| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Des Dramas dritter Teil: Warnung der Telekom vor Zeus/ZBotWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
27.04.2013, 06:56
| #1 |
 |  Des Dramas dritter Teil: Warnung der Telekom vor Zeus/ZBot Sodele. nein, das ist kein bump oder eine Neuauflage des so ähnlich klingenden Threads sondern ein anderer Rechner. Auch hier die Vorinfos: Anfang war eine Meldung von Avira auf einerm anderen Rechner: http://www.trojaner-board.de/134025-...raps-gen2.html Dann kam eine e-mail der Telekom mit folgendem Inhalt, die mich dazu brachte die anderen Rechner bei uns im Netzwerk genauer in Augenschein zu nehmen: Code:
ATTFilter -----Ursprüngliche Nachricht-----
Von: Deutsche Telekom Abuse-Team [mailto:abuse@t-online.de]
Gesendet: Donnerstag, 25. April 2013 09:33
An: [User-nummer]@t-online.de
Betreff: [Abuse-ID:xxx] Wichtige Sicherheitswarnung zu Ihrem Internetzugang; Zugangsnummer: [User-nummer]
| Kundennummer: [User-nummer]
| Anschlussinhaber: [User-nummer]
Sehr geehrte Kundin,
sehr geehrter Kunde,
unsere Sicherheitsexperten haben zuverlässige Hinweise, dass sich über Ihren
Internetanschluss, ein Computer ins Internet einwählt, der mit dem
Schadprogramm "ZeuS/ZBot" (Online-Banking-Trojaner) infiziert wurde.
Dadurch stellt für Sie zur Zeit jeder Online-Einkauf, jeder Geldtransfer per
Onlinebanking und jeder Austausch in sozialen Netzwerken ein erhebliches
Sicherheitsrisiko dar.
Den Hinweis auf Ihren Anschluss und die IP-Adresse haben wir von externen
Sicherheitsexperten erhalten, mit denen wir zusammenarbeiten, um unsere
Kunden zu schützen. Folgende IP-Adresse war zum Zeitpunkt des Versands von
schädlichen E-Mails Ihrer Zugangsnummer zugeordnet
IP-Adresse: 79.204.235.43
Zeitangaben: 23.04.2013, 12:43:25 (MESZ)
Bitte prüfen Sie Ihren Computer und unterbinden Sie so die missbräuchliche
Nutzung Ihres Zugangs. In zwei Schritten können Sie das Internet wieder
sicher nutzen:
1. Trojaner beseitigen
Damit Sie die Infektion einfach erkennen und entfernen können,
bieten wir Ihnen in Kooperation mit dem Bundesamt für Sicherheit in
der Informationstechnik (BSI) und dem Verband der
Informationswirtschaft (eco) eine kostenfreie Software an.
Diesen "DE-Cleaner" können Sie unter https://www.botfrei.de/telekom
herunterladen.
Benötigen Sie professionelle Hilfe?
In einigen Fällen ist es schwierig, den Computer mit einem Virenscanner zu
säubern, da sich der Virus bzw. die Schadsoftware sehr tief ins System
festgesetzt hat. Wenn Sie persönliche Unterstützung in Anspruch nehmen
möchten, um die Sicherheit Ihres Computers wiederherzustellen, empfehlen wir
Ihnen das Sicherheitsteam von Norton - dem weltweit führenden Unternehmen
für Virenschutz.
Das Norton Sicherheitsteam entfernt Ihnen für 99,99 Euro alle aktuellen
Viren und Schadprogramme auf Ihrem Rechner und stellt die Sicherheit Ihres
Systems wieder her.
Das Norton Sicherheitsteam erreichen Sie unter 0800 100 6446. Weitere
Informationen finden Sie unter www.nortonlive.com/DT1
2. Passwörter ändern
Eine Passwortänderung darf nur von einem Computer aus erfolgen, der
garantiert frei von Viren und Trojanern ist, sonst können die neuen
Passwörter direkt wieder von Dritten ausgelesen werden. Ändern Sie
auch die Passwörter für Ihren Router, für alle E-Mail-Adressen sowie
Online-Banking, Ebay, Amazon usw.
Passwörter von Telekom Diensten und Services können Sie zentral und
einfach im Kundencenter unter https://kundencenter.telekom.de ändern.
Unter dem Link www.t-online.de/abuse/faq -> Reiter "Downloads & Handbücher"
im Merkblatt Sicherheit, geben wir Ihnen Antworten auf die wichtigsten
Fragen zum Thema Internetsicherheit, z.B. wie finde ich ein sicheres
Passwort.
Benötigen Sie weitere Informationen zu dieser Sicherheitswarnung, senden Sie
uns einfach eine E-Mail an abuse@telekom.de. Geben Sie dabei unbedingt Ihre
oben genannte Zugangsnummer an, damit wir Ihre Nachricht richtig zuordnen
können. Unsere Mitarbeiter werden sich umgehend mit Ihnen in Verbindung
setzen.
Mit freundlichen Grüßen
[üblicher "Abspann"]
Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-04-26 15:27:21
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 CORSAIR_ rev.VBM1 59,63GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\Michael\AppData\Local\Temp\kxdiypoc.sys
---- System - GMER 2.1 ----
INT 0x51 ? C489F558
INT 0x52 ? C489F7D8
INT 0x60 ? C599BCD8
INT 0x61 ? C2A912D8
INT 0x62 ? C489F058
INT 0x70 ? C5991058
INT 0x71 ? C489FCD8
INT 0x72 ? C5991CD8
INT 0x80 ? C59912D8
INT 0x82 ? C599B7D8
INT 0x90 ? C5991558
INT 0x92 ? C599BA58
INT 0xA0 ? C59917D8
INT 0xA2 ? C599B558
INT 0xB0 ? C5991A58
INT 0xB1 ? C2A91CD8
INT 0xB2 ? C2A91058
INT 0xB3 ? C59D37D8
---- User code sections - GMER 2.1 ----
.text C:\Windows\Explorer.EXE[3388] SHELL32.dll!SHFileOperationW 75B19708 5 Bytes JMP 065E1102 C:\Program Files\Unlocker\UnlockerHook.dll
---- Kernel code sections - GMER 2.1 ----
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0xD1C30000, 0x136CEC, 0xE8000020]
---- Registry - GMER 2.1 ----
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\000021091A0070400000000000F01FEC\Usage@OneNoteFilesIntl_1031 1117391007
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\7040110900063D11C8EF10054038389C\Usage@OUTLOOKFiles 1117398283
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\7040110900063D11C8EF10054038389C\Usage@OutlookMAPI2 1117394864
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\7040110900063D11C8EF10054038389C\Usage@OUTLOOKNonBootFiles 1117390442
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\7040110900063D11C8EF10054038389C\Usage@ProductFiles 1117390176
Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{81CE4251-1D48-4A06-A82F-F93D3AE774DA}@LeaseObtainedTime 1366949308
Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{81CE4251-1D48-4A06-A82F-F93D3AE774DA}@LeaseTerminatesTime 1366949563
Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{81CE4251-1D48-4A06-A82F-F93D3AE774DA}@T1 1366949435
Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{81CE4251-1D48-4A06-A82F-F93D3AE774DA}@T2 1366949531
---- Kernel code sections - GMER 2.1 ----
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 E348B1F2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!ZwRollbackEnlistment + 140D E3451A09 1 Byte [06]
? System32\drivers\aoyulu.sys Das System kann den angegebenen Pfad nicht finden. !
---- Registry - GMER 2.1 ----
Reg HKLM\SOFTWARE\Microsoft\Windows Search\CatalogNames\Windows\SystemIndex@pkm:catalog:LastCatalogCrawlId 341
Reg HKLM\SOFTWARE\Microsoft\Windows Search\CatalogNames\Windows\SystemIndex@pkm:catalog:LastCatalogCrawlModified 128
Reg HKLM\SOFTWARE\Microsoft\Windows Search\CatalogNames\Windows\SystemIndex@pkm:catalog:LastCatalogCrawlErrors 1
Reg HKLM\SOFTWARE\Microsoft\Windows Search\CatalogNames\Windows\SystemIndex@pkm:catalog:LastCatalogCrawlKBytes 0
Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex@NewCrawlNumber 342
Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex@NewClientID 240
---- EOF - GMER 2.1 ----
Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.04.25.07 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 10.0.9200.16540 Michael :: MUFK2010 [Administrator] 26.04.2013 00:19:44 mbam-log-2013-04-26 (00-19-44).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|G:\|S:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 904174 Laufzeit: 2 Stunde(n), 17 Minute(n), 49 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 3 E:\Eigene Dateien\FUN\A-Klasse Syndrom.exe (Application.Joke) -> Erfolgreich gelöscht und in Quarantäne gestellt. G:\EigeneDats\Eigene Dokumente\FUN\A-Klasse Syndrom.exe (Application.Joke) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende)  Code:
ATTFilter OTL logfile created on: 26.04.2013 15:27:50 - Run 4 OTL by OldTimer - Version 3.2.69.0 Folder = G:\downloads\!Trojanerkiller Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16540) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,50 Gb Total Physical Memory | 2,10 Gb Available Physical Memory | 60,13% Memory free 6,99 Gb Paging File | 5,35 Gb Available in Paging File | 76,46% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 59,62 Gb Total Space | 18,08 Gb Free Space | 30,32% Space Free | Partition Type: NTFS Drive D: | 683,59 Gb Total Space | 332,01 Gb Free Space | 48,57% Space Free | Partition Type: NTFS Drive E: | 713,67 Gb Total Space | 253,55 Gb Free Space | 35,53% Space Free | Partition Type: NTFS Drive F: | 698,63 Gb Total Space | 292,82 Gb Free Space | 41,91% Space Free | Partition Type: NTFS Drive G: | 698,63 Gb Total Space | 71,86 Gb Free Space | 10,29% Space Free | Partition Type: NTFS Drive S: | 119,24 Gb Total Space | 46,65 Gb Free Space | 39,12% Space Free | Partition Type: NTFS Computer Name: MUFK2010 | User Name: Michael | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.04.25 22:42:51 | 000,602,112 | ---- | M] (OldTimer Tools) -- G:\Downloads\!Trojanerkiller\OTL.exe PRC - [2013.04.23 21:29:14 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2013.04.23 21:28:34 | 000,079,584 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2013.04.23 21:28:27 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2013.04.23 21:28:25 | 000,345,312 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.12.19 21:56:24 | 000,482,304 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe PRC - [2012.12.19 21:55:48 | 000,219,136 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe PRC - [2012.12.18 21:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.12.14 11:17:04 | 003,467,768 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version8\TeamViewer_Service.exe PRC - [2012.11.23 04:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2012.04.11 01:59:14 | 000,542,552 | ---- | M] () -- E:\_Progs\Hotspot Shield\bin\openvpnas.exe PRC - [2012.04.02 20:46:58 | 000,329,544 | ---- | M] () -- E:\_Progs\Hotspot Shield\bin\hsswd.exe PRC - [2012.03.23 14:25:24 | 000,087,040 | ---- | M] () -- C:\Programme\HTC\Internet Pass-Through\PassThruSvr.exe PRC - [2011.11.15 20:26:48 | 000,363,336 | ---- | M] (AnchorFree Inc.) -- E:\_Progs\Hotspot Shield\HssWPR\hsssrv.exe PRC - [2011.11.15 01:49:06 | 000,032,768 | ---- | M] (STRATO) -- C:\Programme\STRATO AG\STRATO HiDrive\STRATO HiDrive Service.exe PRC - [2011.05.24 22:48:24 | 000,393,216 | ---- | M] (AMD) -- C:\Programme\ATI Technologies\HydraVision\HydraDM.exe PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2010.11.20 14:17:41 | 001,174,016 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe PRC - [2010.11.17 03:53:16 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Programme\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe PRC - [2010.10.02 21:10:20 | 000,800,832 | ---- | M] (Jumping Bytes) -- C:\Programme\PureSync\PureSyncTray.exe PRC - [2010.09.21 15:03:14 | 001,710,464 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE PRC - [2010.09.21 15:03:14 | 000,193,408 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE PRC - [2010.08.03 11:05:54 | 000,358,472 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech\GamePanel Software\LGDevAgt.exe PRC - [2010.08.03 11:03:46 | 003,649,096 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech\GamePanel Software\G-series Software\LGDCore.exe PRC - [2010.08.03 10:43:18 | 001,809,992 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech\GamePanel Software\LCD Manager\LCDMon.exe PRC - [2010.08.03 10:42:52 | 000,523,848 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech\GamePanel Software\Applets\LCDCountdown.exe PRC - [2010.08.03 10:42:42 | 000,676,424 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech\GamePanel Software\Applets\LCDClock.exe PRC - [2010.07.04 21:51:26 | 000,017,408 | ---- | M] () -- C:\Programme\Unlocker\UnlockerAssistant.exe PRC - [2009.10.02 14:26:12 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2009.10.02 14:26:10 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe PRC - [2009.09.23 14:38:18 | 000,935,208 | ---- | M] (Nero AG) -- C:\Programme\Common Files\Nero\Nero BackItUp 4\NBService.exe PRC - [2009.07.21 09:17:46 | 000,323,584 | ---- | M] (Logitech Inc.) -- E:\_Progs\Logitech\SetPoint II\SetPointII.exe PRC - [2009.07.20 13:30:50 | 000,813,584 | ---- | M] (Logitech, Inc.) -- E:\_Progs\Logitech\SetPoint\SetPoint.exe PRC - [2009.07.14 03:14:41 | 000,354,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\StikyNot.exe PRC - [2009.07.10 13:42:32 | 000,055,824 | ---- | M] (Logitech, Inc.) -- C:\Programme\Common Files\Logishrd\KHAL2\KHALMNPR.exe PRC - [2007.05.31 10:21:28 | 000,648,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\wmdcBase.exe ========== Modules (No Company Name) ========== MOD - [2013.02.14 13:17:41 | 000,253,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsFormsIntegra#\ba39e27ea796912fce296963622dfbae\WindowsFormsIntegration.ni.dll MOD - [2013.02.14 13:16:54 | 012,079,616 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Web\ce70182f0348fc21a07409afd4a922f5\System.Web.ni.dll MOD - [2013.02.14 13:04:00 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll MOD - [2013.02.13 22:08:26 | 013,199,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\39f4c7717661667c68f9af8c4f6402b9\System.Windows.Forms.ni.dll MOD - [2013.01.10 11:05:02 | 000,096,768 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationProvider\a1b65a602c75409c0c1ce7fa1f2a0983\UIAutomationProvider.ni.dll MOD - [2013.01.10 11:04:51 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\5ea93652e4752c75bc6fbb195b4eb864\System.Runtime.Remoting.ni.dll MOD - [2013.01.10 08:48:57 | 001,801,728 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\866894ebe5258bf9f45d6b063229e990\System.Xaml.ni.dll MOD - [2013.01.10 08:47:18 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\302207b4fa3083899fd8ab4db98cecc5\System.Management.ni.dll MOD - [2013.01.10 08:41:00 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll MOD - [2013.01.10 08:40:31 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll MOD - [2013.01.10 08:40:19 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll MOD - [2013.01.10 08:40:13 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll MOD - [2013.01.10 08:40:01 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll MOD - [2013.01.10 08:40:00 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll MOD - [2013.01.10 08:39:43 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll MOD - [2013.01.10 00:38:03 | 018,002,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\14f511c47523f19ca591eb207e9e2084\PresentationFramework.ni.dll MOD - [2013.01.10 00:37:51 | 011,451,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\e10fd15441d278c04a03302880a3e231\PresentationCore.ni.dll MOD - [2013.01.10 00:37:45 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\dfeff31ab1e7cd3480c8942290c92f5d\PresentationFramework.Aero.ni.dll MOD - [2013.01.10 00:37:44 | 007,069,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\27dcf04ed7a3506045597c02a5a1fc31\System.Core.ni.dll MOD - [2013.01.10 00:37:43 | 001,667,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\b573c6a62bb88df0ee2af59b6a8ca910\System.Drawing.ni.dll MOD - [2013.01.10 00:37:41 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\43cd41484df96d15df949eb17dd88152\System.Xml.ni.dll MOD - [2013.01.10 00:37:41 | 003,858,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\7a9ff5ce3a909d075179a2ac70d8f388\WindowsBase.ni.dll MOD - [2013.01.10 00:37:39 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\5de5d8c1c02e33789e3cf7e3f54c0ec9\System.Configuration.ni.dll MOD - [2013.01.10 00:37:38 | 009,094,656 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\15872842e3e63ddf0f720f406706198e\System.ni.dll MOD - [2013.01.10 00:37:33 | 014,412,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3f95a6d480ed1ebe45cf27b770ba94ed\mscorlib.ni.dll MOD - [2010.11.13 01:19:04 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2010.07.04 23:32:38 | 000,010,752 | ---- | M] () -- C:\Programme\Unlocker\UnlockerCOM.dll MOD - [2010.07.04 23:32:36 | 000,004,608 | ---- | M] () -- C:\Programme\Unlocker\UnlockerHook.dll MOD - [2010.07.04 21:51:26 | 000,017,408 | ---- | M] () -- C:\Programme\Unlocker\UnlockerAssistant.exe MOD - [2009.11.04 02:14:04 | 000,054,272 | ---- | M] () -- E:\_Progs\Notepad++\NppShell_01.dll MOD - [2009.07.20 13:27:14 | 000,017,936 | ---- | M] () -- E:\_Progs\Logitech\SetPoint\khalwrapper.dll MOD - [2006.04.18 19:15:22 | 000,126,464 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll MOD - [2004.09.30 19:09:36 | 000,155,648 | ---- | M] () -- C:\Programme\LinkShellExtension\RockallDLL.dll ========== Services (SafeList) ========== SRV - [2013.04.23 21:29:14 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2013.04.23 21:28:27 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2013.04.19 23:10:50 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2013.04.12 15:55:36 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.12.19 21:55:48 | 000,219,136 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility) SRV - [2012.12.18 21:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.12.14 11:17:04 | 003,467,768 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Programme\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8) SRV - [2012.11.19 22:48:14 | 001,435,568 | ---- | M] (LogMeIn Inc.) [On_Demand | Stopped] -- E:\_Progs\Hamachi\hamachi-2.exe -- (Hamachi2Svc) SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.04.11 02:06:10 | 000,077,520 | ---- | M] () [On_Demand | Stopped] -- E:\_Progs\Hotspot Shield\bin\HSSTrayService.exe -- (HssTrayService) SRV - [2012.04.11 01:59:14 | 000,542,552 | ---- | M] () [Auto | Running] -- E:\_Progs\Hotspot Shield\bin\openvpnas.exe -- (hshld) SRV - [2012.04.02 20:46:58 | 000,329,544 | ---- | M] () [Auto | Running] -- E:\_Progs\Hotspot Shield\bin\hsswd.exe -- (HssWd) SRV - [2012.03.23 14:25:24 | 000,087,040 | ---- | M] () [Auto | Running] -- C:\Programme\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service) SRV - [2011.11.15 20:26:48 | 000,363,336 | ---- | M] (AnchorFree Inc.) [Auto | Running] -- E:\_Progs\Hotspot Shield\HssWPR\hsssrv.exe -- (HssSrv) SRV - [2011.11.15 01:49:06 | 000,032,768 | ---- | M] (STRATO) [Auto | Running] -- C:\Programme\STRATO AG\STRATO HiDrive\STRATO HiDrive Service.exe -- (STRATO HiDrive Service) SRV - [2011.07.20 06:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2010.09.23 01:21:24 | 001,493,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Live\Family Safety\fsssvc.exe -- (fsssvc) SRV - [2010.09.22 17:33:04 | 000,051,040 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV - [2010.09.21 15:03:14 | 001,710,464 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2009.12.12 01:47:44 | 000,036,352 | ---- | M] () [On_Demand | Stopped] -- E:\_Progs\OpenVPN\bin\openvpnserv.exe -- (OpenVPNService) SRV - [2009.10.02 14:26:12 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2009.09.23 14:38:18 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Programme\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0) SRV - [2009.07.20 13:28:10 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ) SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007.05.31 10:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2007.05.31 10:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nmserial.sys -- (nmserial) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\NmPar.sys -- (NmPar) DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\Michael\AppData\Local\Temp\kxdiypoc.sys -- (kxdiypoc) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Michael\AppData\Local\Temp\cpuz135\cpuz135_x32.sys -- (cpuz135) DRV - [2013.04.23 21:29:39 | 000,135,136 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2013.04.23 21:29:39 | 000,084,744 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2013.04.23 21:29:39 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2013.04.23 21:29:39 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2013.03.18 09:28:41 | 000,124,504 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AnyDVD.sys -- (AnyDVD) DRV - [2012.12.19 22:47:46 | 009,647,104 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2012.12.19 22:47:46 | 009,647,104 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag) DRV - [2012.12.19 21:32:06 | 000,442,368 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap) DRV - [2012.11.06 13:11:46 | 000,084,992 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtihdW73.sys -- (AtiHDAudioService) DRV - [2012.08.23 16:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV - [2012.08.23 16:40:25 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2012.04.11 17:40:28 | 000,037,376 | ---- | M] (AnchorFree Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HssDrv.sys -- (HssDrv) DRV - [2012.03.26 23:45:14 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\taphss.sys -- (taphss) DRV - [2011.11.21 13:02:20 | 000,144,896 | ---- | M] (1&1 Mail & Media GmbH) [File_System | System | Running] -- C:\Windows\System32\drivers\uiwbrdr.SYS -- (uiwbrdr) DRV - [2010.12.08 12:53:18 | 000,841,912 | ---- | M] (<Turtle Entertainment>) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\ESLWireACD.sys -- (ESLWireAC) DRV - [2010.12.08 12:53:18 | 000,024,504 | ---- | M] (Turtle Entertainment GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ESLvnic.sys -- (ESLvnic1) DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WINUSB) DRV - [2010.11.19 04:34:14 | 000,141,568 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nusb3xhc.sys -- (nusb3xhc) DRV - [2010.11.19 04:34:12 | 000,062,208 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nusb3hub.sys -- (nusb3hub) DRV - [2010.11.10 03:49:50 | 004,323,040 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC) DRV - [2010.11.10 03:48:12 | 000,283,744 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS) DRV - [2010.07.04 21:51:26 | 000,004,096 | ---- | M] () [Kernel | Unavailable | Unknown] -- C:\Programme\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5) DRV - [2010.06.23 10:24:56 | 000,023,040 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\htcnprot.sys -- (htcnprot) DRV - [2010.02.01 20:17:11 | 000,014,416 | ---- | M] (OpenLibSys.org) [Kernel | Auto | Running] -- C:\Users\Michael\AppData\Local\Microsoft\Windows Sidebar\Gadgets\IntelCoreSeries23.gadget\WinRing0.sys -- (WinRing0_1_2_0) DRV - [2009.12.12 01:48:04 | 000,025,984 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tap0901.sys -- (tap0901) DRV - [2009.12.02 16:01:06 | 000,168,480 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtHDMIV.sys -- (RTHDMIAzAudService) DRV - [2009.11.23 18:37:18 | 000,014,856 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LGVirHid.sys -- (LGVirHid) DRV - [2009.11.23 18:37:08 | 000,019,720 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LGBusEnum.sys -- (LGBusEnum) DRV - [2009.11.23 15:43:42 | 000,099,440 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\jraid.sys -- (JRAID) DRV - [2009.10.26 13:39:04 | 000,125,696 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Impcd.sys -- (Impcd) DRV - [2009.10.26 08:54:24 | 000,025,088 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ANDROIDUSB.sys -- (HTCAND32) DRV - [2009.08.04 17:44:14 | 000,213,024 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32) DRV - [2009.08.04 17:44:12 | 000,139,296 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvrd32.sys -- (nvrd32) DRV - [2009.07.17 01:51:52 | 000,024,608 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvamacpi.sys -- (nvamacpi) DRV - [2009.07.15 12:01:52 | 000,023,568 | ---- | M] (TechniSat Provide) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MtsHID.sys -- (MtsHID) DRV - [2009.07.14 02:18:07 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice) DRV - [2009.06.29 00:36:36 | 000,017,920 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu) DRV - [2009.06.17 18:56:32 | 000,028,560 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LUsbFilt.sys -- (LUsbFilt) DRV - [2009.06.17 18:56:16 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt) DRV - [2009.06.17 18:56:06 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt) DRV - [2009.05.13 19:11:34 | 000,006,504 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor) DRV - [2009.03.18 17:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi) DRV - [2008.05.22 18:34:50 | 000,066,560 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PciIsaSerial.sys -- (PciIsaSerial) DRV - [2008.05.22 18:33:44 | 000,081,920 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PciPPorts.sys -- (PciPPorts) DRV - [2008.05.22 18:31:16 | 000,115,712 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PciSPorts.sys -- (PciSPorts) DRV - [2008.02.20 17:18:26 | 000,113,664 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SPorts.sys -- (SPorts) DRV - [2008.02.20 17:16:42 | 000,081,920 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PPorts.sys -- (PPorts) DRV - [2008.02.20 17:13:38 | 000,066,560 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ISASerial.sys -- (ISASerial) DRV - [2007.10.12 03:40:00 | 000,010,632 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\amdide.sys -- (amdide) DRV - [2007.06.29 14:47:34 | 000,034,304 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AmdLLD.sys -- (AmdLLD) DRV - [2006.03.01 19:51:15 | 000,051,200 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\sfdrv01.sys -- (sfdrv01) DRV - [2006.02.14 16:48:36 | 000,006,656 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfhlp02.sys -- (sfhlp02) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1532135892-3855911322-312043348-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-1532135892-3855911322-312043348-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKU\S-1-5-21-1532135892-3855911322-312043348-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0A C1 1F D5 80 05 CE 01 [binary data] IE - HKU\S-1-5-21-1532135892-3855911322-312043348-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-1532135892-3855911322-312043348-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-1532135892-3855911322-312043348-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "LEO Eng-Deu" FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledAddons: SQLiteManager%40mrinalkant.blogspot.com:0.7.7 FF - prefs.js..extensions.enabledAddons: %7BD4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389%7D:0.9.10 FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.14 FF - prefs.js..extensions.enabledAddons: %7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:1.8 FF - prefs.js..extensions.enabledAddons: %7Ba7c6cf7f-112c-4500-a7ea-39801a327e5f%7D:2.0.13 FF - prefs.js..extensions.enabledAddons: %7Bdc572301-7619-498c-a57d-39143191b318%7D:0.4.1.0pre.130408a FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0038-ABCDEFFEDCBA%7D:6.0.38 FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.6 FF - prefs.js..extensions.enabledAddons: youtubeunblocker%40unblocker.yt:0.4.0 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6 FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.8 FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6 FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.10 FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.1.0.2 FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.5 FF - prefs.js..extensions.enabledItems: byos@xmarks.com:1.0.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: battlefieldheroespatcher@ea.com:5.0.23.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: SQLiteManager@mrinalkant.blogspot.com:0.6.8 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_169.dll () FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.0: C:\Program Files\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll File not found FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.104.0: C:\Program Files\Battlelog Web Plugins\1.104.0\npesnlaunch.dll File not found FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.116.0: C:\Program Files\Battlelog Web Plugins\1.116.0\npesnlaunch.dll File not found FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.122.0: C:\Program Files\Battlelog Web Plugins\1.122.0\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.96.0: C:\Program Files\Battlelog Web Plugins\1.96.0\npesnlaunch.dll File not found FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.3: C:\Program Files\Battlelog Web Plugins\2.1.3\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Michael\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.04.12 15:55:36 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.04.12 15:55:34 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.04.12 15:55:36 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.04.12 15:55:34 | 000,000,000 | ---D | M] [2010.01.30 12:49:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michael\AppData\Roaming\mozilla\Extensions [2013.04.18 07:02:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michael\AppData\Roaming\mozilla\Firefox\Profiles\ob0cnat2.default\extensions [2013.02.25 17:36:05 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Michael\AppData\Roaming\mozilla\Firefox\Profiles\ob0cnat2.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2010.07.18 19:34:06 | 000,000,000 | ---D | M] (Battlefield Heroes Updater) -- C:\Users\Michael\AppData\Roaming\mozilla\Firefox\Profiles\ob0cnat2.default\extensions\battlefieldheroespatcher@ea.com [2010.01.30 14:34:42 | 000,000,000 | ---D | M] ("Xmarks BYOS Edition") -- C:\Users\Michael\AppData\Roaming\mozilla\Firefox\Profiles\ob0cnat2.default\extensions\byos@xmarks.com [2011.11.25 07:43:23 | 000,255,318 | ---- | M] () (No name found) -- C:\Users\Michael\AppData\Roaming\mozilla\firefox\profiles\ob0cnat2.default\extensions\SQLiteManager@mrinalkant.blogspot.com.xpi [2013.04.18 07:02:47 | 000,005,429 | ---- | M] () (No name found) -- C:\Users\Michael\AppData\Roaming\mozilla\firefox\profiles\ob0cnat2.default\extensions\youtubeunblocker@unblocker.yt.xpi [2013.04.16 23:56:12 | 000,532,430 | ---- | M] () (No name found) -- C:\Users\Michael\AppData\Roaming\mozilla\firefox\profiles\ob0cnat2.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013.03.04 12:04:55 | 000,872,587 | ---- | M] () (No name found) -- C:\Users\Michael\AppData\Roaming\mozilla\firefox\profiles\ob0cnat2.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi [2013.02.14 20:28:18 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\Michael\AppData\Roaming\mozilla\firefox\profiles\ob0cnat2.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011.10.30 07:38:01 | 000,434,392 | ---- | M] () (No name found) -- C:\Users\Michael\AppData\Roaming\mozilla\firefox\profiles\ob0cnat2.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi [2013.04.09 20:10:30 | 000,812,702 | ---- | M] () (No name found) -- C:\Users\Michael\AppData\Roaming\mozilla\firefox\profiles\ob0cnat2.default\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2013.03.01 17:47:14 | 000,269,007 | ---- | M] () (No name found) -- C:\Users\Michael\AppData\Roaming\mozilla\firefox\profiles\ob0cnat2.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2013.04.12 15:55:34 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2013.04.12 15:55:34 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013.04.12 15:55:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2013.04.12 15:55:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA} [2013.04.12 15:55:34 | 000,000,000 | ---D | M] (Hotspot Shield Helper (Please allow this installation)) -- C:\Programme\Mozilla Firefox\extensions\afurladvisor@anchorfree.com [2013.04.12 15:55:34 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA} [2013.04.12 15:55:36 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011.04.25 09:38:48 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.08.30 23:14:30 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2011.04.25 09:38:48 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2011.04.25 09:38:48 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2011.04.25 09:38:48 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2011.04.25 09:38:48 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 21:34:04 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (ExplorerBHO Class) - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Programme\Classic Shell\ClassicExplorer32.dll (IvoSoft) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - E:\_Progs\Hotspot Shield\HssIE\HssIE.dll (AnchorFree Inc.) O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - E:\_Progs\Drucker-Canon\Easy-WebPrint\Toolband.dll () O3 - HKLM\..\Toolbar: (Classic Explorer Bar) - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Programme\Classic Shell\ClassicExplorer32.dll (IvoSoft) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4 - HKLM..\Run: [amd_dc_opt] C:\Programme\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD) O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [BrStsWnd] C:\Program Files\Brownie\BrstsWnd.exe (brother) O4 - HKLM..\Run: [IAStorIcon] C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.) O4 - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.) O4 - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.) O4 - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.) O4 - HKLM..\Run: [NUSB3MON] C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe () O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdcBase.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-1532135892-3855911322-312043348-1000..\Run: [HydraVisionDesktopManager] C:\Program Files\ATI Technologies\HydraVision\HydraDM.exe (AMD) O4 - HKU\S-1-5-21-1532135892-3855911322-312043348-1000..\Run: [PureSync] C:\Programme\PureSync\PureSyncTray.exe (Jumping Bytes) O4 - HKU\S-1-5-21-1532135892-3855911322-312043348-1000..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-1532135892-3855911322-312043348-1000..\Run: [RGSC] E:\_Spiele\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent File not found O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: Client auf Monitor & öffnen1 - C:\Windows\web\AOpenClient.htm File not found O8 - Extra context menu item: Client auf Monitor & öffnen2 - C:\Windows\web\AOpenClient.htm File not found O8 - Extra context menu item: Easy-WebPrint - Drucken - E:\_Progs\Drucker-Canon\Easy-WebPrint\Resource.dll () O8 - Extra context menu item: Easy-WebPrint - Schnelldruck - E:\_Progs\Drucker-Canon\Easy-WebPrint\Resource.dll () O8 - Extra context menu item: Easy-WebPrint - Vorschau - E:\_Progs\Drucker-Canon\Easy-WebPrint\Resource.dll () O8 - Extra context menu item: Easy-WebPrint - Zu Druckliste hinzufügen - E:\_Progs\Drucker-Canon\Easy-WebPrint\Resource.dll () O8 - Extra context menu item: Nach Microsoft &Excel exportieren - E:\_Progs\MS-Outlook\OFFICE11\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\MS Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation) O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\MS Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\MS Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\_Progs\MS-Outlook\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab (Java Plug-in 1.6.0_38) O16 - DPF: {CAFEEFAC-0017-0000-0011-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab (Java Plug-in 1.7.0_11) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab (Java Plug-in 10.21.2) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{699497B8-7B58-4CC8-8EB5-F9D368F4EC39}: NameServer = 192.168.1.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.04.25 23:35:52 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\Malwarebytes [2013.04.25 23:35:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.04.25 23:35:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.04.25 23:35:43 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2013.04.25 23:35:43 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2013.04.25 23:35:26 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\Programs [2013.04.23 21:39:31 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\Avira [2013.04.23 21:34:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2013.04.23 21:34:02 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys [2013.04.23 21:34:01 | 000,135,136 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys [2013.04.23 21:34:01 | 000,084,744 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys [2013.04.23 21:34:01 | 000,037,352 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys [2013.04.23 21:34:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2013.04.23 21:34:00 | 000,000,000 | ---D | C] -- C:\Program Files\Avira [2013.04.21 23:14:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2013.04.21 23:14:49 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll [2013.04.12 15:55:33 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2013.04.11 17:30:47 | 000,000,000 | ---D | C] -- C:\Program Files\LinkShellExtension [2013.04.11 17:30:47 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Link Shell Extension [2013.04.11 17:30:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Link Shell Extension [2013.04.10 23:42:47 | 002,706,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2013.04.10 23:42:46 | 002,877,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2013.04.10 23:42:46 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2013.04.10 23:42:46 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2013.04.10 23:42:45 | 000,493,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2013.04.10 23:42:45 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2013.04.10 23:42:45 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2013.04.10 23:42:45 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe [2013.04.10 23:42:45 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2013.04.10 23:42:45 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2013.04.10 15:48:09 | 003,913,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2013.04.10 15:48:09 | 002,347,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2013.04.10 15:48:08 | 003,968,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2013.04.10 15:48:08 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll [4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 G:\EigeneDats\Eigene Dokumente\*.tmp files -> G:\EigeneDats\Eigene Dokumente\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.04.26 05:45:55 | 000,014,608 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.04.26 05:45:55 | 000,014,608 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.04.26 05:43:44 | 020,813,474 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.04.26 05:43:44 | 003,754,426 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.04.26 05:43:44 | 003,317,086 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.04.26 05:43:43 | 006,415,980 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.04.26 05:39:04 | 000,000,259 | ---- | M] () -- C:\Windows\Brownie.ini [2013.04.26 05:38:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.04.26 05:38:38 | 2814,996,480 | -HS- | M] () -- C:\hiberfil.sys [2013.04.25 23:35:45 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.04.25 23:27:00 | 000,000,000 | ---- | M] () -- C:\Users\Michael\defogger_reenable [2013.04.23 21:29:39 | 000,135,136 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys [2013.04.23 21:29:39 | 000,084,744 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys [2013.04.23 21:29:39 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys [2013.04.23 21:29:39 | 000,028,520 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys [2013.04.21 23:14:45 | 000,866,720 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npdeployJava1.dll [2013.04.21 23:14:45 | 000,788,896 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll [2013.04.21 23:14:45 | 000,263,584 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe [2013.04.21 23:14:45 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe [2013.04.21 23:14:45 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe [2013.04.21 23:14:45 | 000,094,112 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll [2013.04.20 01:19:00 | 000,082,432 | ---- | M] () -- C:\Users\Michael\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2013.04.18 07:29:51 | 000,000,880 | ---- | M] () -- C:\Users\Public\Desktop\LEGO Digital Designer.lnk [2013.04.17 21:54:03 | 000,137,992 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2013.04.17 21:53:55 | 000,291,088 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr [2013.04.17 21:53:49 | 000,280,904 | ---- | M] () -- C:\Windows\System32\PnkBstrB.ex0 [2013.04.16 23:42:58 | 000,000,637 | ---- | M] () -- C:\Users\Public\Desktop\AnyDVD.lnk [2013.04.13 22:07:00 | 000,000,029 | ---- | M] () -- C:\Users\Michael\AppData\Roaming\default.rss [2013.04.13 10:49:48 | 000,691,592 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2013.04.13 10:49:48 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2013.04.11 17:50:38 | 000,138,056 | ---- | M] () -- C:\Users\Michael\AppData\Roaming\PnkBstrK.sys [2013.04.11 16:04:27 | 000,320,384 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2013.04.10 15:44:51 | 000,000,021 | ---- | M] () -- C:\Users\Michael\SciTE.session [2013.04.10 15:44:51 | 000,000,000 | ---- | M] () -- C:\Users\Michael\SciTE.recent [2013.04.04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 G:\EigeneDats\Eigene Dokumente\*.tmp files -> G:\EigeneDats\Eigene Dokumente\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.04.25 23:35:45 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.04.25 23:27:00 | 000,000,000 | ---- | C] () -- C:\Users\Michael\defogger_reenable [2013.04.11 17:50:53 | 000,137,992 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2013.04.11 17:50:06 | 000,291,088 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe [2013.04.11 17:49:51 | 000,076,888 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe [2013.04.10 15:51:04 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk [2012.12.19 21:42:42 | 000,204,952 | ---- | C] () -- C:\Windows\System32\ativvsvl.dat [2012.12.19 21:42:42 | 000,157,144 | ---- | C] () -- C:\Windows\System32\ativvsva.dat [2012.12.19 16:45:04 | 000,180,224 | ---- | C] () -- C:\Windows\System32\clinfo.exe [2012.12.18 18:44:17 | 000,000,011 | ---- | C] () -- C:\ProgramData\.tv7 [2012.11.29 17:40:02 | 000,662,786 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2012.11.28 00:39:02 | 000,000,017 | ---- | C] () -- C:\Users\Michael\AppData\Local\resmon.resmoncfg [2012.11.14 01:38:11 | 000,000,021 | ---- | C] () -- C:\Users\Michael\SciTE.session [2012.11.14 01:38:11 | 000,000,000 | ---- | C] () -- C:\Users\Michael\SciTE.recent [2012.10.13 19:27:27 | 000,001,476 | ---- | C] () -- C:\Users\Michael\.heldEinstellungen.xml [2012.09.19 21:09:40 | 000,076,660 | ---- | C] () -- C:\Windows\System32\ativce02.dat [2012.09.04 17:20:18 | 000,228,528 | ---- | C] () -- C:\Windows\System32\ativvaxy_cik_nd.dat [2012.09.04 17:20:18 | 000,228,528 | ---- | C] () -- C:\Windows\System32\ativvaxy_cik.dat [2012.05.02 14:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\System32\kdbsdk32.dll [2011.09.28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat [2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\System32\atipblag.dat [2011.07.08 20:44:39 | 002,580,552 | ---- | C] () -- C:\Windows\System32\pbsvc.exe [2010.12.24 14:03:51 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010.12.21 19:56:03 | 000,000,000 | ---- | C] () -- C:\Users\Michael\AppData\Roaming\downloads.m3u [2010.08.28 12:14:38 | 000,018,247 | ---- | C] () -- C:\Users\Michael\.heldEinstellungen4_1.xml [2010.08.28 12:14:38 | 000,000,466 | ---- | C] () -- C:\Users\Michael\.dsa4.properties [2010.07.01 23:20:05 | 000,107,423 | ---- | C] () -- C:\Users\Michael\AppData\Roaming\icarus-dxdiag.xml [2010.05.04 18:05:36 | 000,138,056 | ---- | C] () -- C:\Users\Michael\AppData\Roaming\PnkBstrK.sys [2010.02.24 22:06:43 | 000,000,029 | ---- | C] () -- C:\Users\Michael\AppData\Roaming\default.rss [2010.02.04 19:49:07 | 000,000,040 | -HS- | C] () -- C:\Users\Michael\AppData\Roaming\.zreglib [2010.02.01 17:28:38 | 000,082,432 | ---- | C] () -- C:\Users\Michael\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.01.29 19:27:32 | 000,000,095 | ---- | C] () -- C:\Users\Michael\AppData\Local\fusioncache.dat ========== ZeroAccess Check ========== [2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2012.08.21 15:37:44 | 000,636,928 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2012.08.21 15:34:24 | 000,351,744 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== Alternate Data Streams ========== @Alternate Data Stream - 56161 bytes -> C:\ProgramData:$SS_DESCRIPTOR_LVVWVBGV0VFBTLX4D06YH7LVUTPXGJMBKE1R0WT1VH7E24F7PHCTVF4VMVFVVX4VM < End of report > Code:
ATTFilter D:\!Zeugs-Archiv\!-Fallout3\_chars\fallout3d.7z Win32/Virut.NBP virus
D:\!Zeugs-Archiv\!-Fallout3\_chars\FalloutLauncher.exe Win32/Virut.NBP virus
E:\Eigene Dateien\Themes - XP\Logon_Loader_2.1.0.zip probably a variant of Win32/Agent.FKDGRUQ trojan
E:\Platte-E\Eigene Dateien\Themes - XP\Logon_Loader_2.1.0.zip probably a variant of Win32/Agent.FKDGRUQ trojan
G:\downloads\GAmes\mechwarrior4mercenaries.all.to.51.03.01.0017.mtx probably a variant of Win32/StartPage.ENQZNMK trojan
G:\EigeneDats\Eigene Dokumente\Themes - XP\Logon_Loader_2.1.0.zip probably a variant of Win32/Agent.FKDGRUQ trojan
G:\MUFK2010\Backup Set 2011-02-20 093224\Backup Files 2011-02-20 093224\Backup files 281.zip probably a variant of Win32/Agent.FKDGRUQ trojan
I:\PDA\!Android\SD-Backup 2013-Feb\TitaniumBackup\com.outfit7.talkingnewsfree-fb6a42b16abb3d2360d7a4d2c7ba0409.apk.gz a variant of Android/Adware.Youmi.B application
I:\PDA\!Android\SD-Backup 2013-Feb\TitaniumBackup\com.outfit7.tomlovesangelafree-96db594983a7d47179800b9c4f9af21d.apk.gz a variant of Android/Adware.Youmi.B application
R1: Code:
ATTFilter # AdwCleaner v2.202 - Datei am 26/04/2013 um 16:52:39 erstellt
# Aktualisiert am 23/04/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Benutzer : Michael - MUFK2010
# Bootmodus : Normal
# Ausgeführt unter : G:\downloads\!Trojanerkiller\adwcleaner.exe
# Option [Suche]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gefunden : C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\QuickStores.url
Ordner Gefunden : C:\Program Files\Common Files\DVDVideoSoft\TB
Ordner Gefunden : C:\Program Files\Mozilla Firefox\Extensions\afurladvisor@anchorfree.com
Ordner Gefunden : C:\ProgramData\Tarma Installer
Ordner Gefunden : C:\Users\Michael\AppData\Roaming\QuickStoresToolbar
Ordner Gefunden : C:\Windows\assembly\GAC_MSIL\QuickStoresToolbar
***** [Registrierungsdatenbank] *****
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{10EDB994-47F8-43F7-AE96-F2EA63E9F90F}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{10EDB994-47F8-43F7-AE96-F2EA63E9F90F}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{10EDB994-47F8-43F7-AE96-F2EA63E9F90F}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\toolband.eb_explorerbar
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\toolband.eb_explorerbar.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\toolband.ipm_printlistitem
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\toolband.ipm_printlistitem.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\toolband.pm_launcher
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\toolband.pm_launcher.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\toolband.pm_printmanager
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\toolband.pm_printmanager.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\toolband.pr_bindstatuscallback
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\toolband.pr_bindstatuscallback.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\toolband.pr_cancelbuttoneventhandler
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\toolband.pr_cancelbuttoneventhandler.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\toolband.tbtoolband
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\toolband.tbtoolband.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\toolband.useroptions
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\toolband.useroptions.1
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10EDB994-47F8-43F7-AE96-F2EA63E9F90F}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\QuickStores-Toolbar_is1
Schlüssel Gefunden : HKLM\Software\Tarma Installer
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{10EDB994-47F8-43F7-AE96-F2EA63E9F90F}]
***** [Internet Browser] *****
-\\ Internet Explorer v10.0.9200.16537
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v20.0.1 (de)
Datei : C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\ob0cnat2.default\prefs.js
[OK] Die Datei ist sauber.
*************************
AdwCleaner[R1].txt - [3671 octets] - [26/04/2013 16:52:39]
########## EOF - C:\AdwCleaner[R1].txt - [3731 octets] ##########
Code:
ATTFilter # AdwCleaner v2.202 - Datei am 26/04/2013 um 16:54:19 erstellt
# Aktualisiert am 23/04/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Benutzer : Michael - MUFK2010
# Bootmodus : Normal
# Ausgeführt unter : G:\downloads\!Trojanerkiller\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\QuickStores.url
Ordner Gelöscht : C:\Program Files\Common Files\DVDVideoSoft\TB
Ordner Gelöscht : C:\Program Files\Mozilla Firefox\Extensions\afurladvisor@anchorfree.com
Ordner Gelöscht : C:\ProgramData\Tarma Installer
Ordner Gelöscht : C:\Users\Michael\AppData\Roaming\QuickStoresToolbar
Ordner Gelöscht : C:\Windows\assembly\GAC_MSIL\QuickStoresToolbar
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{10EDB994-47F8-43F7-AE96-F2EA63E9F90F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{10EDB994-47F8-43F7-AE96-F2EA63E9F90F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{10EDB994-47F8-43F7-AE96-F2EA63E9F90F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\toolband.eb_explorerbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\toolband.eb_explorerbar.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\toolband.ipm_printlistitem
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\toolband.ipm_printlistitem.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\toolband.pm_launcher
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\toolband.pm_launcher.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\toolband.pm_printmanager
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\toolband.pm_printmanager.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\toolband.pr_bindstatuscallback
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\toolband.pr_bindstatuscallback.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\toolband.pr_cancelbuttoneventhandler
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\toolband.pr_cancelbuttoneventhandler.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\toolband.tbtoolband
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\toolband.tbtoolband.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\toolband.useroptions
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\toolband.useroptions.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10EDB994-47F8-43F7-AE96-F2EA63E9F90F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\QuickStores-Toolbar_is1
Schlüssel Gelöscht : HKLM\Software\Tarma Installer
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{10EDB994-47F8-43F7-AE96-F2EA63E9F90F}]
***** [Internet Browser] *****
-\\ Internet Explorer v10.0.9200.16537
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v20.0.1 (de)
Datei : C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\ob0cnat2.default\prefs.js
[OK] Die Datei ist sauber.
*************************
AdwCleaner[R1].txt - [3800 octets] - [26/04/2013 16:52:39]
AdwCleaner[S1].txt - [3733 octets] - [26/04/2013 16:54:19]
########## EOF - C:\AdwCleaner[S1].txt - [3793 octets] ##########
Bei diesem Rechner muss ich dazu schreiben, dass hier eine Windows-Neuinstallation fest eingeplant ist. Ich möchte "nur" sichergehen keine Überbleibsel von Schadsoftware mitzunehmen. gibt es aufgrund der Logfiles da Bedenken? |
|
27.04.2013, 17:55
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Des Dramas dritter Teil: Warnung der Telekom vor Zeus/ZBot Hallo,
__________________Zitat:
Warum bewahst du offensichtlich illegalen Krempel auf? Das von Fallout zB sieht mir nach nem Crack oder einer gecrackten Version aus.
__________________ |
|
27.04.2013, 19:43
| #3 |
| | Des Dramas dritter Teil: Warnung der Telekom vor Zeus/ZBot Krempel ja, illegal nein.
__________________Ich kann deine Bedenken verstehen, allerdings sind das keine cracks sondern war/ist ein Programm das Fallout dazu bringen soll mehr als 2gb Ram nutzen zu können oder den Sartupscreen zu ändern ... ich weiss ehrlich gesagt nicht mehr was davon. (dort nach "launcher suchen" : hxxp://fallout3.nexusmods.com/mods/searchresults/?src_cat=59 ) Der XP logon loader war dazu da um den start-screen zu ändern und MechWarrior Merceneraries gibt es als legalen download z.B. von mektek.com Allerdings sind alle Dateien inzwischen entfernt, da alter Krempel und schon lange nicht mehr in Gebrauch... |
|
| Themen zu Des Dramas dritter Teil: Warnung der Telekom vor Zeus/ZBot |
| abuse-team, android/adware.youmi.b, antivir, application.joke, computer, desktop, ebanking, ebay, entfernen, hotspot, installation, internet browser, kunde, launch, logfile, mozilla, netzwerk, plug-in, registrierungsdatenbank, registry, scan, sicherheitsexperten, software, tarma, unterbinden, usb, win32/agent.fkdgruq, win32/startpage.enqznmk, win32/virut.nbp, zeus/zbot warnung von der telekom |
Linear-Darstellung
