| |
| |||||||
Mülltonne: 2x | Groupon TrojanerWindows 7 Beiträge, die gegen unsere Regeln verstoßen haben, solche, die die Welt nicht braucht oder sonstiger Müll landet hier in der Mülltonne... |
08.03.2013, 00:59
| #1 |
 |  2x | Groupon Trojaner Hallo, schlimm, dass ich die Groupon Rechnung geöffnet habe...einen Quick-Scan habe ich bereits durchgeführt, während der komplette Virenscan noch läuft. Hier das Ergebnis des Quick-Scan (über 100 Funde - durchgängig pup.blabbers  ):Malwarebytes Anti-Malware (Test) 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.03.07.14 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 ulrike :: ULRIKE-PC [Administrator] Schutz: Aktiviert 08.03.2013 00:16:42 MBAM-log-2013-03-08 (00-30-24).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 225388 Laufzeit: 12 Minute(n), 39 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 24 HKCR\CLSID\{00cbb66b-1d3b-46d3-9577-323a336acb50} (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCR\TypeLib\{8830DDF0-3042-404D-A62C-384A85E34833} (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCR\Interface\{817923CB-4744-4216-B250-CF7EDA8F1767} (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCR\wit4ie.WitBHO.2 (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCR\wit4ie.WitBHO (PUP.Blabbers) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00CBB66B-1D3B-46D3-9577-323A336ACB50} (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00CBB66B-1D3B-46D3-9577-323A336ACB50} (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00CBB66B-1D3B-46D3-9577-323A336ACB50} (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCR\CLSID\{5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCR\TypeLib\{830B56CB-FD22-44AA-9887-7898F4F4158D} (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCR\tdataprotocol.CTData.1 (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCR\tdataprotocol.CTData (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCR\CLSID\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCR\TypeLib\{955B782E-CDC8-4CEE-B6F6-AD7D541A8D8A} (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCR\Interface\{9F0C17EB-EF2C-4278-9136-2D547656BC03} (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCR\updatebho.TimerBHO.1 (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCR\updatebho.TimerBHO (PUP.Blabbers) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BrowserCompanion (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCR\PROTOCOLS\HANDLER\BASE64 (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCR\PROTOCOLS\HANDLER\CHROME (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCR\PROTOCOLS\HANDLER\PROX (PUP.Blabbers) -> Keine Aktion durchgeführt. Infizierte Registrierungswerte: 3 HKCR\protocols\Handler\base64|CLSID (PUP.Blabbers) -> Daten: {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} -> Keine Aktion durchgeführt. HKCR\protocols\Handler\chrome|CLSID (PUP.Blabbers) -> Daten: {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} -> Keine Aktion durchgeführt. HKCR\protocols\Handler\prox|CLSID (PUP.Blabbers) -> Daten: {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} -> Keine Aktion durchgeführt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 4 C:\Program Files\BrowserCompanion (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\ulrike\AppData\LocalLow\bbrs_002.tb (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\ulrike\AppData\LocalLow\bbrs_002.tb\content (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\ulrike\AppData\LocalLow\bbrs_002.tb\content\cache (PUP.Blabbers) -> Keine Aktion durchgeführt. Infizierte Dateien: 76 C:\Program Files\BrowserCompanion\jsloader.dll (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Program Files\BrowserCompanion\tdataprotocol.dll (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Program Files\BrowserCompanion\updatebhoWin32.dll (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Program Files\installer_wavelab_Deutsch_Deutsch.exe (PUP.SmsPay.pns) -> Keine Aktion durchgeführt. C:\Program Files\BrowserCompanion\blabbers-ff-full.xpi (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Program Files\BrowserCompanion\blabbers-ch.crx (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Program Files\BrowserCompanion\logo.ico (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Program Files\BrowserCompanion\terms.lnk.url (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Program Files\BrowserCompanion\toolbar.dll (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Program Files\BrowserCompanion\uninstall.exe (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Program Files\BrowserCompanion\updater.ini (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Program Files\BrowserCompanion\widgetserv.exe (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\ulrike\AppData\LocalLow\bbrs_002.tb\content\BCHelper.exe (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\ulrike\AppData\LocalLow\bbrs_002.tb\content\fix2.js (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\ulrike\AppData\LocalLow\bbrs_002.tb\content\fix3.js (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\ulrike\AppData\LocalLow\bbrs_002.tb\content\fix4.js (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\ulrike\AppData\LocalLow\bbrs_002.tb\content\fixJQ1_71.js (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\ulrike\AppData\LocalLow\bbrs_002.tb\content\fixJQ1_83.js (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\ulrike\AppData\LocalLow\bbrs_002.tb\content\icon.png (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\ulrike\AppData\LocalLow\bbrs_002.tb\content\jquery4toolbar.js (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\ulrike\AppData\LocalLow\bbrs_002.tb\content\jquery4toolbar183.js (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\ulrike\AppData\LocalLow\bbrs_002.tb\content\lock.js (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\ulrike\AppData\LocalLow\bbrs_002.tb\content\witapi.js (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\ulrike\AppData\LocalLow\bbrs_002.tb\content\witmain.js (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\ulrike\AppData\LocalLow\bbrs_002.tb\content\wittoolbar.js (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\ulrike\AppData\LocalLow\bbrs_002.tb\content\witwidgetapi.js (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\ulrike\AppData\LocalLow\bbrs_002.tb\content\cache\4d3d10bd28ff623813254a49b26be41f (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\ulrike\AppData\LocalLow\bbrs_002.tb\content\cache\0324adea3b6ec02af09ea4ae9424591b (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\ulrike\AppData\LocalLow\bbrs_002.tb\content\cache\0324adea3b6ec02af09ea4ae9424591b_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\ulrike\AppData\LocalLow\bbrs_002.tb\content\cache\24779e9d2de93d13d7e07b527a1684d4 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\ulrike\AppData\LocalLow\bbrs_002.tb\content\cache\24779e9d2de93d13d7e07b527a1684d4_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\ulrike\AppData\LocalLow\bbrs_002.tb\content\cache\292124057d00cb0fa73db6b90d079658 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\ulrike\AppData\LocalLow\bbrs_002.tb\content\cache\292124057d00cb0fa73db6b90d079658_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\ulrike\AppData\LocalLow\bbrs_002.tb\content\cache\2a86ac4f3322238b4f27d14a09839275 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\ulrike\AppData\LocalLow\bbrs_002.tb\content\cache\2a86ac4f3322238b4f27d14a09839275_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\ulrike\AppData\LocalLow\bbrs_002.tb\content\cache\3b6b74d5a92c729ce36a9d055d3db8e9 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\ulrike\AppData\LocalLow\bbrs_002.tb\content\cache\3b6b74d5a92c729ce36a9d055d3db8e9_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\ulrike\AppData\LocalLow\bbrs_002.tb\content\cache\a74277a9a3c0203a3093f810f43fbc11 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\ulrike\AppData\LocalLow\bbrs_002.tb\content\cache\a74277a9a3c0203a3093f810f43fbc11_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\ulrike\AppData\LocalLow\bbrs_002.tb\content\cache\a7e0abb80dabcdbb6dbaec920aa126a0 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\ulrike\AppData\LocalLow\bbrs_002.tb\content\cache\a7e0abb80dabcdbb6dbaec920aa126a0_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\ulrike\AppData\LocalLow\bbrs_002.tb\content\cache\bf73732e1f0b76bac435293ba3880579 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\ulrike\AppData\LocalLow\bbrs_002.tb\content\cache\bf73732e1f0b76bac435293ba3880579_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\ulrike\AppData\LocalLow\bbrs_002.tb\content\cache\d89bfd841403290d610bcf662008b443 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\ulrike\AppData\LocalLow\bbrs_002.tb\content\cache\d89bfd841403290d610bcf662008b443_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\ulrike\AppData\LocalLow\bbrs_002.tb\content\cache\e02b35320e5111f1b626466c13c70a0a (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\ulrike\AppData\LocalLow\bbrs_002.tb\content\cache\e02b35320e5111f1b626466c13c70a0a_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\ulrike\AppData\LocalLow\bbrs_002.tb\content\cache\e72174145ae7671ff95578a2089c26b2 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\ulrike\AppData\LocalLow\bbrs_002.tb\content\cache\e72174145ae7671ff95578a2089c26b2_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\ulrike\AppData\LocalLow\bbrs_002.tb\content\cache\e919434ec29526b28593c426e4264271 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\ulrike\AppData\LocalLow\bbrs_002.tb\content\cache\e919434ec29526b28593c426e4264271_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\ulrike\AppData\LocalLow\bbrs_002.tb\content\cache\4d3d10bd28ff623813254a49b26be41f_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\ulrike\AppData\LocalLow\bbrs_002.tb\content\cache\5f4ce27504a73ff97d1936c597c769e5 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\ulrike\AppData\LocalLow\bbrs_002.tb\content\cache\5f4ce27504a73ff97d1936c597c769e5_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\ulrike\AppData\LocalLow\bbrs_002.tb\content\cache\6ff6ea009817b27df633b37777d528cd (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\ulrike\AppData\LocalLow\bbrs_002.tb\content\cache\6ff6ea009817b27df633b37777d528cd_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\ulrike\AppData\LocalLow\bbrs_002.tb\content\cache\72891ec935a3d247f2da6562ef29a005 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\ulrike\AppData\LocalLow\bbrs_002.tb\content\cache\72891ec935a3d247f2da6562ef29a005_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\ulrike\AppData\LocalLow\bbrs_002.tb\content\cache\8a8dc36effa0a0300d6fb1a383936a49 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\ulrike\AppData\LocalLow\bbrs_002.tb\content\cache\8a8dc36effa0a0300d6fb1a383936a49_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\ulrike\AppData\LocalLow\bbrs_002.tb\content\cache\8ffbb13aa6f702b0cafab391f90d1db7 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\ulrike\AppData\LocalLow\bbrs_002.tb\content\cache\8ffbb13aa6f702b0cafab391f90d1db7_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\ulrike\AppData\LocalLow\bbrs_002.tb\content\cache\a38dbdd1af07f4236d43e8fd995f57a6 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\ulrike\AppData\LocalLow\bbrs_002.tb\content\cache\a38dbdd1af07f4236d43e8fd995f57a6_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\ulrike\AppData\LocalLow\bbrs_002.tb\content\cache\a4cc6ab573e4a5fee2a418e22d3c14dc (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\ulrike\AppData\LocalLow\bbrs_002.tb\content\cache\a4cc6ab573e4a5fee2a418e22d3c14dc_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\ulrike\AppData\LocalLow\bbrs_002.tb\content\cache\ece5f266221b5245c6e3d7e27ddee963 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\ulrike\AppData\LocalLow\bbrs_002.tb\content\cache\ece5f266221b5245c6e3d7e27ddee963_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\ulrike\AppData\LocalLow\bbrs_002.tb\content\cache\ece71b71690fad200cbed95871ef4bb2 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\ulrike\AppData\LocalLow\bbrs_002.tb\content\cache\ece71b71690fad200cbed95871ef4bb2_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\ulrike\AppData\LocalLow\bbrs_002.tb\content\cache\f03527c67e08602d2e4c18ae7867300d (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\ulrike\AppData\LocalLow\bbrs_002.tb\content\cache\f03527c67e08602d2e4c18ae7867300d_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\ulrike\AppData\LocalLow\bbrs_002.tb\content\cache\fa74672918974682c82b8d91dfbe0d6b (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\ulrike\AppData\LocalLow\bbrs_002.tb\content\cache\fa74672918974682c82b8d91dfbe0d6b_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\ulrike\AppData\LocalLow\bbrs_002.tb\content\cache\ff4d692d5e7cccbc4b3e9ef4062b1c6f (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\ulrike\AppData\LocalLow\bbrs_002.tb\content\cache\ff4d692d5e7cccbc4b3e9ef4062b1c6f_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. (Ende) 1000 Dank für Hilfe! Zur Erläuterung: Ich habe gestern Abend die gezippte Fake Rechnung von Groupon geöffnet. Dies ergab eine MS-DOS Datei. Deren Öffnen gelang nicht bzw. es erschien ein Warnhinweis, dass solche Dateien das System schädigen könnten. Dann erst ging ich ins Web und fand die Info, dass es sich um einen Verschlüsselungstrojaner handelt. Heute Abend erst kann ich weiter daran arbeiten. Und hier die Fortsetzung meiner Bemühungen, den Schaden zu begrenzen oder zu beheben: Defogger fand nichts. Das Resultat von OTL:OTL Logfile: Code:
ATTFilter OTL logfile created on: 08.03.2013 11:35:18 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\ulrike\Desktop Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,45 Gb Total Physical Memory | 1,92 Gb Available Physical Memory | 55,58% Memory free 6,90 Gb Paging File | 5,15 Gb Available in Paging File | 74,59% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 231,89 Gb Total Space | 16,32 Gb Free Space | 7,04% Space Free | Partition Type: NTFS Computer Name: ULRIKE-PC | User Name: ulrike | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.03.08 11:29:41 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\ulrike\Desktop\OTL.exe PRC - [2013.02.20 10:14:43 | 000,917,400 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe PRC - [2013.02.18 13:28:29 | 000,213,384 | ---- | M] (Google Inc.) -- C:\Programme\Google\Update\1.3.21.135\GoogleCrashHandler.exe PRC - [2013.02.08 14:55:20 | 001,644,680 | ---- | M] (Ask) -- C:\Programme\Ask.com\Updater\Updater.exe PRC - [2013.01.20 20:29:18 | 028,539,272 | ---- | M] (Dropbox, Inc.) -- C:\Users\ulrike\AppData\Roaming\Dropbox\bin\Dropbox.exe PRC - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.12.14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2012.11.30 03:55:25 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2012.11.23 03:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2012.11.08 00:37:37 | 001,990,464 | ---- | M] (COMODO) -- C:\Programme\COMODO\COMODO Internet Security\cmdagent.exe PRC - [2012.11.08 00:37:11 | 006,756,048 | ---- | M] (COMODO) -- C:\Programme\COMODO\COMODO Internet Security\cfp.exe PRC - [2012.11.02 15:37:08 | 001,668,720 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Mouse and Keyboard Center\ipoint.exe PRC - [2012.11.02 15:37:08 | 001,093,232 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Mouse and Keyboard Center\itype.exe PRC - [2012.10.02 12:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe PRC - [2012.01.23 16:51:12 | 000,687,168 | ---- | M] (ToolKit Development, Ltd.) -- C:\Programme\ToolKitService\toolkitservice.exe PRC - [2011.10.26 09:15:47 | 005,361,272 | ---- | M] (SlySoft, Inc.) -- C:\Programme\SlySoft\AnyDVD\AnyDVDtray.exe PRC - [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010.11.20 13:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2009.10.05 19:40:40 | 000,076,288 | ---- | M] (Smith Micro Software, Inc.) -- C:\Programme\Dell\Dell ControlPoint\Connection Manager\SMManager.exe PRC - [2009.08.29 07:00:12 | 000,966,656 | ---- | M] () -- C:\Users\ulrike\Local Settings\Apps\F.lux\flux.exe PRC - [2009.08.14 12:30:56 | 000,015,872 | ---- | M] (Broadcom Corporation) -- C:\Programme\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe PRC - [2009.08.11 16:09:52 | 000,582,944 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe PRC - [2009.08.07 05:29:36 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe PRC - [2009.08.01 01:16:12 | 000,458,844 | ---- | M] (IDT, Inc.) -- C:\Programme\IDT\WDM\sttray.exe PRC - [2009.08.01 01:16:12 | 000,221,266 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_450b431403c091e3\stacsv.exe PRC - [2009.07.16 12:10:22 | 000,382,752 | ---- | M] (Dell Inc.) -- c:\Programme\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe PRC - [2009.06.26 09:26:20 | 000,026,984 | ---- | M] (Broadcom Corporation) -- C:\Programme\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe PRC - [2009.06.26 09:26:18 | 000,812,392 | ---- | M] (Broadcom Corporation) -- C:\Programme\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe PRC - [2009.06.19 23:57:40 | 000,249,856 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\DellTPad\Apoint.exe PRC - [2009.06.11 21:46:46 | 000,656,384 | ---- | M] (Dell Inc.) -- C:\Programme\Dell\Dell ControlPoint\Dell.ControlPoint.exe PRC - [2009.06.11 18:43:08 | 001,622,016 | ---- | M] (Wave Systems Corp.) -- C:\Programme\Wave Systems Corp\Trusted Drive Manager\TdmService.exe PRC - [2009.06.07 12:20:20 | 000,061,440 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\System32\NlsSrv32.exe PRC - [2009.04.27 13:40:26 | 000,293,968 | ---- | M] (Dell Inc.) -- C:\Programme\Dell\Dell ControlPoint\DCPButtonSvc.exe PRC - [2009.02.01 09:15:38 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\DellTPad\ApntEx.exe PRC - [2009.02.01 07:43:30 | 000,049,250 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\DellTPad\hidfind.exe PRC - [2008.11.24 22:56:46 | 000,054,568 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\DellTPad\ApMsgFwd.exe PRC - [2008.09.16 12:03:18 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe ========== Modules (No Company Name) ========== MOD - [2013.02.20 10:14:43 | 003,067,288 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll MOD - [2013.02.17 20:33:28 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll MOD - [2013.01.09 23:00:34 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\302207b4fa3083899fd8ab4db98cecc5\System.Management.ni.dll MOD - [2013.01.09 22:45:11 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll MOD - [2013.01.09 22:44:39 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll MOD - [2013.01.09 22:44:33 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll MOD - [2013.01.09 22:44:32 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll MOD - [2013.01.09 22:44:24 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll MOD - [2011.09.27 06:23:00 | 000,087,912 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011.09.27 06:22:40 | 001,242,472 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2011.02.28 20:42:14 | 000,652,800 | ---- | M] () -- C:\Programme\IZArc\IZArcCM.dll MOD - [2010.11.13 00:19:04 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2010.01.22 14:45:36 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Status Lib\1.6.320.13950__f25c74fcad379103\Status Lib.dll MOD - [2010.01.22 14:45:36 | 000,008,192 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\StatusInterfaces\1.6.320.13949__4ca2a925deedf37d\StatusInterfaces.dll MOD - [2009.08.29 07:00:12 | 000,966,656 | ---- | M] () -- C:\Users\ulrike\Local Settings\Apps\F.lux\flux.exe MOD - [2009.07.27 12:17:10 | 000,249,856 | ---- | M] () -- C:\Programme\Wave Systems Corp\Services Manager\DocMgr\bin\ContextMenuItem.dll MOD - [2009.07.27 12:15:32 | 000,249,856 | ---- | M] () -- C:\Windows\System32\wxvault.dll MOD - [2009.06.03 12:07:50 | 000,010,752 | ---- | M] () -- C:\Windows\System32\Wavx_ESC_Logging.dll MOD - [2008.11.12 13:29:06 | 000,004,608 | ---- | M] () -- C:\Programme\NTRU Cryptosystems\NTRU TCG Software Stack\bin\TspPopup_DEU.dll ========== Services (SafeList) ========== SRV - [2013.02.27 19:27:55 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.02.20 10:14:43 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012.11.08 00:37:37 | 001,990,464 | ---- | M] (COMODO) [Auto | Running] -- C:\Programme\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent) SRV - [2012.10.02 12:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service) SRV - [2012.10.01 20:30:04 | 000,150,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) SRV - [2012.10.01 20:30:02 | 004,846,168 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.01.23 16:51:12 | 000,687,168 | ---- | M] (ToolKit Development, Ltd.) [Auto | Running] -- C:\Programme\ToolKitService\toolkitservice.exe -- (ToolkitSvc) SRV - [2011.03.06 10:36:31 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc) SRV - [2011.03.01 15:47:56 | 002,296,696 | ---- | M] (TeamViewer GmbH) [Disabled | Stopped] -- C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6) SRV - [2010.11.20 13:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2010.02.03 20:50:40 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2009.10.05 19:40:40 | 000,076,288 | ---- | M] (Smith Micro Software, Inc.) [Auto | Running] -- C:\Programme\Dell\Dell ControlPoint\Connection Manager\SMManager.exe -- (SMManager) SRV - [2009.08.11 16:09:52 | 000,582,944 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins) SRV - [2009.08.07 05:29:36 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) SRV - [2009.08.01 01:16:12 | 000,221,266 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_450b431403c091e3\stacsv.exe -- (STacSV) SRV - [2009.07.16 12:10:22 | 000,382,752 | ---- | M] (Dell Inc.) [Auto | Running] -- c:\Programme\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe -- (dcpsysmgrsvc) SRV - [2009.07.14 02:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc) SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2009.06.26 09:26:20 | 000,026,984 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Programme\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe -- (Credential Vault Host Storage) SRV - [2009.06.26 09:26:18 | 000,812,392 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Programme\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe -- (Credential Vault Host Control Service) SRV - [2009.06.11 18:43:08 | 001,622,016 | ---- | M] (Wave Systems Corp.) [Auto | Running] -- C:\Programme\Wave Systems Corp\Trusted Drive Manager\TdmService.exe -- (TdmService) SRV - [2009.06.07 12:20:20 | 000,061,440 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\System32\NlsSrv32.exe -- (nlsX86cc) SRV - [2009.06.03 12:15:24 | 001,019,904 | ---- | M] (Wave Systems Corp.) [On_Demand | Stopped] -- C:\Programme\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe -- (SecureStorageService) SRV - [2009.04.27 13:40:26 | 000,293,968 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Programme\Dell\Dell ControlPoint\DCPButtonSvc.exe -- (buttonsvc32) SRV - [2008.11.12 13:25:48 | 001,273,856 | ---- | M] () [Auto | Stopped] -- C:\Programme\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe -- (tcsd_win32.exe) SRV - [2008.09.16 12:03:18 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor7.0) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\NvtSp50.sys -- (NvtSp50) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\CtClsFlt.sys -- (CtClsFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\Drivers\CtAudDrv.sys -- (CtAudDrv) DRV - [2012.12.14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2012.11.08 00:37:56 | 000,082,952 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\Windows\System32\drivers\inspect.sys -- (inspect) DRV - [2012.11.08 00:37:55 | 000,036,072 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\Windows\System32\drivers\cmdhlp.sys -- (cmdHlp) DRV - [2012.11.08 00:37:54 | 000,494,416 | ---- | M] (COMODO) [File_System | System | Running] -- C:\Windows\System32\drivers\cmdGuard.sys -- (cmdGuard) DRV - [2012.11.08 00:37:52 | 000,019,632 | ---- | M] (COMODO) [File_System | System | Running] -- C:\Windows\System32\drivers\cmderd.sys -- (cmderd) DRV - [2012.08.23 15:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV - [2012.08.23 15:40:25 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2011.08.19 16:01:27 | 000,121,464 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AnyDVD.sys -- (AnyDVD) DRV - [2010.11.20 13:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus) DRV - [2010.11.20 13:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt) DRV - [2010.11.20 13:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc) DRV - [2010.11.20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010.11.20 10:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID) DRV - [2010.11.20 10:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap) DRV - [2009.11.20 05:30:42 | 000,215,088 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService) DRV - [2009.09.21 14:20:26 | 000,028,632 | ---- | M] (Intel Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\iqvw32.sys -- (NAL) DRV - [2009.09.15 20:40:18 | 006,114,816 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5s32.sys -- (NETw5s32) DRV - [2009.08.01 01:16:12 | 000,409,088 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA) DRV - [2009.07.27 12:17:56 | 000,200,192 | ---- | M] (Wave Systems Corp.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\WavxDMgr.sys -- (WavxDMgr) DRV - [2009.07.14 00:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp) DRV - [2009.07.14 00:45:20 | 000,007,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\acpials.sys -- (acpials) DRV - [2009.07.05 03:37:08 | 000,038,400 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rixdpe86.sys -- (rixdpcie) DRV - [2009.07.02 17:50:16 | 000,047,104 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rimspe86.sys -- (rimspci) DRV - [2009.07.01 04:28:28 | 000,049,152 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\risdpe86.sys -- (risdpcie) DRV - [2009.06.26 18:28:04 | 000,033,832 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\cvusbdrv.sys -- (cvusbdrv) DRV - [2009.06.26 01:58:10 | 000,048,128 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk) DRV - [2009.06.26 01:25:58 | 000,038,400 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp) DRV - [2009.06.26 01:10:48 | 000,044,544 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk) DRV - [2009.06.23 23:49:58 | 000,040,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HECI.sys -- (HECI) DRV - [2009.06.13 03:20:02 | 000,221,912 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1y6232.sys -- (e1yexpress) DRV - [2009.05.26 20:12:36 | 000,122,368 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) DRV - [2008.09.18 17:03:00 | 000,277,440 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OA001Vid.sys -- (OA001Vid) DRV - [2008.06.04 14:14:00 | 000,026,608 | ---- | M] (Dell Inc) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\PBADRV.sys -- (PBADRV) DRV - [2008.06.03 09:30:22 | 000,144,672 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OA001Ufd.sys -- (OA001Ufd) DRV - [2003.11.28 18:34:40 | 000,011,264 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\asapiW2k.sys -- (ASAPIW2K) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\URLSearchHook: {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Programme\DVDVideoSoftTB_DE\prxtbDVD0.dll (Conduit Ltd.) IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5} IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com IE - HKLM\..\SearchScopes\{F6F76182-93ED-499D-9491-EEFAEC99A3BC}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLRDF8&pc=MDDR&src=IE-SearchBox IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) IE - HKCU\..\URLSearchHook: {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Programme\DVDVideoSoftTB_DE\prxtbDVD0.dll (Conduit Ltd.) IE - HKCU\..\SearchScopes,DefaultScope = {F6F76182-93ED-499D-9491-EEFAEC99A3BC} IE - HKCU\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com IE - HKCU\..\SearchScopes\{10EDAC71-1851-473a-BE8E-5D77C8FE5129}: "URL" = hxxp://www.ask.com/web?o=101450&l=dis&q={searchTerms} IE - HKCU\..\SearchScopes\{270D5DD9-DB15-4BE4-AA02-A4CA0B7D4C4F}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=827316&p={searchTerms} IE - HKCU\..\SearchScopes\{30750DD1-EADD-4cf1-A485-C736C96936AB}: "URL" = hxxp://search.etoolkit.com/search?q={searchTerms}&id=026095263ef9335a176bdad20f0869a6065&s=p IE - HKCU\..\SearchScopes\{4327FABE-3C22-4689-8DBF-D226CF777FE9}: "URL" = hxxp://www.searchplusnetwork.com/?sp=vit4&q={searchTerms} IE - HKCU\..\SearchScopes\{90504CAF-384D-4F23-862C-B50BAA7FA1ED}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2625848 IE - HKCU\..\SearchScopes\{DB1303D6-6049-4039-A97F-2D9B890DCECB}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=9EFDB496-5468-4404-B06C-586804AAB7C5&apn_sauid=48832B91-91F7-47B3-8E5F-A5C027686EA8 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Ask.com" FF - prefs.js..browser.search.defaultthis.engineName: "NCH_DE Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3282494&SearchSource=3&q={searchTerms}&CUI=UN21438861262096308" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=827316" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "https://www.google.de/" FF - prefs.js..extensions.enabledAddons: %7BACAA314B-EEBA-48e4-AD47-84E31C44796C%7D:4.2.1.9 FF - prefs.js..extensions.enabledAddons: adblockpopups%40jessehakanen.net:0.7 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0 FF - prefs.js..extensions.enabledItems: linkuryfirefoxremoteplugin@linkury.com:1.0 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: pdfforge@mybrowserbar.com:4.3 FF - prefs.js..extensions.enabledItems: wtxpcom@mybrowserbar.com:4.3 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_171.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.15.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/Lync,version=15.0: C:\Program Files\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MIF5BA~1\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.06.27 17:06:53 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}: C:\Program Files\Common Files\DVDVideoSoft\plugins\ff\ [2013.02.19 20:51:30 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.02.20 10:14:43 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.02.23 09:13:53 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.06.27 17:06:53 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.02.20 10:14:43 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.02.23 09:13:53 | 000,000,000 | ---D | M] [2010.02.01 22:44:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ulrike\AppData\Roaming\mozilla\Extensions [2010.02.01 22:44:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ulrike\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2013.03.02 23:13:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ulrike\AppData\Roaming\mozilla\Firefox\Profiles\z8ekacuv.default\extensions [2013.02.24 19:28:59 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Users\ulrike\AppData\Roaming\mozilla\Firefox\Profiles\z8ekacuv.default\extensions\toolbar@ask.com [2013.03.02 23:13:38 | 000,134,804 | ---- | M] () (No name found) -- C:\Users\ulrike\AppData\Roaming\mozilla\firefox\profiles\z8ekacuv.default\extensions\adblockpopups@jessehakanen.net.xpi [2012.12.12 22:41:37 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\ulrike\AppData\Roaming\mozilla\firefox\profiles\z8ekacuv.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2013.02.17 20:10:23 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\ulrike\AppData\Roaming\mozilla\firefox\profiles\z8ekacuv.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013.02.20 10:14:39 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2013.02.20 10:14:39 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013.03.08 11:17:45 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\updated\extensions [2013.03.08 11:17:45 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\updated\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013.03.08 11:17:51 | 000,000,000 | ---D | M] (Default) -- C:\Programme\Mozilla Firefox\updated\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2013.02.20 10:14:43 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011.09.08 20:13:51 | 000,906,360 | ---- | M] (DevalVR - QTVR player, 3D Topographical Maps, 360x180 Panorama Viewer, and 3D technology for the Internet) -- C:\Program Files\mozilla firefox\plugins\npdevalvr.dll [2013.01.25 10:36:14 | 000,033,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2013.01.05 16:11:17 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2013.01.05 16:11:17 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2013.01.05 16:11:17 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2013.01.05 16:11:17 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.03.14 20:25:40 | 000,044,251 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\toolkitsearch.xml [2013.01.05 16:11:17 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2013.01.05 16:11:17 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Plus! Network (Enabled) CHR - default_search_provider: search_url = hxxp://www.searchplusnetwork.com/?sp=vit4&q={searchTerms} CHR - default_search_provider: suggest_url = CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1364.152\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1364.152\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1364.152\pdf.dll CHR - plugin: (Enabled) = C:\Users\ulrike\AppData\Local\Google\Chrome\User Data\Default\Extensions\bodddioamolcibagionmmobehnbhiakf\1.0.5_0\chromeNPAPI.dll CHR - plugin: Skype Click to Call (Enabled) = C:\Users\ulrike\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.2.0.10687_0\npSkypeChromePlugin.dll CHR - plugin: Free Studio (Enabled) = C:\Users\ulrike\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.0.0_0\np_dvs_plugin.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: DevalVR 3D Plugin (Enabled) = C:\Program Files\Google\Chrome\Application\plugins\npdevalvr.dll CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll CHR - Extension: Browser Companion Helper = C:\Users\ulrike\AppData\Local\Google\Chrome\User Data\Default\Extensions\bodddioamolcibagionmmobehnbhiakf\1.0.5_0\ CHR - Extension: Skype Click to Call = C:\Users\ulrike\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.3.0.11079_0\ O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (DVDVideoSoftTB DE Toolbar) - {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Programme\DVDVideoSoftTB_DE\prxtbDVD0.dll (Conduit Ltd.) O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Programme\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (ToolKit IE Helper) - {70EA269E-56DF-49C2-86B2-1A1924ED88B4} - C:\Program Files\ToolKitService\splash.dll File not found O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Programme\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (DVDVideoSoft WebPageAdjuster Class) - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Programme\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.) O3 - HKLM\..\Toolbar: (DVDVideoSoftTB DE Toolbar) - {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Programme\DVDVideoSoftTB_DE\prxtbDVD0.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found. O3 - HKLM\..\Toolbar: (eToolKit Toolbar) - {D3B22A92-87A2-47b6-B3E6-A64877B5C242} - C:\Program Files\ToolKitService\toolbar.dll File not found O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB DE Toolbar) - {0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF} - C:\Programme\DVDVideoSoftTB_DE\prxtbDVD0.dll (Conduit Ltd.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [Apoint] C:\Programme\DellTPad\Apoint.exe (Alps Electric Co., Ltd.) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO) O4 - HKLM..\Run: [DellControlPoint] c:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe (Dell Inc.) O4 - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Microsoft Corporation) O4 - HKLM..\Run: [IntelliType Pro] C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation) O4 - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray.exe (IDT, Inc.) O4 - HKCU..\Run: [AnyDVD] C:\Programme\SlySoft\AnyDVD\AnyDVDtray.exe (SlySoft, Inc.) O4 - HKCU..\Run: [F.lux] C:\Users\ulrike\Local Settings\Apps\F.lux\flux.exe () O4 - HKCU..\Run: [GoogleChromeAutoLaunch_156B29F5313FECB4988F8467F606B4B7] C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) O4 - Startup: C:\Users\ulrike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\ulrike\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0 O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Free YouTube Download - C:\Programme\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Programme\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm () O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office15\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Lync: Anruf per Mausklick - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Programme\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Lync: Anruf per Mausklick - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Programme\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Programme\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.) O9 - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Programme\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5CA3CDE8-FDFB-4060-9543-2A97E2296E12}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6A29D2DF-4ED9-4558-9A3C-8468D7C85B2E}: NameServer = 192.168.2.1 O18 - Protocol\Handler\base64 - No CLSID value found O18 - Protocol\Handler\chrome - No CLSID value found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Programme\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation) O18 - Protocol\Handler\prox - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807583E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (C:\Windows\system32\guard32.dll) - C:\Windows\System32\guard32.dll (COMODO) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O30 - LSA: Authentication Packages - (wvauth) - C:\Windows\System32\wvauth.dll (Wave Systems Corp.) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{d8f797fa-2621-11e0-8e90-904ce5fb327c}\Shell - "" = AutoRun O33 - MountPoints2\{d8f797fa-2621-11e0-8e90-904ce5fb327c}\Shell\AutoRun\command - "" = E:\iStudio.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.03.08 11:29:40 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\ulrike\Desktop\OTL.exe [2013.03.08 00:15:41 | 000,000,000 | ---D | C] -- C:\Users\ulrike\AppData\Roaming\Malwarebytes [2013.03.08 00:15:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.03.08 00:15:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.03.08 00:15:34 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2013.03.08 00:15:34 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2013.03.08 00:14:37 | 010,156,344 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\ulrike\Desktop\mbam-setup-1.70.0.1100.exe [2013.03.07 13:39:34 | 000,000,000 | ---D | C] -- C:\Users\ulrike\Documents\DVDVideoSoft [2013.03.07 13:36:15 | 029,000,336 | ---- | C] (DVDVideoSoft Ltd. ) -- C:\Users\ulrike\Desktop\FreeAudioCDToMP3Converter.exe [2013.03.07 10:29:09 | 000,000,000 | ---D | C] -- C:\Users\ulrike\Documents\MAGIX Speed [2013.03.07 10:06:03 | 000,000,000 | ---D | C] -- C:\Users\ulrike\Documents\MAGIX_Audio_Cleaning_Lab_16_deluxe [2013.03.05 21:20:30 | 000,000,000 | ---D | C] -- C:\Users\ulrike\Desktop\würzburg [2013.03.02 16:36:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth [2013.02.24 19:28:53 | 000,000,000 | ---D | C] -- C:\Users\ulrike\AppData\Local\APN [2013.02.24 19:28:52 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com [2013.02.24 18:05:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Ask [2013.02.23 21:16:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2013.02.23 21:16:18 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2013.02.23 21:16:18 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2013.02.23 21:16:18 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1 [2013.02.22 16:23:31 | 000,000,000 | ---D | C] -- C:\Users\ulrike\Documents\Benutzerdefinierte Office-Vorlagen [2013.02.22 10:43:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013 [2013.02.22 10:42:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER [2013.02.22 10:42:23 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1991-06.com.microsoft [2013.02.22 10:41:52 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server [2013.02.22 10:31:49 | 000,000,000 | ---D | C] -- C:\Windows\SHELLNEW [2013.02.22 10:31:28 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Analysis Services [2013.02.22 10:31:13 | 000,000,000 | ---D | C] -- C:\Users\ulrike\AppData\Local\Microsoft Help [2013.02.22 10:31:06 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office [2013.02.22 10:31:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help [2013.02.22 10:30:17 | 000,000,000 | RH-D | C] -- C:\MSOCache [2013.02.22 09:19:49 | 000,000,000 | ---D | C] -- C:\Users\ulrike\AppData\Roaming\Download Manager [2013.02.20 10:33:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Photo Notifier and Animation Creator [2013.02.20 10:33:17 | 000,000,000 | ---D | C] -- C:\Program Files\Photo Notifier and Animation Creator [2013.02.20 10:14:38 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2013.02.19 20:51:23 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoft [2013.02.19 20:51:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DVDVideoSoft [2013.02.08 10:30:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2011.12.08 20:51:47 | 014,597,312 | ---- | C] (Mozilla) -- C:\Program Files\Firefox Setup 8.0.1.exe [2011.11.14 21:04:51 | 001,258,692 | ---- | C] (DVD Shrink ) -- C:\Program Files\dvdshrink.3.2.de._decss-frei_.setup.exe [2011.11.14 21:04:48 | 001,258,692 | ---- | C] (DVD Shrink ) -- C:\Program Files\dvdshrink.3.2.de._decss-frei_.setup.exe.part [2011.11.09 20:27:19 | 005,157,880 | ---- | C] (Canneverbe Limited ) -- C:\Program Files\cdbxp_setup_4.3.9.2783.exe [2011.11.09 20:17:08 | 072,333,896 | ---- | C] (Ashampoo GmbH & Co. KG ) -- C:\Program Files\ashampoo_burning_studio_elements_10.0.9_8678.exe [2011.06.01 16:01:38 | 012,362,480 | ---- | C] (Mozilla) -- C:\Program Files\Firefox Setup 4.0.1.exe [2011.02.12 13:17:05 | 017,642,464 | ---- | C] (pdfforge GbR) -- C:\Program Files\PDFCreator-1_2_0_setup.exe [2011.02.07 22:20:26 | 023,773,544 | ---- | C] (DVDVideoSoft Limited. ) -- C:\Program Files\FreeYouTubeToMP3Converter32.exe [2011.02.01 22:49:36 | 023,773,544 | ---- | C] (DVDVideoSoft Limited. ) -- C:\Program Files\FreeYouTubeToMp3Converter.exe [2011.01.14 08:03:20 | 014,715,008 | ---- | C] (Dropbox, Inc.) -- C:\Program Files\Dropbox 1.0.10.exe [2010.07.01 06:51:33 | 008,424,584 | ---- | C] (Mozilla) -- C:\Program Files\Firefox Setup 3.6.6.exe [2010.06.24 21:44:11 | 000,568,472 | ---- | C] (NCH Software) -- C:\Program Files\wpsetup.exe [2010.05.08 08:59:11 | 002,003,968 | ---- | C] (DVDVideoSoft Limited.) -- C:\Program Files\FreeAudioDub.exe [2010.05.08 08:58:06 | 010,906,498 | ---- | C] (DVDVideoSoft Limited. ) -- C:\Program Files\FreeAudioDub_1.6.exe [2010.05.04 20:57:28 | 006,728,058 | ---- | C] (Koyote Soft ) -- C:\Program Files\Setup_FreeConverter.exe [2010.05.04 20:55:21 | 006,188,525 | ---- | C] (Koyote Soft ) -- C:\Program Files\Setup_FreeFlvConverter.exe [2010.04.21 21:09:29 | 000,562,848 | ---- | C] (Google Inc.) -- C:\Program Files\GoogleEarthSetup.exe [2010.03.15 22:48:22 | 000,977,552 | ---- | C] (NCH Software) -- C:\Program Files\essetup.exe [2010.03.02 22:53:51 | 019,922,270 | ---- | C] (Macrovision Corporation) -- C:\Program Files\sa3045_02_pal_eng.exe [2010.02.17 17:46:56 | 022,240,040 | ---- | C] (Skype Technologies S.A.) -- C:\Program Files\SkypeSetupFull179.exe [2010.02.17 17:38:47 | 012,260,429 | ---- | C] (DVDVideoSoft Limited. ) -- C:\Program Files\FreeYouTubeToMp3Converter327.exe [2010.02.10 19:38:22 | 038,546,560 | ---- | C] (ashampoo GmbH & Co. KG ) -- C:\Program Files\ashampoo_burning_studio_2010_9.12_6265(2).exe [2010.02.09 21:57:24 | 006,343,388 | ---- | C] (Koyote Soft ) -- C:\Program Files\Setup674_FreeFlvConverter.exe [2010.02.04 16:02:13 | 016,488,224 | ---- | C] (Sun Microsystems, Inc.) -- C:\Program Files\jre-6u18-windows-i586-s.exe [2010.02.01 23:14:20 | 001,924,200 | ---- | C] (Adobe Systems Incorporated) -- C:\Program Files\install_flash_player.exe [2010.02.01 22:42:44 | 008,840,816 | ---- | C] (Mozilla) -- C:\Program Files\Thunderbird_Setup_3.0.1.exe [2010.02.01 20:44:08 | 003,211,616 | ---- | C] (Ghisler Software GmbH) -- C:\Program Files\tcmd750a.exe [2010.01.31 23:27:37 | 000,564,064 | ---- | C] (Google Inc.) -- C:\Program Files\googleupdatesetup.exe [2010.01.30 12:31:26 | 032,494,896 | ---- | C] (Apple Inc.) -- C:\Program Files\QuickTimeInstaller.exe [2010.01.30 11:11:55 | 001,167,688 | ---- | C] (Microsoft Corporation) -- C:\Program Files\wlsetup-custom.exe ========== Files - Modified Within 30 Days ========== [2013.03.08 11:41:54 | 001,474,832 | ---- | M] () -- C:\Windows\System32\drivers\sfi.dat [2013.03.08 11:33:03 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.03.08 11:29:41 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\ulrike\Desktop\OTL.exe [2013.03.08 11:13:52 | 000,081,993 | ---- | M] () -- C:\Users\ulrike\Desktop\defogger3.JPG [2013.03.08 11:13:31 | 000,085,605 | ---- | M] () -- C:\Users\ulrike\Desktop\defogger2.JPG [2013.03.08 11:13:03 | 000,104,007 | ---- | M] () -- C:\Users\ulrike\Desktop\defogger.JPG [2013.03.08 11:11:32 | 000,000,000 | ---- | M] () -- C:\Users\ulrike\defogger_reenable [2013.03.08 10:59:41 | 000,014,256 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.03.08 10:59:41 | 000,014,256 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.03.08 10:57:28 | 000,654,400 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.03.08 10:57:28 | 000,616,242 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.03.08 10:57:28 | 000,130,240 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.03.08 10:57:28 | 000,106,622 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.03.08 10:53:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.03.08 10:52:47 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.03.08 10:52:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.03.08 10:51:54 | 2780,745,728 | -HS- | M] () -- C:\hiberfil.sys [2013.03.08 09:21:08 | 000,023,132 | ---- | M] () -- C:\Users\ulrike\Desktop\scan.JPG [2013.03.08 01:04:56 | 000,050,477 | ---- | M] () -- C:\Users\ulrike\Desktop\Defogger.exe [2013.03.08 00:39:36 | 000,073,430 | ---- | M] () -- C:\Users\ulrike\Desktop\trojaner_name.JPG [2013.03.08 00:15:36 | 000,001,069 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.03.08 00:15:08 | 010,156,344 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\ulrike\Desktop\mbam-setup-1.70.0.1100.exe [2013.03.07 22:17:33 | 017,947,064 | ---- | M] () -- C:\Users\ulrike\Desktop\INTERNET-WORLD-Business Ausgabe-22-2011.pdf [2013.03.07 13:39:29 | 000,001,365 | ---- | M] () -- C:\Users\ulrike\Desktop\Free Audio CD to MP3 Converter.lnk [2013.03.07 13:37:36 | 029,000,336 | ---- | M] (DVDVideoSoft Ltd. ) -- C:\Users\ulrike\Desktop\FreeAudioCDToMP3Converter.exe [2013.03.07 08:53:18 | 000,000,234 | ---- | M] () -- C:\Windows\Brownie.ini [2013.03.06 09:44:57 | 000,076,187 | ---- | M] () -- C:\Users\ulrike\Desktop\joystick_psych.JPG [2013.02.25 21:42:19 | 000,004,998 | ---- | M] () -- C:\Users\ulrike\Desktop\siemens.odt [2013.02.22 12:32:36 | 000,495,360 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2013.02.22 10:43:34 | 000,002,937 | ---- | M] () -- C:\Users\ulrike\Desktop\PowerPoint 2013.lnk [2013.02.22 10:43:32 | 000,002,829 | ---- | M] () -- C:\Users\ulrike\Desktop\Access 2013.lnk [2013.02.19 17:45:41 | 000,010,034 | ---- | M] () -- C:\Users\ulrike\Desktop\ryanair_nuernberg.odt [2013.02.08 10:41:18 | 002,625,153 | ---- | M] () -- C:\Users\ulrike\Desktop\LoipeFrammersbach-Mosborn_Karte.pdf ========== Files Created - No Company Name ========== [2013.03.08 11:13:52 | 000,081,993 | ---- | C] () -- C:\Users\ulrike\Desktop\defogger3.JPG [2013.03.08 11:13:30 | 000,085,605 | ---- | C] () -- C:\Users\ulrike\Desktop\defogger2.JPG [2013.03.08 11:13:02 | 000,104,007 | ---- | C] () -- C:\Users\ulrike\Desktop\defogger.JPG [2013.03.08 11:11:32 | 000,000,000 | ---- | C] () -- C:\Users\ulrike\defogger_reenable [2013.03.08 09:21:08 | 000,023,132 | ---- | C] () -- C:\Users\ulrike\Desktop\scan.JPG [2013.03.08 01:04:55 | 000,050,477 | ---- | C] () -- C:\Users\ulrike\Desktop\Defogger.exe [2013.03.08 00:39:35 | 000,073,430 | ---- | C] () -- C:\Users\ulrike\Desktop\trojaner_name.JPG [2013.03.08 00:15:36 | 000,001,069 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.03.07 22:16:44 | 017,947,064 | ---- | C] () -- C:\Users\ulrike\Desktop\INTERNET-WORLD-Business Ausgabe-22-2011.pdf [2013.03.07 13:39:29 | 000,001,365 | ---- | C] () -- C:\Users\ulrike\Desktop\Free Audio CD to MP3 Converter.lnk [2013.03.07 13:31:12 | 000,000,044 | ---- | C] () -- C:\Users\ulrike\Desktop\Track01.cda [2013.03.07 13:03:29 | 000,000,044 | ---- | C] () -- C:\Users\ulrike\Documents\passion.cda [2013.03.06 09:44:57 | 000,076,187 | ---- | C] () -- C:\Users\ulrike\Desktop\joystick_psych.JPG [2013.02.22 10:43:34 | 000,002,937 | ---- | C] () -- C:\Users\ulrike\Desktop\PowerPoint 2013.lnk [2013.02.22 10:43:32 | 000,002,829 | ---- | C] () -- C:\Users\ulrike\Desktop\Access 2013.lnk [2013.02.19 17:38:23 | 000,010,034 | ---- | C] () -- C:\Users\ulrike\Desktop\ryanair_nuernberg.odt [2013.02.08 10:41:18 | 002,625,153 | ---- | C] () -- C:\Users\ulrike\Desktop\LoipeFrammersbach-Mosborn_Karte.pdf [2012.12.27 10:54:28 | 000,000,021 | ---- | C] () -- C:\Windows\preview.ini [2012.10.10 15:20:39 | 000,001,531 | ---- | C] () -- C:\Users\ulrike\.recently-used.xbel [2012.08.28 09:02:57 | 000,000,181 | ---- | C] () -- C:\Windows\WININIT.INI [2012.07.01 10:55:48 | 000,238,386 | ---- | C] () -- C:\Windows\hpwins26.dat.temp [2012.06.27 17:26:45 | 000,000,370 | ---- | C] () -- C:\Windows\hpwmdl26.dat.temp [2012.06.27 16:58:22 | 000,238,386 | ---- | C] () -- C:\Windows\hpwins26.dat [2012.04.19 08:08:46 | 141,590,843 | ---- | C] () -- C:\Program Files\openofficeorg1.cab [2012.04.19 07:59:52 | 000,473,600 | ---- | C] () -- C:\Program Files\setup.exe [2012.04.19 07:59:50 | 000,000,290 | ---- | C] () -- C:\Program Files\setup.ini [2012.04.19 07:59:48 | 003,125,248 | ---- | C] () -- C:\Program Files\openofficeorg34.msi [2011.10.04 19:42:44 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll [2011.09.27 19:50:32 | 000,000,032 | ---- | C] () -- C:\Windows\Menu.INI [2011.07.05 12:32:53 | 000,000,000 | ---- | C] () -- C:\Users\ulrike\AppData\Local\{EDD1366B-75CE-429C-A470-C05A561E102D} [2011.04.26 21:31:12 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2011.04.25 17:13:21 | 020,533,281 | ---- | C] () -- C:\Program Files\vlc-1.1.9-win32.exe [2011.03.23 20:30:48 | 000,000,145 | ---- | C] () -- C:\Windows\BRVIDEO.INI [2011.03.23 20:30:48 | 000,000,000 | ---- | C] () -- C:\Windows\brmx2001.ini [2011.03.23 20:30:47 | 000,000,114 | ---- | C] () -- C:\Windows\System32\brlmw03a.ini [2011.03.23 20:30:46 | 000,009,030 | ---- | C] () -- C:\Windows\HL-2030.INI [2011.03.23 20:29:42 | 000,000,234 | ---- | C] () -- C:\Windows\Brownie.ini [2011.02.12 13:07:10 | 020,364,702 | ---- | C] () -- C:\Program Files\vlc-1.1.7-win32.exe [2011.02.02 22:40:33 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib [2011.01.21 23:06:33 | 000,017,408 | ---- | C] () -- C:\Users\ulrike\AppData\Local\WebpageIcons.db [2010.08.16 22:11:12 | 019,461,015 | ---- | C] () -- C:\Program Files\vlc-1.1.2-win32.exe [2010.05.10 15:38:02 | 013,868,427 | ---- | C] () -- C:\Program Files\NAVIGON_Fresh_setup.exe [2010.05.08 08:56:49 | 000,256,824 | ---- | C] () -- C:\Program Files\SoftonicDownloader67434.exe [2010.05.07 21:30:16 | 000,212,713 | ---- | C] () -- C:\Program Files\mp3DC211.exe [2010.04.21 18:39:21 | 018,234,256 | ---- | C] ( ) -- C:\Program Files\gimp-2.6.8-i686-setup.exe [2010.04.20 20:09:44 | 010,315,456 | ---- | C] () -- C:\Program Files\GoogleEarthWin.exe [2010.03.02 22:53:26 | 002,228,224 | ---- | C] () -- C:\Program Files\sa3045_02_fus_eng.exe [2010.03.01 21:22:06 | 152,882,016 | ---- | C] () -- C:\Program Files\OOo_3.2.0_Win32Intel_install_de.exe [2010.02.22 22:36:51 | 000,000,017 | ---- | C] () -- C:\Users\ulrike\AppData\Local\resmon.resmoncfg [2010.02.19 16:32:46 | 025,154,803 | ---- | C] () -- C:\Program Files\f4-v4-pc.zip [2010.02.17 17:51:31 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010.02.17 17:41:38 | 000,685,568 | ---- | C] () -- C:\Program Files\DVSUninstall.exe [2010.02.16 22:23:33 | 167,555,440 | ---- | C] () -- C:\Program Files\OOo_3.2.0_Win32Intel_install_wJRE_de(2).exe [2010.02.09 18:35:16 | 000,003,584 | ---- | C] () -- C:\Users\ulrike\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.02.09 18:12:06 | 000,009,523 | ---- | C] () -- C:\Program Files\DellDriverDownloadManager.application [2010.02.08 20:13:01 | 000,150,836 | ---- | C] () -- C:\Users\ulrike\AppData\Roaming\mdbu.bin [2010.02.08 19:55:41 | 061,037,560 | ---- | C] ( ) -- C:\Program Files\MediaMarkt_Fotoservice.exe [2010.02.07 16:51:35 | 004,444,879 | ---- | C] () -- C:\Program Files\XMediaRecode2184_setup.exe [2010.02.04 22:31:16 | 018,499,623 | ---- | C] () -- C:\Program Files\vlc-1.0.5-win32.exe [2010.01.30 12:29:55 | 018,965,012 | ---- | C] () -- C:\Program Files\f4-v31.exe [2010.01.28 16:12:08 | 149,845,064 | ---- | C] () -- C:\Program Files\OOo_3.1.1_Win32Intel_install_de.exe [2010.01.28 09:34:05 | 000,000,000 | ---- | C] () -- C:\Users\ulrike\AppData\Local\WavXMapDrive.bat ========== ZeroAccess Check ========== [2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2012.09.17 20:44:24 | 000,000,000 | ---D | M] -- C:\Users\ulrike\AppData\Roaming\Ahnenblatt [2011.11.11 17:22:36 | 000,000,000 | ---D | M] -- C:\Users\ulrike\AppData\Roaming\Ashampoo [2013.03.08 00:05:02 | 000,000,000 | ---D | M] -- C:\Users\ulrike\AppData\Roaming\Audacity [2010.05.07 21:40:55 | 000,000,000 | ---D | M] -- C:\Users\ulrike\AppData\Roaming\Blue Cat Audio [2010.01.28 09:34:05 | 000,000,000 | ---D | M] -- C:\Users\ulrike\AppData\Roaming\Broadcom [2012.09.23 09:05:18 | 000,000,000 | ---D | M] -- C:\Users\ulrike\AppData\Roaming\BrowserCompanion [2011.11.09 20:31:07 | 000,000,000 | ---D | M] -- C:\Users\ulrike\AppData\Roaming\Canneverbe Limited [2010.07.22 20:29:00 | 000,000,000 | ---D | M] -- C:\Users\ulrike\AppData\Roaming\de.myphotobook.creator.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1 [2013.03.08 10:54:08 | 000,000,000 | ---D | M] -- C:\Users\ulrike\AppData\Roaming\Dropbox [2013.03.08 00:05:02 | 000,000,000 | ---D | M] -- C:\Users\ulrike\AppData\Roaming\DVDVideoSoft [2013.02.19 20:48:36 | 000,000,000 | ---D | M] -- C:\Users\ulrike\AppData\Roaming\DVDVideoSoftIEHelpers [2012.11.04 08:59:16 | 000,000,000 | ---D | M] -- C:\Users\ulrike\AppData\Roaming\F4 [2012.03.11 12:12:18 | 000,000,000 | ---D | M] -- C:\Users\ulrike\AppData\Roaming\FILEminimizerPictures [2010.05.04 20:55:16 | 000,000,000 | ---D | M] -- C:\Users\ulrike\AppData\Roaming\FreeFLVConverter [2011.05.24 19:42:18 | 000,000,000 | ---D | M] -- C:\Users\ulrike\AppData\Roaming\GetRightToGo [2010.02.01 21:00:36 | 000,000,000 | ---D | M] -- C:\Users\ulrike\AppData\Roaming\GHISLER [2012.10.10 15:20:39 | 000,000,000 | ---D | M] -- C:\Users\ulrike\AppData\Roaming\gtk-2.0 [2012.09.25 20:02:44 | 000,000,000 | ---D | M] -- C:\Users\ulrike\AppData\Roaming\HandBrake [2010.05.08 08:11:03 | 000,000,000 | ---D | M] -- C:\Users\ulrike\AppData\Roaming\HighAndes [2013.01.17 14:40:56 | 000,000,000 | ---D | M] -- C:\Users\ulrike\AppData\Roaming\NCH Swift Sound [2012.10.05 18:00:46 | 000,000,000 | ---D | M] -- C:\Users\ulrike\AppData\Roaming\OpenCandy [2010.01.30 16:53:59 | 000,000,000 | ---D | M] -- C:\Users\ulrike\AppData\Roaming\OpenOffice.org [2010.02.01 22:44:11 | 000,000,000 | ---D | M] -- C:\Users\ulrike\AppData\Roaming\Thunderbird [2012.04.14 09:10:13 | 000,000,000 | ---D | M] -- C:\Users\ulrike\AppData\Roaming\TuneUp Software [2010.01.28 09:34:05 | 000,000,000 | ---D | M] -- C:\Users\ulrike\AppData\Roaming\Wave Systems Corp [2012.02.19 18:32:50 | 000,000,000 | ---D | M] -- C:\Users\ulrike\AppData\Roaming\René's Homepage [2010.08.15 10:46:44 | 000,000,000 | ---D | M] -- C:\Users\ulrike\AppData\Roaming\XMedia Recode ========== Purity Check ========== < End of report > |
|
08.03.2013, 13:18
| #2 |
| /// Malware-holic   | 2x | Groupon Trojaner Hi,
__________________bitte sende uns in Zukunft spam Mails zu, warne außerdem deine Freunde etc, gib ihnen die in meiner Signatur befindliche Mailadresse. hast du zugriff auf deine Daten? Bilder, dokumente etc
__________________ |
|
08.03.2013, 20:46
| #3 |
| | 2x | Groupon Trojaner ja, mach ich (hatte die spam Mail bereits gelöscht, bevor ich auf eurer Seite gelandet bin). Ich habe Stichproben gemacht und kann Bilder, Dokus, Musik, Videos öffnen.
__________________Da bis jetzt "nur" pup.blabbers gefunden wurden, ist der Verschlüsselungstrojaner vielleicht doch nicht auf meinem Rechner??? Ich finde es toll, wie ihr euch engagiert! habe erneut mit Malwarebytes gescant (quick scan) und im Gegensatz zu gestern wurde nichts gefunden - sollte ich trotzdem die ganze Prozedur durchführen, die ihr bei dem Groupon Trojaner empfehlt? Malwarebytes Anti-Malware (Test) 1.70.0.1100 Malwarebytes : Free Anti-Malware download Datenbank Version: v2013.03.07.14 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 ulrike :: ULRIKE-PC [Administrator] Schutz: Aktiviert 08.03.2013 20:48:31 mbam-log-2013-03-08 (20-48-31).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 225597 Laufzeit: 14 Minute(n), 59 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) |
|
11.03.2013, 18:37
| #4 |
| /// Malware-holic | 2x | Groupon Trojaner kein prob Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
11.03.2013, 20:48
| #5 |
| | 2x | Groupon Trojaner hallo markusg, danke für die Antwort - bitte sei nicht sauer, denn ich habe vor einigen Tagen mit meinem Problem ein neues Thema aufgemacht "gmer lässt sich nicht herunterladen - infiziert mit pup.blabbers". Ich bin davon ausgegangen, das Thema falsch benannt zu haben, weil ich wohl doch keinen Trojaner gefangen habe, und die Helfer vielleicht in die Irre führe. Daraufhin hat sich ryder gemeldet, und seitdem scanne ich nach seiner Anleitung immer wieder den Rechner. Als letztes habe ich eset online scanner benutzt und security check. Mir ist nicht klar, wie ich dieses Thema hier beenden/löschen kann? Bitte entschuldige, dass du dir jetzt unnötige Arbeit gemacht hast!!! Ich bin ziemlich in Panik gewesen und habe viele viele Stunden vor dem Rechner verbracht und dabei habe ich leider nicht mehr dran gedacht, dir Bescheid zu geben!! Zerknirschte Grüße Ulrike |
|
13.03.2013, 10:20
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | 2x | Groupon Trojaner Hier gehts weiter => http://www.trojaner-board.de/131979-...ml#post1026049
__________________ --> 2x | Groupon Trojaner |
| Themen zu 2x | Groupon Trojaner |
| administrator, anti-malware, appdata, autostart, browser, cache, dateien, deutsch, dvdvideosoft ltd., ergebnis, explorer, fake rechnung, fix, gen, groupon, groupon trojaner, helper, hilfe!, install, install.exe, jquery, koyote, mausklick, microsoft, ms-dos, msn deutschland, plug-in, rechnung, service, software, speicher, test, trojaner, uninstall.exe, version, warnhinweis |
Linear-Darstellung
