPoint 8.2 "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{98823CC0-51DA-565C-FF90-DCC72D47BD24}" = Amazon Music Importer "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AB77DFDE-9949-4AEF-B180-BE322C3E65D0}" = HTC Sync "{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter "{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie "{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail "{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy "{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common "{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant "{CE026CFE-73FE-4FED-9D5F-2C8D4DB512B0}" = TuneUp Utilities Language Pack (de-DE) "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger "{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0 "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials "7-Zip" = 7-Zip 9.20 "Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.17 "Ashampoo Burning Studio Elements_is1" = Ashampoo Burning Studio Elements 10.0.9 "AudibleManager" = AudibleManager "com.amazon.music.uploader" = Amazon Music Importer "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2 "MPE" = MyPhoneExplorer "Notebook Hardware Control" = Notebook Hardware Control 2.0 Pre-Release-06 Bugfix "NVIDIA Drivers" = NVIDIA Drivers "Secunia PSI" = Secunia PSI (3.0.0.6001) "SynTPDeinstKey" = Synaptics Pointing Device Driver "TeamViewer 8" = TeamViewer 8 "TuneUp Utilities 2012" = TuneUp Utilities 2012 "WinLiveSuite" = Windows Live Essentials ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 25.01.2013 07:09:23 | Computer Name = *****-PC | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\HTC\HTC Sync 3.0\FDAgentForOutlook64.exe". Die abhängige Assemblierung "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 27.01.2013 06:07:52 | Computer Name = *****-PC | Source = MsiInstaller | ID = 10005 Description = Error - 27.01.2013 06:08:22 | Computer Name = *****-PC | Source = MsiInstaller | ID = 11310 Description = Error - 27.01.2013 08:48:50 | Computer Name = *****-PC | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\HTC\HTC Sync 3.0\FDAgentForOutlook64.exe". Die abhängige Assemblierung "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 27.01.2013 10:57:20 | Computer Name = *****-PC | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\HTC\HTC Sync 3.0\FDAgentForOutlook64.exe". Die abhängige Assemblierung "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 27.01.2013 13:19:05 | Computer Name = *****-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: DrvInst.exe, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc04d Name des fehlerhaften Moduls: hpzids01.dll, Version: 13.0.338.0, Zeitstempel: 0x4a1cc51a Ausnahmecode: 0xc0000417 Fehleroffset: 0x0002641a ID des fehlerhaften Prozesses: 0x874 Startzeit der fehlerhaften Anwendung: 0x01cdfcb23464e4d5 Pfad der fehlerhaften Anwendung: C:\Windows\system32\DrvInst.exe Pfad des fehlerhaften Moduls: C:\Windows\system32\hpzids01.dll Berichtskennung: a69a6a1b-68a5-11e2-8f30-0013776f6455 Error - 09.02.2013 15:37:08 | Computer Name = *****-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7601.17567, Zeitstempel: 0x4d6727a7 Name des fehlerhaften Moduls: SHELL32.dll, Version: 6.1.7601.17859, Zeitstempel: 0x4fd2d1d9 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0004b1f3 ID des fehlerhaften Prozesses: 0xc14 Startzeit der fehlerhaften Anwendung: 0x01ce06fbd5306a78 Pfad der fehlerhaften Anwendung: C:\Windows\Explorer.EXE Pfad des fehlerhaften Moduls: C:\Windows\system32\SHELL32.dll Berichtskennung: 169dd464-72f0-11e2-b6dd-0013776f6455 Error - 09.02.2013 15:37:12 | Computer Name = *****-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7601.17567, Zeitstempel: 0x4d6727a7 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel: 0x4ec49b60 Ausnahmecode: 0xc015000f Fehleroffset: 0x00083fbe ID des fehlerhaften Prozesses: 0xc14 Startzeit der fehlerhaften Anwendung: 0x01ce06fbd5306a78 Pfad der fehlerhaften Anwendung: C:\Windows\Explorer.EXE Pfad des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: 1903f76b-72f0-11e2-b6dd-0013776f6455 Error - 09.02.2013 15:37:25 | Computer Name = *****-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: explorer.exe, Version: 6.1.7601.17567, Zeitstempel: 0x4d6727a7 Name des fehlerhaften Moduls: SHELL32.dll, Version: 6.1.7601.17859, Zeitstempel: 0x4fd2d1d9 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0004b1f3 ID des fehlerhaften Prozesses: 0x1cb0 Startzeit der fehlerhaften Anwendung: 0x01ce06fcdd762649 Pfad der fehlerhaften Anwendung: C:\Windows\explorer.exe Pfad des fehlerhaften Moduls: C:\Windows\system32\SHELL32.dll Berichtskennung: 211d45fa-72f0-11e2-b6dd-0013776f6455 Error - 09.02.2013 15:37:29 | Computer Name = *****-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: explorer.exe, Version: 6.1.7601.17567, Zeitstempel: 0x4d6727a7 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel: 0x4ec49b60 Ausnahmecode: 0xc015000f Fehleroffset: 0x00083fbe ID des fehlerhaften Prozesses: 0x1cb0 Startzeit der fehlerhaften Anwendung: 0x01ce06fcdd762649 Pfad der fehlerhaften Anwendung: C:\Windows\explorer.exe Pfad des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: 23516c1b-72f0-11e2-b6dd-0013776f6455 [ Media Center Events ] Error - 19.06.2012 09:49:58 | Computer Name = *****-PC | Source = MCUpdate | ID = 0 Description = 15:49:57 - MCEClientUX konnte nicht abgerufen werden (Fehler: Die zugrunde liegende Verbindung wurde geschlossen: Für den geschützten SSL/TLS-Kanal konnte keine Vertrauensstellung hergestellt werden..) Error - 19.06.2012 09:50:02 | Computer Name = *****-PC | Source = MCUpdate | ID = 0 Description = 15:49:59 - Broadband konnte nicht abgerufen werden (Fehler: Die zugrunde liegende Verbindung wurde geschlossen: Für den geschützten SSL/TLS-Kanal konnte keine Vertrauensstellung hergestellt werden..) Error - 19.06.2012 10:51:23 | Computer Name = *****-PC | Source = MCUpdate | ID = 0 Description = 16:51:23 - Directory konnte nicht abgerufen werden (Fehler: Die zugrunde liegende Verbindung wurde geschlossen: Für den geschützten SSL/TLS-Kanal konnte keine Vertrauensstellung hergestellt werden..) Error - 19.06.2012 10:51:26 | Computer Name = *****-PC | Source = MCUpdate | ID = 0 Description = 16:51:25 - MCESpotlight konnte nicht abgerufen werden (Fehler: Die zugrunde liegende Verbindung wurde geschlossen: Für den geschützten SSL/TLS-Kanal konnte keine Vertrauensstellung hergestellt werden..) Error - 19.06.2012 10:51:28 | Computer Name = *****-PC | Source = MCUpdate | ID = 0 Description = 16:51:27 - MCEClientUX konnte nicht abgerufen werden (Fehler: Die zugrunde liegende Verbindung wurde geschlossen: Für den geschützten SSL/TLS-Kanal konnte keine Vertrauensstellung hergestellt werden..) Error - 19.06.2012 10:51:29 | Computer Name = *****-PC | Source = MCUpdate | ID = 0 Description = 16:51:29 - Broadband konnte nicht abgerufen werden (Fehler: Die zugrunde liegende Verbindung wurde geschlossen: Für den geschützten SSL/TLS-Kanal konnte keine Vertrauensstellung hergestellt werden..) Error - 19.06.2012 11:52:50 | Computer Name = *****-PC | Source = MCUpdate | ID = 0 Description = 17:52:50 - Directory konnte nicht abgerufen werden (Fehler: Die zugrunde liegende Verbindung wurde geschlossen: Für den geschützten SSL/TLS-Kanal konnte keine Vertrauensstellung hergestellt werden..) Error - 19.06.2012 11:52:53 | Computer Name = *****-PC | Source = MCUpdate | ID = 0 Description = 17:52:52 - MCESpotlight konnte nicht abgerufen werden (Fehler: Die zugrunde liegende Verbindung wurde geschlossen: Für den geschützten SSL/TLS-Kanal konnte keine Vertrauensstellung hergestellt werden..) Error - 19.06.2012 11:52:54 | Computer Name = *****-PC | Source = MCUpdate | ID = 0 Description = 17:52:53 - MCEClientUX konnte nicht abgerufen werden (Fehler: Die zugrunde liegende Verbindung wurde geschlossen: Für den geschützten SSL/TLS-Kanal konnte keine Vertrauensstellung hergestellt werden..) Error - 19.06.2012 11:52:56 | Computer Name = *****-PC | Source = MCUpdate | ID = 0 Description = 17:52:55 - Broadband konnte nicht abgerufen werden (Fehler: Die zugrunde liegende Verbindung wurde geschlossen: Für den geschützten SSL/TLS-Kanal konnte keine Vertrauensstellung hergestellt werden..) [ Spybot - Search and Destroy Events ] Error - 26.01.2013 13:21:06 | Computer Name = *****-PC | Source = SDCleaner | ID = 100 Description = LoadCleaningInstructions Error - 02.02.2013 08:16:21 | Computer Name = *****-PC | Source = SDCleaner | ID = 100 Description = LoadCleaningInstructions [ System Events ] Error - 16.11.2012 17:08:10 | Computer Name = *****-PC | Source = DCOM | ID = 10010 Description = Error - 16.11.2012 17:12:03 | Computer Name = *****-PC | Source = Service Control Manager | ID = 7031 Description = Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts. Error - 20.11.2012 12:26:27 | Computer Name = *****-PC | Source = Service Control Manager | ID = 7031 Description = Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts. Error - 24.11.2012 13:28:55 | Computer Name = *****-PC | Source = Service Control Manager | ID = 7031 Description = Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts. Error - 26.11.2012 15:49:32 | Computer Name = *****-PC | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden. Error - 26.11.2012 15:49:32 | Computer Name = *****-PC | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden. Error - 26.11.2012 15:49:32 | Computer Name = *****-PC | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden. Error - 26.11.2012 15:49:32 | Computer Name = *****-PC | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden. Error - 26.11.2012 15:49:33 | Computer Name = *****-PC | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden. Error - 03.12.2012 12:32:31 | Computer Name = *****-PC | Source = DCOM | ID = 10010 Description = < End of report > |
14.02.2013, 15:43 | #18 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Passwörter wurden ausspioniert Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren
__________________Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt: ESET Online Scanner
__________________ |
15.02.2013, 22:25 | #19 |
| Passwörter wurden ausspioniert Ergebnis = keine Funde Ergebnis = keine Funde |
16.02.2013, 17:20 | #20 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Passwörter wurden ausspioniert Die Logs bitte immer posten
__________________ Logfiles bitte immer in CODE-Tags posten |
Themen zu Passwörter wurden ausspioniert |
acrobat update, adobe, antivir, antivirus, ausspioniert, bho, e-mail, e-mail anhang, explorer, firewall, flash player, g-data, google, hijackthis, internet, internet explorer, kaspersky, logfile, nvidia, object, plug-in, programme, rundll, security, smartbar, software, system, windows |