| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: "System Care Antivirus" eingefangenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
11.05.2013, 21:39
| #1 |
| |  "System Care Antivirus" eingefangen Guten Abend Leute! Gestern hat es mich erwischt. Während des Surfens im Internet, schloss sich auf einmal der Browser und ein Programm mit dem Namen "System Care Antivirus" hat sich bei mir ungefragt installiert und blockierte von nun an sämtliche Aktivitäten. Desweiteren war auf einmal der USB Hub von meinem Dell Monitor, an dem der USB Tastatur/ Maus Empfänger hing, weg. D.h. ich hatte keine Tastatur und Maus mehr. Ich surfte nach diesem Problem, das wohl leider sehr viele haben. Im Netz wurde empfohlen einen Registrierungscode einzugeben um damit das Programm zu aktivieren. Danach sollte man es via Systemsteuerung deinstallieren. Das habe ich getan und das Programm ist weg. Ich bin mir aber nicht sicher, ob es das jetzt war und habe deshalb folgende Logs beigefügt. Ich würde mich sehr freuen wenn jemand mal drüber schauen könnte und mir sagen kann ob mit meinem Rechner wieder alles ok ist. Vielen Dank! Gruß dover OTL Logfile: Code:
ATTFilter OTL logfile created on: 11.05.2013 21:52:48 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Gott\Downloads 64bit- Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16540) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,70 Gb Total Physical Memory | 6,42 Gb Available Physical Memory | 83,39% Memory free 15,40 Gb Paging File | 14,04 Gb Available in Paging File | 91,18% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 48,73 Gb Total Space | 8,91 Gb Free Space | 18,29% Space Free | Partition Type: NTFS Drive D: | 97,65 Gb Total Space | 54,73 Gb Free Space | 56,05% Space Free | Partition Type: NTFS Drive E: | 19,53 Gb Total Space | 15,71 Gb Free Space | 80,41% Space Free | Partition Type: NTFS Drive F: | 48,83 Gb Total Space | 14,95 Gb Free Space | 30,62% Space Free | Partition Type: NTFS Drive G: | 97,65 Gb Total Space | 9,72 Gb Free Space | 9,95% Space Free | Partition Type: NTFS Drive H: | 37,57 Gb Total Space | 24,33 Gb Free Space | 64,74% Space Free | Partition Type: NTFS Drive I: | 549,94 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: HOMEOFFICE | User Name: Gott | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.05.11 21:47:48 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Gott\Downloads\OTL.exe PRC - [2013.03.06 17:30:43 | 003,560,288 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe PRC - [2012.12.18 16:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.12.17 17:14:14 | 000,059,872 | ---- | M] (Apple Inc.) -- E:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe PRC - [2012.12.17 16:48:14 | 000,059,872 | ---- | M] (Apple Inc.) -- E:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe PRC - [2012.11.28 14:13:16 | 000,059,280 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe PRC - [2012.11.13 15:07:24 | 000,168,384 | ---- | M] (Safer-Networking Ltd.) -- E:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe PRC - [2012.11.13 15:07:20 | 001,369,624 | ---- | M] (Safer-Networking Ltd.) -- E:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe PRC - [2012.11.13 15:07:16 | 001,103,392 | ---- | M] (Safer-Networking Ltd.) -- E:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe PRC - [2012.04.25 19:53:38 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe PRC - [2012.02.27 04:01:56 | 000,291,608 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe PRC - [2011.12.05 21:50:38 | 000,292,736 | ---- | M] (Panasonic Corporation) -- C:\Program Files (x86)\Common Files\Panasonic\HD Writer AutoStart\HDWriterAutoStart.exe PRC - [2011.02.23 22:19:22 | 000,371,200 | ---- | M] (shbox.de) -- C:\Program Files (x86)\FreePDF_XP\fpassist.exe ========== Modules (No Company Name) ========== MOD - [2012.11.28 14:13:52 | 000,087,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2012.11.28 14:13:30 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2011.12.07 20:16:08 | 000,237,056 | ---- | M] () -- C:\Program Files (x86)\Common Files\Panasonic\HD Writer AutoStart\MSResource\MSTextResource.dll ========== Services (SafeList) ========== SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2013.04.12 15:35:29 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.03.13 22:01:23 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.03.06 17:30:43 | 003,560,288 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8) SRV - [2013.02.08 20:30:42 | 000,359,664 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ) SRV - [2012.12.18 16:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.09.20 14:33:22 | 050,899,608 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- E:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service) SRV - [2012.04.25 19:53:38 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe -- (KSS) SRV - [2012.01.12 08:24:26 | 000,274,200 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2010.01.09 21:20:56 | 000,174,440 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose64) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.01.03 10:17:38 | 000,077,192 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt) DRV:64bit: - [2013.01.03 10:17:38 | 000,061,832 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt) DRV:64bit: - [2012.06.12 23:00:48 | 000,726,160 | ---- | M] (Realtek ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.02.27 04:01:00 | 000,788,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc) DRV:64bit: - [2012.02.27 04:01:00 | 000,356,120 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub) DRV:64bit: - [2012.02.27 04:01:00 | 000,016,152 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs) DRV:64bit: - [2012.01.05 13:36:54 | 014,652,768 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2011.12.05 21:23:08 | 000,331,264 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) DRV:64bit: - [2011.11.10 01:04:14 | 000,060,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2011.10.04 17:29:54 | 000,055,952 | ---- | M] (Rovi Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64) DRV:64bit: - [2011.05.13 03:21:04 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm) DRV:64bit: - [2011.05.13 03:21:02 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus) DRV:64bit: - [2011.05.13 03:21:02 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.21 05:24:43 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.21 05:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub) DRV:64bit: - [2010.11.21 05:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc) DRV:64bit: - [2010.11.21 05:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc) DRV:64bit: - [2010.11.21 05:23:48 | 000,034,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt) DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010.11.11 01:11:50 | 000,172,104 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdm.sys -- (sscdmdm) DRV:64bit: - [2010.11.11 01:11:50 | 000,136,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdbus.sys -- (sscdbus) DRV:64bit: - [2010.11.11 01:11:50 | 000,019,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdfl.sys -- (sscdmdfl) DRV:64bit: - [2010.05.25 15:59:24 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadadb.sys -- (androidusb) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 20 EA DD A7 18 24 CE 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.t-online.de/" FF - prefs.js..extensions.enabledAddons: %7B37E4D8EA-8BDA-4831-8EA1-89053939A250%7D:3.0.0.2 FF - prefs.js..extensions.enabledAddons: %7BB17C1C5A-04B1-11DB-9804-B622A1EF5492%7D:1.2.1 FF - prefs.js..extensions.enabledAddons: %7BDDC359D1-844A-42a7-9AA1-88A850A938A8%7D:2.0.16 FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.6.1 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:2.0.3 FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.13 FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:3.0.0.2 FF - prefs.js..extensions.enabledItems: {1acd747e-8470-11db-96a9-00e08161165f}:6.3.7.117 FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2 FF - prefs.js..extensions.enabledItems: 4 FF - prefs.js..extensions.enabledItems: 9 FF - prefs.js..extensions.enabledItems: 1 FF - prefs.js..extensions.enabledItems: omiazad@msn.com:1.0.5 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26 FF - prefs.js..network.proxy.type: 0 FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: D:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: E:\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: E:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: E:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll () FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: D:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: E:\Program Files\java\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F003DA68-8256-4b37-A6C4-350FA04494DF}: C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2013.05.10 23:18:04 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.12 15:35:29 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.04.12 15:35:28 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0\extensions\\Components: D:\Program Files (x86)\Mozilla Thunderbird\components [2012.09.03 20:18:28 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.12 15:35:29 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.04.12 15:35:28 | 000,000,000 | ---D | M] [2012.08.12 16:36:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gott\AppData\Roaming\mozilla\Extensions [2012.08.12 16:36:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gott\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2013.05.08 21:48:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gott\AppData\Roaming\mozilla\Firefox\Profiles\bdydd7wf.default\extensions [2012.08.12 13:43:33 | 000,000,000 | ---D | M] (Tradesignal Online Chart) -- C:\Users\Gott\AppData\Roaming\mozilla\Firefox\Profiles\bdydd7wf.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f} [2012.08.12 13:43:34 | 000,000,000 | ---D | M] (PDF Download) -- C:\Users\Gott\AppData\Roaming\mozilla\Firefox\Profiles\bdydd7wf.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250} [2012.08.12 13:43:32 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Users\Gott\AppData\Roaming\mozilla\Firefox\Profiles\bdydd7wf.default\extensions\firefox@tvunetworks.com [2012.08.12 13:43:33 | 000,000,000 | ---D | M] (Paste and Go 3) -- C:\Users\Gott\AppData\Roaming\mozilla\Firefox\Profiles\bdydd7wf.default\extensions\omiazad@msn.com [2012.08.12 13:43:33 | 000,000,000 | ---D | M] (Real-Debrid - Plugin) -- C:\Users\Gott\AppData\Roaming\mozilla\Firefox\Profiles\bdydd7wf.default\extensions\real@debrid [2013.02.09 22:20:20 | 000,185,839 | ---- | M] () (No name found) -- C:\Users\Gott\AppData\Roaming\mozilla\firefox\profiles\bdydd7wf.default\extensions\stealthyextension@gmail.com.xpi [2013.05.06 20:37:12 | 000,534,214 | ---- | M] () (No name found) -- C:\Users\Gott\AppData\Roaming\mozilla\firefox\profiles\bdydd7wf.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2012.11.29 21:06:04 | 000,009,142 | ---- | M] () (No name found) -- C:\Users\Gott\AppData\Roaming\mozilla\firefox\profiles\bdydd7wf.default\extensions\{94e3aab3-622b-4a0e-8784-f765caefe208}.xpi [2012.12.11 22:08:30 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\Gott\AppData\Roaming\mozilla\firefox\profiles\bdydd7wf.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2012.08.13 17:08:18 | 000,089,442 | ---- | M] () (No name found) -- C:\Users\Gott\AppData\Roaming\mozilla\firefox\profiles\bdydd7wf.default\extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}.xpi [2013.05.08 21:48:34 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\Gott\AppData\Roaming\mozilla\firefox\profiles\bdydd7wf.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013.04.05 20:20:27 | 000,714,654 | ---- | M] () (No name found) -- C:\Users\Gott\AppData\Roaming\mozilla\firefox\profiles\bdydd7wf.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2013.04.12 15:35:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.04.12 15:35:29 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.06.28 17:42:00 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2012.07.14 02:45:08 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.09.19 19:26:02 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.07.14 02:45:08 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.07.14 02:45:08 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.07.14 02:45:08 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.07.14 02:45:07 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: hxxp://www.google.com CHR - Extension: Docs = C:\Users\Gott\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\ CHR - Extension: Google Drive = C:\Users\Gott\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\ CHR - Extension: Google-Suche = C:\Users\Gott\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Logitech SetPoint = C:\Users\Gott\AppData\Local\Google\Chrome\User Data\Default\Extensions\edaibbiobngpbmeonadpbfafbkimjbdd\6.52.74_0\ CHR - Extension: Google Mail = C:\Users\Gott\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - E:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Logitech SetPoint) - {AF949550-9094-4807-95EC-D1C317803333} - C:\Programme\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - E:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\java\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Logitech SetPoint) - {AF949550-9094-4807-95EC-D1C317803333} - C:\Programme\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Program Files\java\bin\jp2ssv.dll (Oracle Corporation) O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de) O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation) O4 - HKCU..\Run: [ApplePhotoStreams] E:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.) O4 - HKCU..\Run: [iCloudServices] E:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.) O4 - HKCU..\Run: [Spybot-S&D Cleaning] E:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe (Safer-Networking Ltd.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - E:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - E:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7092B670-5C98-4630-AA14-CA275AFBB301}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (c:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (E:\Windows\SysWOW64\MPK\mpk.exe) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - E:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2012.11.01 21:00:00 | 000,000,052 | R--- | M] () - I:\autorun.inf -- [ CDFS ] O33 - MountPoints2\{cded4559-e640-11e1-9e29-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{cded4559-e640-11e1-9e29-806e6f6e6963}\Shell\AutoRun\command - "" = I:\start.exe -- [2012.11.01 21:00:00 | 000,087,704 | R--- | M] () O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.05.10 23:45:26 | 000,287,840 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe [2013.05.10 23:45:09 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software [2013.05.10 23:43:25 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software [2013.05.10 23:18:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab [2013.05.10 23:18:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kaspersky Lab [2013.05.10 23:18:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech [2013.05.10 23:18:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Logitech [2013.05.10 23:17:59 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech [2013.05.10 23:17:53 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\LogiShrd [2013.05.10 22:13:39 | 000,000,000 | ---D | C] -- C:\ProgramData\1CD4CBFCA95BC35F00001CD4AF2DC92E [2013.04.12 15:35:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox ========== Files - Modified Within 30 Days ========== [2013.05.11 21:53:29 | 000,023,008 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.05.11 21:53:29 | 000,023,008 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.05.11 21:51:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.05.11 21:51:03 | 1905,102,847 | -HS- | M] () -- C:\hiberfil.sys [2013.05.11 21:28:58 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.05.10 23:45:59 | 001,612,484 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.05.10 23:45:59 | 000,696,620 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.05.10 23:45:59 | 000,651,938 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.05.10 23:45:59 | 000,147,916 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.05.10 23:45:59 | 000,120,870 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.05.10 23:45:26 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt [2013.05.09 10:58:11 | 000,287,840 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe [2013.05.08 21:57:37 | 000,073,461 | ---- | M] () -- C:\Users\Gott\Desktop\4th.jpg [2013.04.22 17:18:48 | 000,001,090 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 8.lnk [2013.04.20 15:34:26 | 004,188,606 | ---- | M] () -- C:\Users\Gott\Desktop\DSC_0251.JPG [2013.04.20 15:34:08 | 003,948,586 | ---- | M] () -- C:\Users\Gott\Desktop\DSC_0250.JPG [2013.04.19 21:43:42 | 000,097,544 | ---- | M] () -- C:\Users\Gott\Desktop\77th.jpg [2013.04.13 00:11:16 | 006,901,059 | ---- | M] () -- C:\Users\Gott\Desktop\DSC_0240.jpg [2013.04.13 00:09:08 | 000,014,336 | ---- | M] () -- C:\Users\Gott\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2013.04.12 14:47:27 | 004,962,432 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT ========== Files Created - No Company Name ========== [2013.05.10 23:45:26 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt [2013.05.08 21:57:36 | 000,073,461 | ---- | C] () -- C:\Users\Gott\Desktop\4th.jpg [2013.04.20 20:24:25 | 004,188,606 | ---- | C] () -- C:\Users\Gott\Desktop\DSC_0251.JPG [2013.04.20 20:22:18 | 003,948,586 | ---- | C] () -- C:\Users\Gott\Desktop\DSC_0250.JPG [2013.04.19 21:43:42 | 000,097,544 | ---- | C] () -- C:\Users\Gott\Desktop\77th.jpg [2013.04.13 00:11:13 | 006,901,059 | ---- | C] () -- C:\Users\Gott\Desktop\DSC_0240.jpg [2013.04.07 16:37:29 | 000,000,414 | ---- | C] () -- C:\Windows\wininit.ini [2013.01.07 22:28:35 | 000,000,080 | ---- | C] () -- C:\Windows\wiso.ini [2012.12.05 20:43:00 | 000,000,128 | ---- | C] () -- C:\Users\Gott\.screenleap [2012.09.09 13:36:34 | 001,589,442 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.08.16 19:59:31 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Images [2012.08.16 19:59:31 | 000,000,268 | RH-- | C] () -- C:\Users\Gott\AppData\Roaming\Icons [2012.08.16 19:59:31 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLes.DAT [2012.08.16 19:59:31 | 000,000,012 | RH-- | C] () -- C:\ProgramData\LaserPrinter [2012.08.16 19:59:10 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Importer [2012.08.16 19:59:10 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Image Units [2012.08.16 19:59:10 | 000,000,268 | RH-- | C] () -- C:\Users\Gott\AppData\Roaming\Image Capture [2012.08.16 19:59:10 | 000,000,268 | RH-- | C] () -- C:\Users\Gott\AppData\Roaming\Hybrid Synthesizers [2012.08.16 19:59:10 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLev.DAT [2012.08.16 19:59:10 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLet.DAT [2012.08.16 19:59:10 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Legacy [2012.08.16 19:58:57 | 000,000,268 | RH-- | C] () -- C:\Users\Gott\AppData\Roaming\Jazz [2012.08.16 19:58:57 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLeo.DAT [2012.08.16 19:58:57 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Organic [2012.08.16 19:58:57 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Keyboard Layouts [2012.08.15 20:20:34 | 000,014,336 | ---- | C] () -- C:\Users\Gott\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.08.14 20:43:13 | 000,000,000 | ---- | C] () -- C:\Windows\lgfwup.ini [2012.08.11 16:34:42 | 012,978,688 | ---- | C] () -- C:\Windows\SysWow64\ig7icd32.dll [2012.08.11 16:34:42 | 000,734,772 | ---- | C] () -- C:\Windows\SysWow64\igkrng700.bin [2012.08.11 16:34:42 | 000,557,476 | ---- | C] () -- C:\Windows\SysWow64\igfcg700m.bin [2012.08.11 16:34:42 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll [2012.08.11 16:31:44 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini [2012.08.11 16:31:38 | 000,039,213 | ---- | C] () -- C:\Windows\Ascd_tmp.ini ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.08.12 13:31:37 | 000,000,000 | ---D | M] -- C:\Users\Gott\AppData\Roaming\Canneverbe Limited [2012.10.28 20:47:51 | 000,000,000 | ---D | M] -- C:\Users\Gott\AppData\Roaming\FileZilla [2012.08.20 18:32:31 | 000,000,000 | ---D | M] -- C:\Users\Gott\AppData\Roaming\FreePDF [2013.01.03 10:22:31 | 000,000,000 | ---D | M] -- C:\Users\Gott\AppData\Roaming\FRITZ! [2013.01.03 10:19:58 | 000,000,000 | ---D | M] -- C:\Users\Gott\AppData\Roaming\FRITZ!fax für FRITZ!Box [2012.08.12 13:55:37 | 000,000,000 | ---D | M] -- C:\Users\Gott\AppData\Roaming\IrfanView [2012.10.13 21:57:08 | 000,000,000 | ---D | M] -- C:\Users\Gott\AppData\Roaming\Leadertech [2013.04.03 17:04:38 | 000,000,000 | ---D | M] -- C:\Users\Gott\AppData\Roaming\MyPhoneExplorer [2012.08.16 20:03:09 | 000,000,000 | ---D | M] -- C:\Users\Gott\AppData\Roaming\Nikon [2012.08.12 16:35:43 | 000,000,000 | ---D | M] -- C:\Users\Gott\AppData\Roaming\Notepad++ [2012.08.23 20:45:29 | 000,000,000 | ---D | M] -- C:\Users\Gott\AppData\Roaming\PDAppFlex [2013.01.02 23:14:39 | 000,000,000 | ---D | M] -- C:\Users\Gott\AppData\Roaming\QuickScan [2012.08.23 20:47:52 | 000,000,000 | ---D | M] -- C:\Users\Gott\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 [2012.12.30 00:13:37 | 000,000,000 | ---D | M] -- C:\Users\Gott\AppData\Roaming\TeamViewer [2012.08.12 16:36:28 | 000,000,000 | ---D | M] -- C:\Users\Gott\AppData\Roaming\Thunderbird [2012.11.05 14:22:58 | 000,000,000 | ---D | M] -- C:\Users\Gott\AppData\Roaming\TuneUp Software ========== Purity Check ========== < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 11.05.2013 21:52:48 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Gott\Downloads
64bit- Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
7,70 Gb Total Physical Memory | 6,42 Gb Available Physical Memory | 83,39% Memory free
15,40 Gb Paging File | 14,04 Gb Available in Paging File | 91,18% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 48,73 Gb Total Space | 8,91 Gb Free Space | 18,29% Space Free | Partition Type: NTFS
Drive D: | 97,65 Gb Total Space | 54,73 Gb Free Space | 56,05% Space Free | Partition Type: NTFS
Drive E: | 19,53 Gb Total Space | 15,71 Gb Free Space | 80,41% Space Free | Partition Type: NTFS
Drive F: | 48,83 Gb Total Space | 14,95 Gb Free Space | 30,62% Space Free | Partition Type: NTFS
Drive G: | 97,65 Gb Total Space | 9,72 Gb Free Space | 9,95% Space Free | Partition Type: NTFS
Drive H: | 37,57 Gb Total Space | 24,33 Gb Free Space | 64,74% Space Free | Partition Type: NTFS
Drive I: | 549,94 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Computer Name: HOMEOFFICE | User Name: Gott | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "E:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "E:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- E:\Program Files\Adobe PS6\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [Browse with &IrfanView] -- "D:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "E:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "E:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "E:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "E:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "E:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "E:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- E:\Program Files\Adobe PS6\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [Browse with &IrfanView] -- "D:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "E:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "E:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "E:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "E:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"E:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = E:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"E:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = E:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"E:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = E:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"E:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = E:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
"E:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = E:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"E:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = E:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"E:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = E:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"E:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = E:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1252ED6E-E051-40BD-84CE-9D37F73E24A1}" = lport=137 | protocol=17 | dir=in | app=system |
"{141065C6-E34F-4F8E-9067-5006C68C8DBE}" = lport=139 | protocol=6 | dir=in | app=system |
"{44EACCDF-B4ED-428B-84E9-E047ECB79CDC}" = rport=139 | protocol=6 | dir=out | app=system |
"{4EDE3415-DAB3-4D2C-9BF0-69641AB844BD}" = lport=445 | protocol=6 | dir=in | app=system |
"{752132E2-CEC2-4F4E-A5BD-E427FC4E87A8}" = rport=138 | protocol=17 | dir=out | app=system |
"{A33C82E7-8FA0-43AC-BA19-75BFB63E6465}" = rport=137 | protocol=17 | dir=out | app=system |
"{A6E62288-CFE2-4203-9A7A-FAFE2352E676}" = lport=138 | protocol=17 | dir=in | app=system |
"{BECBEB3C-E79C-4E6C-A495-7419B389E02D}" = rport=445 | protocol=6 | dir=out | app=system |
"{CD92877D-B899-4E16-9CAC-707AF6E43DDB}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E02076D1-C5F9-4338-ADC4-12A665817F31}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{EA57B991-52F7-403E-85C3-4826877AF340}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{FD4B0D72-6FD5-4E95-97DD-5F8F86C3A4A9}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{031DB4CF-F931-4AA8-AC1D-7AACFB16DF37}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{0339D99D-B70C-4A5A-BCB4-B3DC68581B52}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{168EB6FC-E495-4C98-A338-D16AD91E6A4F}" = protocol=17 | dir=in | app=e:\program files (x86)\winamp\winamp.exe |
"{1BA30AE4-7610-4D4C-80F0-C1A7E7CBE040}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{1C2A68CE-708E-44A8-86BA-1F9355D6CCFC}" = protocol=6 | dir=in | app=e:\bin\javaw.exe |
"{1D8F990E-E291-4ED0-8072-F3D25A1636F1}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{2270FD02-900E-445C-8E2F-66BCD8CD0399}" = dir=in | app=e:\windows\syswow64\mpk\mpkview.exe |
"{355C2A58-3F6C-4D96-9EE2-5F1F474025C1}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe |
"{4F97884B-7A1F-4FE9-9A3D-ADD02EDAD4BE}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{611063A2-8F0F-46CC-885B-0AD3C334628C}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{6751BF4E-9874-495B-87DF-A634FB290A42}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{68733ED8-A7FB-4B3F-A107-8C671818C9C6}" = protocol=17 | dir=in | app=e:\bin\javaw.exe |
"{98FF4C1A-3ED7-46BA-A921-E6C9F358E975}" = protocol=17 | dir=in | app=c:\windows\syswow64\java.exe |
"{9B5909CD-714F-4801-87CA-7588647D00C6}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{A711350A-5CEB-437B-BF92-862DC093E745}" = protocol=6 | dir=in | app=e:\program files (x86)\winamp\winamp.exe |
"{D08C2FAE-62B1-4ECE-AFCB-6AB31F05D341}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe |
"{DE6F0FF6-B388-4BA1-B356-2BEC8F82547E}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{E439E067-DA10-4DED-B0E8-A9714C6E42E3}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe |
"{E597A9B0-EDAC-42AC-881D-05E58FA4E899}" = protocol=6 | dir=in | app=e:\program files\microsoft office\office14\groove.exe |
"{E59E5D44-7E7D-47EF-8062-74FF3A1CBF85}" = protocol=17 | dir=in | app=e:\program files\microsoft office\office14\groove.exe |
"{F011A118-ABFD-4257-8A45-C521B4B714BA}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe |
"{F5A77004-F4EE-49A7-8131-DA5AE87F9C36}" = protocol=6 | dir=in | app=c:\windows\syswow64\java.exe |
"{F844195C-929A-4DA0-8834-6157EC0AF941}" = dir=in | app=e:\windows\syswow64\mpk\mpk.exe |
"TCP Query User{11628B86-3CBE-4807-B0E6-FB4D23D9A908}C:\windows\syswow64\java.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\java.exe |
"TCP Query User{15DF20BE-305C-4A9A-AC15-5D95450DB62D}E:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=e:\program files (x86)\winamp\winamp.exe |
"TCP Query User{28ED28E9-443E-4D6A-84FA-8F1851FE036D}D:\program files (x86)\bin\java.exe" = protocol=6 | dir=in | app=d:\program files (x86)\bin\java.exe |
"TCP Query User{297572C7-EC4C-4B07-814C-A76603A6A07F}E:\program files\java\bin\javaw.exe" = protocol=6 | dir=in | app=e:\program files\java\bin\javaw.exe |
"TCP Query User{2DAEFBA0-FE30-48B8-BB50-B4F375A9C8C3}C:\program files (x86)\fritz!\frifax32.exe" = protocol=6 | dir=in | app=c:\program files (x86)\fritz!\frifax32.exe |
"TCP Query User{6118638D-978E-4D51-AE32-2E9D9E8A3403}C:\users\gott\appdata\local\temp\_istmp1.dir\_ins5576._mp" = protocol=6 | dir=in | app=c:\users\gott\appdata\local\temp\_istmp1.dir\_ins5576._mp |
"TCP Query User{83C8BD0F-743A-4719-9ED7-4564AED646BD}E:\bin\javaw.exe" = protocol=6 | dir=in | app=e:\bin\javaw.exe |
"TCP Query User{99D38C17-956E-446F-8F85-72E0C0F25230}C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe" = protocol=6 | dir=in | app=c:\program files (x86)\myphoneexplorer\myphoneexplorer.exe |
"TCP Query User{9AAE017A-9659-43DD-8A03-2899B02A9E95}E:\program files (x86)\jdownloader\jre\bin\javaw.exe" = protocol=6 | dir=in | app=e:\program files (x86)\jdownloader\jre\bin\javaw.exe |
"UDP Query User{13B73318-8B9F-4D91-BC24-670107065D17}D:\program files (x86)\bin\java.exe" = protocol=17 | dir=in | app=d:\program files (x86)\bin\java.exe |
"UDP Query User{26D5E35A-6C5E-4682-B1AA-D47B36BDC27B}C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe" = protocol=17 | dir=in | app=c:\program files (x86)\myphoneexplorer\myphoneexplorer.exe |
"UDP Query User{72B6DFF0-4CC4-44CE-B561-ED63B990FABC}C:\windows\syswow64\java.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\java.exe |
"UDP Query User{8436943D-3389-4A57-BC9E-7B3AC389E0D2}C:\program files (x86)\fritz!\frifax32.exe" = protocol=17 | dir=in | app=c:\program files (x86)\fritz!\frifax32.exe |
"UDP Query User{AA808853-786D-412E-A0DF-048F2DBB70C0}C:\users\gott\appdata\local\temp\_istmp1.dir\_ins5576._mp" = protocol=17 | dir=in | app=c:\users\gott\appdata\local\temp\_istmp1.dir\_ins5576._mp |
"UDP Query User{C0104B9C-AF92-4762-8B9D-BFFDB2CF0A95}E:\bin\javaw.exe" = protocol=17 | dir=in | app=e:\bin\javaw.exe |
"UDP Query User{C8FCA213-4C2D-4F41-BE30-0218947BEB1D}E:\program files (x86)\jdownloader\jre\bin\javaw.exe" = protocol=17 | dir=in | app=e:\program files (x86)\jdownloader\jre\bin\javaw.exe |
"UDP Query User{D6891147-AAD0-423E-86CC-EE81235820DA}E:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=e:\program files (x86)\winamp\winamp.exe |
"UDP Query User{D728157C-7A64-4B36-9DA9-5D6B0BE7355D}E:\program files\java\bin\javaw.exe" = protocol=17 | dir=in | app=e:\program files\java\bin\javaw.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{11953C65-BB4E-4CA4-B0F0-2600A4B20040}" = Picture Control Utility x64
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86417005FF}" = Java(TM) 7 Update 5 (64-bit)
"{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1" = MPC-HC 1.6.2.4902 (64-bit)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{635BE602-BB9C-4C59-8CC5-93F9366E8A21}" = ViewNX 2
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0407-1000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-1000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-1000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-1000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-1000-0000000FF1CE}_Office14.PROPLUS_{70A3169E-288F-454F-A08D-20DF66639B50}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-1000-0000000FF1CE}_Office14.PROPLUS_{0242505C-4E90-407F-9299-B5B275F50D86}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-1000-0000000FF1CE}_Office14.PROPLUS_{B51389C8-2890-4633-81D8-47D2A7402274}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-1000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-1000-0000000FF1CE}_Office14.PROPLUS_{3013A793-10A7-4D1F-B8B4-2FAA82F4D259}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-1000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-1000-0000000FF1CE}_Office14.PROPLUS_{98782D5D-A9EE-43C6-88AD-B50AD8530E78}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{E8B6D35B-0B6F-4DCE-9493-859BF3809A7F}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0407-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (German) 2010
"{90140000-0043-0407-1000-0000000FF1CE}_Office14.PROPLUS_{8DFD91C7-66AE-4E54-9901-5D5F401AD329}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-1000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-1000-0000000FF1CE}_Office14.PROPLUS_{8299B64F-1537-4081-974C-033EAB8F098E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-1000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9ED333F8-3E6C-4A38-BAFA-728454121CDA}" = PDF-XChange Viewer
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D0CB24F4-084F-40DE-B6B9-A03626E682F0}" = iCloud
"{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}" = Microsoft SQL Server Compact 3.5 SP2 x64 ENU
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"GPL Ghostscript 9.06" = GPL Ghostscript
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"sp6" = Logitech SetPoint 6.52
"VLC media player" = VLC media player 2.0.2
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21AE04E8-EBF6-40DB-9AA9-B7A80C5D057D}" = mkv2vob
"{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel(R) USB 3.0 eXtensible Host Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3E8A20E1-223F-11E2-9116-B8AC6F98CCE3}" = Google Earth
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{56009CA3-423B-41F8-884A-E5B049534F15}" = Kaspersky Security Scan
"{5CAD3393-EEC0-44CE-9F93-BCAA365B77FB}" = Nikon Movie Editor
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}" = Adobe Photoshop CS6
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.6) - Deutsch
"{B014EE44-9197-4513-9613-71E6EB1B514E}" = Nikon Message Center 2
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}" = PDF Settings CS6
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{D6506521-0959-4FA3-875F-E2E28830B0D2}" = NEF Codec
"{DAC69A3A-89E6-4B70-B486-B974C2C95BE9}" = HD Writer AE 4.0
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel(R) OpenCL CPU Runtime
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"FileZilla Client" = FileZilla Client 3.5.3
"FreePDF_XP" = FreePDF (Remove only)
"FRITZ! 2.0" = AVM FRITZ!fax für FRITZ!Box
"InstallWIX_{56009CA3-423B-41F8-884A-E5B049534F15}" = Kaspersky Security Scan
"IrfanView" = IrfanView (remove only)
"MozBackup" = MozBackup 1.5.1
"Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de)
"Mozilla Thunderbird 15.0 (x86 de)" = Mozilla Thunderbird 15.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MPE" = MyPhoneExplorer
"Notepad++" = Notepad++
"PS3 Media Server" = PS3 Media Server
"TeamViewer 8" = TeamViewer 8
"Winamp" = Winamp
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"FileZilla Client" = FileZilla Client 3.5.3
"Winamp Detect" = Winamp Erkennungs-Plug-in
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 10.05.2013 16:32:17 | Computer Name = HomeOffice | Source = WinMgmt | ID = 10
Description =
Error - 10.05.2013 17:26:25 | Computer Name = HomeOffice | Source = WinMgmt | ID = 10
Description =
Error - 10.05.2013 17:40:08 | Computer Name = HomeOffice | Source = WinMgmt | ID = 10
Description =
Error - 11.05.2013 15:45:01 | Computer Name = HomeOffice | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts
"System Writer". Details: AddLegacyDriverFiles: Unable to back up image of binary
aswMonFlt. System Error: Das System kann die angegebene Datei nicht finden. .
Error - 11.05.2013 15:45:01 | Computer Name = HomeOffice | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts
"System Writer". Details: AddLegacyDriverFiles: Unable to back up image of binary
aswVmm. System Error: Das System kann die angegebene Datei nicht finden. .
Error - 11.05.2013 15:45:01 | Computer Name = HomeOffice | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts
"System Writer". Details: AddLegacyDriverFiles: Unable to back up image of binary
avast! Network Shield Support. System Error: Das System kann die angegebene Datei
nicht finden. .
Error - 11.05.2013 15:45:01 | Computer Name = HomeOffice | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts
"System Writer". Details: AddLegacyDriverFiles: Unable to back up image of binary
AswRdr. System Error: Das System kann die angegebene Datei nicht finden. .
Error - 11.05.2013 15:45:01 | Computer Name = HomeOffice | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts
"System Writer". Details: AddLegacyDriverFiles: Unable to back up image of binary
aswSP. System Error: Das System kann die angegebene Datei nicht finden. .
Error - 11.05.2013 15:45:01 | Computer Name = HomeOffice | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts
"System Writer". Details: AddLegacyDriverFiles: Unable to back up image of binary
aswFsBlk. System Error: Das System kann die angegebene Datei nicht finden. .
Error - 11.05.2013 15:51:25 | Computer Name = HomeOffice | Source = WinMgmt | ID = 10
Description =
[ Media Center Events ]
Error - 24.11.2012 15:01:19 | Computer Name = HomeOffice | Source = MCUpdate | ID = 0
Description = 20:01:19 - Fehler beim Herstellen der Internetverbindung. 20:01:19
- Serververbindung konnte nicht hergestellt werden..
Error - 24.11.2012 15:01:52 | Computer Name = HomeOffice | Source = MCUpdate | ID = 0
Description = 20:01:48 - Fehler beim Herstellen der Internetverbindung. 20:01:48
- Serververbindung konnte nicht hergestellt werden..
Error - 25.11.2012 14:27:36 | Computer Name = HomeOffice | Source = MCUpdate | ID = 0
Description = 19:27:36 - Fehler beim Herstellen der Internetverbindung. 19:27:36
- Serververbindung konnte nicht hergestellt werden..
Error - 25.11.2012 14:28:10 | Computer Name = HomeOffice | Source = MCUpdate | ID = 0
Description = 19:28:05 - Fehler beim Herstellen der Internetverbindung. 19:28:05
- Serververbindung konnte nicht hergestellt werden..
Error - 24.12.2012 10:23:46 | Computer Name = HomeOffice | Source = MCUpdate | ID = 0
Description = 15:23:46 - Fehler beim Herstellen der Internetverbindung. 15:23:46
- Serververbindung konnte nicht hergestellt werden..
Error - 24.12.2012 10:24:19 | Computer Name = HomeOffice | Source = MCUpdate | ID = 0
Description = 15:24:15 - Fehler beim Herstellen der Internetverbindung. 15:24:15
- Serververbindung konnte nicht hergestellt werden..
Error - 30.12.2012 14:41:04 | Computer Name = HomeOffice | Source = MCUpdate | ID = 0
Description = 19:41:04 - Fehler beim Herstellen der Internetverbindung. 19:41:04
- Serververbindung konnte nicht hergestellt werden..
Error - 30.12.2012 14:41:42 | Computer Name = HomeOffice | Source = MCUpdate | ID = 0
Description = 19:41:33 - Fehler beim Herstellen der Internetverbindung. 19:41:33
- Serververbindung konnte nicht hergestellt werden..
[ Spybot - Search and Destroy Events ]
Error - 02.01.2013 17:34:17 | Computer Name = HomeOffice | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions
Error - 07.04.2013 10:37:30 | Computer Name = HomeOffice | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions
Error - 08.04.2013 02:49:57 | Computer Name = HomeOffice | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions
[ System Events ]
Error - 10.05.2013 16:30:03 | Computer Name = HomeOffice | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 10.05.2013 16:30:03 | Computer Name = HomeOffice | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 10.05.2013 16:30:05 | Computer Name = HomeOffice | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 10.05.2013 16:30:05 | Computer Name = HomeOffice | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 10.05.2013 16:30:05 | Computer Name = HomeOffice | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 10.05.2013 16:32:01 | Computer Name = HomeOffice | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?10.?05.?2013 um 22:30:49 unerwartet heruntergefahren.
Error - 10.05.2013 17:27:33 | Computer Name = HomeOffice | Source = DCOM | ID = 10010
Description =
Error - 10.05.2013 17:32:12 | Computer Name = HomeOffice | Source = DCOM | ID = 10010
Description =
Error - 11.05.2013 04:13:14 | Computer Name = HomeOffice | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
Error - 11.05.2013 04:21:38 | Computer Name = HomeOffice | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
< End of report >
GMER Logfile: Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-05-11 22:18:32
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1 ST3250410AS rev.3.AAC 232,89GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\Gott\AppData\Local\Temp\uxliraow.sys
---- User code sections - GMER 2.1 ----
.text E:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1612] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000076361465 2 bytes [36, 76]
.text E:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1612] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 00000000763614bb 2 bytes [36, 76]
.text ... * 2
.text E:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[2504] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076361465 2 bytes [36, 76]
.text E:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[2504] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000763614bb 2 bytes [36, 76]
.text ... * 2
---- Threads - GMER 2.1 ----
Thread C:\Windows\System32\svchost.exe [1424:2340] 000007fef7ef9688
---- EOF - GMER 2.1 ----
|
|
11.05.2013, 22:32
| #2 |
| /// TB-Ausbilder  | "System Care Antivirus" eingefangen!! Hinweis an Mitlesende !! Dieses Thema und die Anweisungen sind nur für diesen speziellen Fall gedacht. Sie könnten andere Computer schwer beschädigen. Öffnet bitte euer eigenes Thema.  Ich werde dir bei deinem Problem helfen. Die Bereinigung funktioniert nur, wenn du dich an die folgenden Regeln hälst:  Bitte lesen:Regeln für die Bereinigung
Scan mit Combofix
__________________ |
|
11.05.2013, 23:10
| #3 |
| | "System Care Antivirus" eingefangen Hi ryder!
__________________Erstmal vielen Dank für deine Mühe!  Hier, wie gefordert, der LOG des Combofix:Code:
ATTFilter ComboFix 13-05-11.01 - Gott 12.05.2013 0:04:20.2.4 - x64
Microsoft Windows 7 Enterprise 6.1.7601.1.1252.49.1031.18.7884.6275 [GMT 2:00]
ausgeführt von:: C:\Users\Gott\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
((((((((((((((((((((((( Dateien erstellt von 2013-04-11 bis 2013-05-11 ))))))))))))))))))))))))))))))
2013-05-11 22:06:49 . 2013-05-11 22:06:49 -------- d-----w- C:\Users\Jasmin\AppData\Local\temp
2013-05-11 22:06:49 . 2013-05-11 22:06:49 -------- d-----w- C:\Users\Default\AppData\Local\temp
2013-05-10 21:45:26 . 2013-05-09 08:58:11 287840 ----a-w- C:\Windows\system32\aswBoot.exe
2013-05-10 21:45:09 . 2013-05-10 21:45:09 -------- d-----w- C:\Program Files\AVAST Software
2013-05-10 21:43:25 . 2013-05-11 19:51:02 -------- d-----w- C:\ProgramData\AVAST Software
2013-05-10 21:18:48 . 2013-05-10 21:18:48 -------- d-----w- C:\Users\Jasmin\AppData\Roaming\Leadertech
2013-05-10 21:18:44 . 2013-05-10 21:18:44 -------- d-----w- C:\ProgramData\Kaspersky Lab
2013-05-10 21:18:44 . 2013-05-10 21:18:44 -------- d-----w- C:\Program Files (x86)\Kaspersky Lab
2013-05-10 21:18:04 . 2013-05-10 21:18:04 -------- d-----w- C:\ProgramData\Logitech
2013-05-10 21:17:59 . 2013-05-10 21:17:59 -------- d-----w- C:\Program Files\Logitech
2013-05-10 21:17:53 . 2013-05-10 21:18:32 -------- d-----w- C:\Program Files\Common Files\LogiShrd
2013-05-10 21:17:32 . 2013-05-10 21:17:32 -------- d-----w- C:\Users\Jasmin\AppData\Roaming\Logishrd
2013-05-10 21:01:32 . 2013-05-10 21:12:02 -------- d-----w- C:\Users\Jasmin\AppData\Roaming\QuickScan
2013-05-10 20:13:39 . 2013-05-10 21:38:22 -------- d-----w- C:\ProgramData\1CD4CBFCA95BC35F00001CD4AF2DC92E
2013-05-10 19:23:15 . 2013-04-10 03:46:09 9317456 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E8BC3D33-F9D3-4CE2-AD1D-7366D1811C33}\mpengine.dll
2013-04-24 16:54:47 . 2013-04-12 14:45:08 1656680 ----a-w- C:\Windows\system32\drivers\ntfs.sys
2013-04-15 10:58:27 . 2013-04-15 10:58:29 -------- d-----w- C:\Users\Jasmin\AppData\Roaming\Apple Computer
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
2013-05-10 21:18:29 . 2012-10-13 19:56:56 18960 ----a-w- C:\Windows\system32\drivers\LNonPnP.sys
2013-05-02 00:06:08 . 2010-11-21 03:27:21 278800 ------w- C:\Windows\system32\MpSigStub.exe
2013-04-11 21:38:06 . 2012-08-13 17:40:44 72702784 ----a-w- C:\Windows\system32\MRT.exe
2013-04-05 21:16:51 . 2013-04-05 21:16:51 97280 ----a-w- C:\Windows\system32\mshtmled.dll
2013-04-05 21:16:51 . 2013-04-05 21:16:51 92160 ----a-w- C:\Windows\system32\SetIEInstalledDate.exe
2013-04-05 21:16:51 . 2013-04-05 21:16:51 905728 ----a-w- C:\Windows\system32\mshtmlmedia.dll
2013-04-05 21:16:51 . 2013-04-05 21:16:51 81408 ----a-w- C:\Windows\system32\icardie.dll
2013-04-05 21:16:51 . 2013-04-05 21:16:51 77312 ----a-w- C:\Windows\system32\tdc.ocx
2013-04-05 21:16:51 . 2013-04-05 21:16:51 762368 ----a-w- C:\Windows\system32\ieapfltr.dll
2013-04-05 21:16:51 . 2013-04-05 21:16:51 73728 ----a-w- C:\Windows\SysWow64\SetIEInstalledDate.exe
2013-04-05 21:16:51 . 2013-04-05 21:16:51 719360 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2013-04-05 21:16:51 . 2013-04-05 21:16:51 62976 ----a-w- C:\Windows\system32\pngfilt.dll
2013-04-05 21:16:51 . 2013-04-05 21:16:51 61952 ----a-w- C:\Windows\SysWow64\tdc.ocx
2013-04-05 21:16:51 . 2013-04-05 21:16:51 599552 ----a-w- C:\Windows\system32\vbscript.dll
2013-04-05 21:16:51 . 2013-04-05 21:16:51 523264 ----a-w- C:\Windows\SysWow64\vbscript.dll
2013-04-05 21:16:51 . 2013-04-05 21:16:51 52224 ----a-w- C:\Windows\system32\msfeedsbs.dll
2013-04-05 21:16:51 . 2013-04-05 21:16:51 51200 ----a-w- C:\Windows\system32\imgutil.dll
2013-04-05 21:16:51 . 2013-04-05 21:16:51 48640 ----a-w- C:\Windows\SysWow64\mshtmler.dll
2013-04-05 21:16:51 . 2013-04-05 21:16:51 48640 ----a-w- C:\Windows\system32\mshtmler.dll
2013-04-05 21:16:51 . 2013-04-05 21:16:51 452096 ----a-w- C:\Windows\system32\dxtmsft.dll
2013-04-05 21:16:51 . 2013-04-05 21:16:51 441856 ----a-w- C:\Windows\system32\html.iec
2013-04-05 21:16:51 . 2013-04-05 21:16:51 38400 ----a-w- C:\Windows\SysWow64\imgutil.dll
2013-04-05 21:16:51 . 2013-04-05 21:16:51 361984 ----a-w- C:\Windows\SysWow64\html.iec
2013-04-05 21:16:51 . 2013-04-05 21:16:51 281600 ----a-w- C:\Windows\system32\dxtrans.dll
2013-04-05 21:16:51 . 2013-04-05 21:16:51 27648 ----a-w- C:\Windows\system32\licmgr10.dll
2013-04-05 21:16:51 . 2013-04-05 21:16:51 270848 ----a-w- C:\Windows\system32\iedkcs32.dll
2013-04-05 21:16:51 . 2013-04-05 21:16:51 247296 ----a-w- C:\Windows\system32\webcheck.dll
2013-04-05 21:16:51 . 2013-04-05 21:16:51 235008 ----a-w- C:\Windows\system32\url.dll
2013-04-05 21:16:51 . 2013-04-05 21:16:51 23040 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2013-04-05 21:16:51 . 2013-04-05 21:16:51 226304 ----a-w- C:\Windows\system32\elshyph.dll
2013-04-05 21:16:51 . 2013-04-05 21:16:51 216064 ----a-w- C:\Windows\system32\msls31.dll
2013-04-05 21:16:51 . 2013-04-05 21:16:51 197120 ----a-w- C:\Windows\system32\msrating.dll
2013-04-05 21:16:51 . 2013-04-05 21:16:51 185344 ----a-w- C:\Windows\SysWow64\elshyph.dll
2013-04-05 21:16:51 . 2013-04-05 21:16:51 173568 ----a-w- C:\Windows\system32\ieUnatt.exe
2013-04-05 21:16:51 . 2013-04-05 21:16:51 167424 ----a-w- C:\Windows\system32\iexpress.exe
2013-04-05 21:16:51 . 2013-04-05 21:16:51 158720 ----a-w- C:\Windows\SysWow64\msls31.dll
2013-04-05 21:16:51 . 2013-04-05 21:16:51 1509376 ----a-w- C:\Windows\system32\inetcpl.cpl
2013-04-05 21:16:51 . 2013-04-05 21:16:51 150528 ----a-w- C:\Windows\SysWow64\iexpress.exe
2013-04-05 21:16:51 . 2013-04-05 21:16:51 149504 ----a-w- C:\Windows\system32\occache.dll
2013-04-05 21:16:51 . 2013-04-05 21:16:51 144896 ----a-w- C:\Windows\system32\wextract.exe
2013-04-05 21:16:51 . 2013-04-05 21:16:51 1441280 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2013-04-05 21:16:51 . 2013-04-05 21:16:51 1400416 ----a-w- C:\Windows\system32\ieapfltr.dat
2013-04-05 21:16:51 . 2013-04-05 21:16:51 138752 ----a-w- C:\Windows\SysWow64\wextract.exe
2013-04-05 21:16:51 . 2013-04-05 21:16:51 13824 ----a-w- C:\Windows\system32\mshta.exe
2013-04-05 21:16:51 . 2013-04-05 21:16:51 137216 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2013-04-05 21:16:51 . 2013-04-05 21:16:51 136192 ----a-w- C:\Windows\system32\iepeers.dll
2013-04-05 21:16:51 . 2013-04-05 21:16:51 135680 ----a-w- C:\Windows\system32\IEAdvpack.dll
2013-04-05 21:16:51 . 2013-04-05 21:16:51 12800 ----a-w- C:\Windows\SysWow64\mshta.exe
2013-04-05 21:16:51 . 2013-04-05 21:16:51 12800 ----a-w- C:\Windows\system32\msfeedssync.exe
2013-04-05 21:16:51 . 2013-04-05 21:16:51 110592 ----a-w- C:\Windows\SysWow64\IEAdvpack.dll
2013-04-05 21:16:51 . 2013-04-05 21:16:51 1054720 ----a-w- C:\Windows\system32\MsSpellCheckingFacility.exe
2013-04-05 21:16:51 . 2013-04-05 21:16:51 102912 ----a-w- C:\Windows\system32\inseng.dll
2013-03-19 06:04:06 . 2013-04-11 14:16:32 5550424 ----a-w- C:\Windows\system32\ntoskrnl.exe
2013-03-19 05:46:56 . 2013-04-11 14:16:31 43520 ----a-w- C:\Windows\system32\csrsrv.dll
2013-03-19 05:04:13 . 2013-04-11 14:16:31 3968856 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04:10 . 2013-04-11 14:16:31 3913560 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47:50 . 2013-04-11 14:16:31 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll
2013-03-19 03:06:33 . 2013-04-11 14:16:31 112640 ----a-w- C:\Windows\system32\smss.exe
2013-03-13 20:01:23 . 2012-08-11 14:46:32 73432 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-13 20:01:23 . 2012-08-11 14:46:32 693976 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-03-09 20:34:28 . 2012-09-03 18:21:39 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-03-09 20:34:28 . 2012-08-14 13:20:12 861088 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2013-03-09 20:34:28 . 2012-08-14 13:20:12 782240 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-03-01 03:36:04 . 2013-04-11 14:16:34 3153408 ----a-w- C:\Windows\system32\win32k.sys
2013-02-21 10:30:16 . 2013-04-11 21:37:28 1766912 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-02-21 10:29:39 . 2013-04-11 21:37:28 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-02-21 10:29:37 . 2013-04-11 21:37:30 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-02-21 10:29:37 . 2013-04-11 21:37:30 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-02-21 10:15:22 . 2013-04-11 21:37:31 51712 ----a-w- C:\Windows\system32\ie4uinit.exe
2013-02-21 10:15:07 . 2013-04-11 21:37:28 2240512 ----a-w- C:\Windows\system32\wininet.dll
2013-02-21 10:14:59 . 2013-04-11 21:37:29 1365504 ----a-w- C:\Windows\system32\urlmon.dll
2013-02-21 10:14:24 . 2013-04-11 21:37:25 19230208 ----a-w- C:\Windows\system32\mshtml.dll
2013-02-21 10:14:21 . 2013-04-11 21:37:30 603136 ----a-w- C:\Windows\system32\msfeeds.dll
2013-02-21 10:14:09 . 2013-04-11 21:37:29 3958784 ----a-w- C:\Windows\system32\jscript9.dll
2013-02-21 10:14:09 . 2013-04-11 21:37:28 53248 ----a-w- C:\Windows\system32\jsproxy.dll
2013-02-21 10:14:08 . 2013-04-11 21:37:29 855552 ----a-w- C:\Windows\system32\jscript.dll
2013-02-21 10:14:05 . 2013-04-11 21:37:31 526336 ----a-w- C:\Windows\system32\ieui.dll
2013-02-21 10:14:05 . 2013-04-11 21:37:30 67072 ----a-w- C:\Windows\system32\iesetup.dll
2013-02-21 10:14:05 . 2013-04-11 21:37:30 2647040 ----a-w- C:\Windows\system32\iertutil.dll
2013-02-21 10:14:05 . 2013-04-11 21:37:30 136704 ----a-w- C:\Windows\system32\iesysprep.dll
2013-02-21 10:14:04 . 2013-04-11 21:37:30 39936 ----a-w- C:\Windows\system32\iernonce.dll
2013-02-21 10:14:04 . 2013-04-11 21:37:27 15404544 ----a-w- C:\Windows\system32\ieframe.dll
2013-02-19 12:01:03 . 2013-04-11 21:37:31 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-02-19 11:42:14 . 2013-04-11 21:37:31 2706432 ----a-w- C:\Windows\system32\mshtml.tlb
2013-02-19 11:10:53 . 2013-04-11 21:37:30 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-02-19 10:51:18 . 2013-04-11 21:37:30 89600 ----a-w- C:\Windows\system32\RegisterIEPKEYs.exe
2013-02-15 06:08:40 . 2013-04-11 14:16:41 44032 ----a-w- C:\Windows\system32\tsgqec.dll
2013-02-15 06:06:11 . 2013-04-11 14:16:41 3717632 ----a-w- C:\Windows\system32\mstscax.dll
2013-02-15 06:02:26 . 2013-04-11 14:16:41 158720 ----a-w- C:\Windows\system32\aaclient.dll
2013-02-15 04:37:10 . 2013-04-11 14:16:41 3217408 ----a-w- C:\Windows\SysWow64\mstscax.dll
2013-02-15 04:34:10 . 2013-04-11 14:16:41 131584 ----a-w- C:\Windows\SysWow64\aaclient.dll
2013-02-15 03:25:51 . 2013-04-11 14:16:41 36864 ----a-w- C:\Windows\SysWow64\tsgqec.dll
2013-02-12 05:45:24 . 2013-03-14 12:06:10 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45:22 . 2013-03-14 12:06:10 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45:22 . 2013-03-14 12:06:10 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45:22 . 2013-03-14 12:06:10 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48:31 . 2013-03-14 12:06:10 474112 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
2013-02-12 04:48:26 . 2013-03-14 12:06:10 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll
2013-02-12 04:12:05 . 2013-03-20 19:56:15 19968 ----a-w- C:\Windows\system32\drivers\usb8023.sys
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2010-11-21 03:24:51 1475584]
"ApplePhotoStreams"="E:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2012-12-17 15:14:14 59872]
"iCloudServices"="E:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2012-12-17 14:48:14 59872]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"="C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-02-27 02:01:56 291608]
"FreePDF Assistant"="C:\Program Files (x86)\FreePDF_XP\fpassist.exe" [2011-02-23 20:19:22 371200]
"SwitchBoard"="C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 11:37:14 517096]
"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 07:35:28 946352]
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 07:04:54 252848]
"APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 12:13:16 59280]
C:\Users\Jasmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech . Produktregistrierung.lnk - C:\Program Files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe [2009-11-16 517384]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
HD Writer.lnk - C:\Program Files (x86)\Common Files\Panasonic\HD Writer AutoStart\HDWriterAutoStart.exe [2013-1-4 292736]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 12:27:14 138576]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;C:\Windows\system32\Drivers\ssadadb.sys [2010-05-25 13:59:24 36328]
R3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys [2010-11-21 03:23:48 71168]
R3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 19:20:56 174440]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys [2010-11-21 03:24:43 20992]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\system32\DRIVERS\ssadbus.sys [2011-05-13 01:21:02 157672]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\system32\DRIVERS\ssadmdfl.sys [2011-05-13 01:21:02 16872]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\system32\DRIVERS\ssadmdm.sys [2011-05-13 01:21:04 177640]
R3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 11:37:14 517096]
R3 Synth3dVsc;Synth3dVsc;C:\Windows\system32\drivers\synth3dvsc.sys [2010-11-21 03:23:48 88960]
R3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\system32\drivers\terminpt.sys [2010-11-21 03:23:48 34816]
R3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys [2010-11-21 03:24:33 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-21 03:23:47 31232]
R3 tsusbhub;tsusbhub;C:\Windows\system32\drivers\tsusbhub.sys [2010-11-21 03:23:48 117248]
R3 VGPU;VGPU;C:\Windows\system32\drivers\rdvgkmd.sys [x]
S0 iusb3hcs;Intel(R) USB 3.0 Hostcontroller-Switchtreiber;C:\Windows\system32\DRIVERS\iusb3hcs.sys [2012-02-27 02:01:00 16152]
S0 PxHlpa64;PxHlpa64;C:\Windows\System32\Drivers\PxHlpa64.sys [2011-10-04 15:29:54 55952]
S2 KSS;Kaspersky Security Scan Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe [2012-04-25 17:53:38 202296]
S2 TeamViewer8;TeamViewer 8;C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2013-03-06 15:30:43 3560288]
S3 IntcDAud;Intel(R) Display-Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys [2011-12-05 19:23:08 331264]
S3 iusb3hub;Intel(R) USB 3.0-Hubtreiber;C:\Windows\system32\DRIVERS\iusb3hub.sys [2012-02-27 02:01:00 356120]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible-Hostcontrollertreiber;C:\Windows\system32\DRIVERS\iusb3xhc.sys [2012-02-27 02:01:00 788760]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys [2012-06-12 21:00:48 726160]
--- Andere Dienste/Treiber im Speicher ---
*NewlyCreated* - WS2IFSL
Inhalt des "geplante Tasks" Ordners
2013-05-11 C:\Windows\Tasks\Adobe Flash Player Updater.job
- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-11 14:46:32 . 2013-03-13 20:01:23]
--------- X64 Entries -----------
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2012-01-12 06:24:22 170264]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2012-01-12 06:24:10 398104]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2012-01-12 06:24:14 440600]
"EvtMgr6"="C:\Program Files\Logitech\SetPointP\SetPoint.exe" [2013-02-21 02:41:42 2991856]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
------- Zusätzlicher Suchlauf -------
uLocal Page = C:\Windows\system32\blank.htm
mLocal Page = C:\Windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Nach Microsoft E&xcel exportieren - E:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - C:\Users\Gott\AppData\Roaming\Mozilla\Firefox\Profiles\bdydd7wf.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.t-online.de/
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2013-05-10 23:18; {F003DA68-8256-4b37-A6C4-350FA04494DF}; C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
- - - - Entfernte verwaiste Registrierungseinträge - - - -
AddRemove-FRITZ! 2.0 - C:\Windows\IsUn0407.exe
AddRemove-{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2468871 - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe
AddRemove-{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2487367 - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe
AddRemove-{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2533523 - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe
AddRemove-{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2600217 - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe
AddRemove-{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2656351 - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe
AddRemove-{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2736428 - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe
AddRemove-{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2742595 - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871 - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523 - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217 - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2604121 - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2656351 - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2656368v2 - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2656405 - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2686827 - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2729449 - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2736428 - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2737019 - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2742595 - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2789642 - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
|
|
11.05.2013, 23:58
| #4 |
| /// TB-Ausbilder | "System Care Antivirus" eingefangen Hi. Kein Problem. Bitte nächstens das KOMPLETTE Logfile. Combofix-Skript
__________________  Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
12.05.2013, 06:44
| #5 |
| | "System Care Antivirus" eingefangen Hi ryder! Habe es so gemacht wie beschrieben. Hier ist das LOG File: Code:
ATTFilter ComboFix 13-05-11.01 - Gott 12.05.2013 7:34.3.4 - x64
Microsoft Windows 7 Enterprise 6.1.7601.1.1252.49.1031.18.7884.6101 [GMT 2:00]
ausgeführt von:: c:\users\Gott\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Gott\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-04-12 bis 2013-05-12 ))))))))))))))))))))))))))))))
.
.
2013-05-12 05:39 . 2013-05-12 05:39 -------- d-----w- c:\users\Jasmin\AppData\Local\temp
2013-05-12 05:39 . 2013-05-12 05:39 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-05-10 21:45 . 2013-05-09 08:58 287840 ----a-w- c:\windows\system32\aswBoot.exe
2013-05-10 21:45 . 2013-05-10 21:45 -------- d-----w- c:\program files\AVAST Software
2013-05-10 21:43 . 2013-05-11 19:51 -------- d-----w- c:\programdata\AVAST Software
2013-05-10 21:18 . 2013-05-10 21:18 -------- d-----w- c:\users\Jasmin\AppData\Roaming\Leadertech
2013-05-10 21:18 . 2013-05-10 21:18 -------- d-----w- c:\programdata\Kaspersky Lab
2013-05-10 21:18 . 2013-05-10 21:18 -------- d-----w- c:\program files (x86)\Kaspersky Lab
2013-05-10 21:18 . 2013-05-10 21:18 -------- d-----w- c:\programdata\Logitech
2013-05-10 21:17 . 2013-05-10 21:17 -------- d-----w- c:\program files\Logitech
2013-05-10 21:17 . 2013-05-10 21:18 -------- d-----w- c:\program files\Common Files\LogiShrd
2013-05-10 21:17 . 2013-05-10 21:17 -------- d-----w- c:\users\Jasmin\AppData\Roaming\Logishrd
2013-05-10 21:01 . 2013-05-10 21:12 -------- d-----w- c:\users\Jasmin\AppData\Roaming\QuickScan
2013-05-10 20:13 . 2013-05-10 21:38 -------- d-----w- c:\programdata\1CD4CBFCA95BC35F00001CD4AF2DC92E
2013-05-10 19:23 . 2013-04-10 03:46 9317456 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E8BC3D33-F9D3-4CE2-AD1D-7366D1811C33}\mpengine.dll
2013-04-24 16:54 . 2013-04-12 14:45 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-15 10:58 . 2013-04-15 10:58 -------- d-----w- c:\users\Jasmin\AppData\Roaming\Apple Computer
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-10 21:18 . 2012-10-13 19:56 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2013-05-02 00:06 . 2010-11-21 03:27 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-04-11 21:38 . 2012-08-13 17:40 72702784 ----a-w- c:\windows\system32\MRT.exe
2013-04-05 21:16 . 2013-04-05 21:16 97280 ----a-w- c:\windows\system32\mshtmled.dll
2013-04-05 21:16 . 2013-04-05 21:16 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-04-05 21:16 . 2013-04-05 21:16 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-04-05 21:16 . 2013-04-05 21:16 81408 ----a-w- c:\windows\system32\icardie.dll
2013-04-05 21:16 . 2013-04-05 21:16 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-04-05 21:16 . 2013-04-05 21:16 762368 ----a-w- c:\windows\system32\ieapfltr.dll
2013-04-05 21:16 . 2013-04-05 21:16 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-04-05 21:16 . 2013-04-05 21:16 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-04-05 21:16 . 2013-04-05 21:16 62976 ----a-w- c:\windows\system32\pngfilt.dll
2013-04-05 21:16 . 2013-04-05 21:16 61952 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-04-05 21:16 . 2013-04-05 21:16 599552 ----a-w- c:\windows\system32\vbscript.dll
2013-04-05 21:16 . 2013-04-05 21:16 523264 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-04-05 21:16 . 2013-04-05 21:16 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-04-05 21:16 . 2013-04-05 21:16 51200 ----a-w- c:\windows\system32\imgutil.dll
2013-04-05 21:16 . 2013-04-05 21:16 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-04-05 21:16 . 2013-04-05 21:16 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-04-05 21:16 . 2013-04-05 21:16 452096 ----a-w- c:\windows\system32\dxtmsft.dll
2013-04-05 21:16 . 2013-04-05 21:16 441856 ----a-w- c:\windows\system32\html.iec
2013-04-05 21:16 . 2013-04-05 21:16 38400 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-04-05 21:16 . 2013-04-05 21:16 361984 ----a-w- c:\windows\SysWow64\html.iec
2013-04-05 21:16 . 2013-04-05 21:16 281600 ----a-w- c:\windows\system32\dxtrans.dll
2013-04-05 21:16 . 2013-04-05 21:16 27648 ----a-w- c:\windows\system32\licmgr10.dll
2013-04-05 21:16 . 2013-04-05 21:16 270848 ----a-w- c:\windows\system32\iedkcs32.dll
2013-04-05 21:16 . 2013-04-05 21:16 247296 ----a-w- c:\windows\system32\webcheck.dll
2013-04-05 21:16 . 2013-04-05 21:16 235008 ----a-w- c:\windows\system32\url.dll
2013-04-05 21:16 . 2013-04-05 21:16 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-04-05 21:16 . 2013-04-05 21:16 226304 ----a-w- c:\windows\system32\elshyph.dll
2013-04-05 21:16 . 2013-04-05 21:16 216064 ----a-w- c:\windows\system32\msls31.dll
2013-04-05 21:16 . 2013-04-05 21:16 197120 ----a-w- c:\windows\system32\msrating.dll
2013-04-05 21:16 . 2013-04-05 21:16 185344 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-04-05 21:16 . 2013-04-05 21:16 173568 ----a-w- c:\windows\system32\ieUnatt.exe
2013-04-05 21:16 . 2013-04-05 21:16 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-04-05 21:16 . 2013-04-05 21:16 158720 ----a-w- c:\windows\SysWow64\msls31.dll
2013-04-05 21:16 . 2013-04-05 21:16 1509376 ----a-w- c:\windows\system32\inetcpl.cpl
2013-04-05 21:16 . 2013-04-05 21:16 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-04-05 21:16 . 2013-04-05 21:16 149504 ----a-w- c:\windows\system32\occache.dll
2013-04-05 21:16 . 2013-04-05 21:16 144896 ----a-w- c:\windows\system32\wextract.exe
2013-04-05 21:16 . 2013-04-05 21:16 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-04-05 21:16 . 2013-04-05 21:16 1400416 ----a-w- c:\windows\system32\ieapfltr.dat
2013-04-05 21:16 . 2013-04-05 21:16 138752 ----a-w- c:\windows\SysWow64\wextract.exe
2013-04-05 21:16 . 2013-04-05 21:16 13824 ----a-w- c:\windows\system32\mshta.exe
2013-04-05 21:16 . 2013-04-05 21:16 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-04-05 21:16 . 2013-04-05 21:16 136192 ----a-w- c:\windows\system32\iepeers.dll
2013-04-05 21:16 . 2013-04-05 21:16 135680 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-04-05 21:16 . 2013-04-05 21:16 12800 ----a-w- c:\windows\SysWow64\mshta.exe
2013-04-05 21:16 . 2013-04-05 21:16 12800 ----a-w- c:\windows\system32\msfeedssync.exe
2013-04-05 21:16 . 2013-04-05 21:16 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-04-05 21:16 . 2013-04-05 21:16 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-04-05 21:16 . 2013-04-05 21:16 102912 ----a-w- c:\windows\system32\inseng.dll
2013-03-19 06:04 . 2013-04-11 14:16 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-19 05:46 . 2013-04-11 14:16 43520 ----a-w- c:\windows\system32\csrsrv.dll
2013-03-19 05:04 . 2013-04-11 14:16 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04 . 2013-04-11 14:16 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47 . 2013-04-11 14:16 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll
2013-03-19 03:06 . 2013-04-11 14:16 112640 ----a-w- c:\windows\system32\smss.exe
2013-03-13 20:01 . 2012-08-11 14:46 73432 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-13 20:01 . 2012-08-11 14:46 693976 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-03-09 20:34 . 2012-09-03 18:21 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-03-09 20:34 . 2012-08-14 13:20 861088 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-03-09 20:34 . 2012-08-14 13:20 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-03-01 03:36 . 2013-04-11 14:16 3153408 ----a-w- c:\windows\system32\win32k.sys
2013-02-21 10:30 . 2013-04-11 21:37 1766912 ----a-w- c:\windows\SysWow64\wininet.dll
2013-02-21 10:29 . 2013-04-11 21:37 2877440 ----a-w- c:\windows\SysWow64\jscript9.dll
2013-02-21 10:29 . 2013-04-11 21:37 61440 ----a-w- c:\windows\SysWow64\iesetup.dll
2013-02-21 10:29 . 2013-04-11 21:37 109056 ----a-w- c:\windows\SysWow64\iesysprep.dll
2013-02-21 10:15 . 2013-04-11 21:37 51712 ----a-w- c:\windows\system32\ie4uinit.exe
2013-02-21 10:15 . 2013-04-11 21:37 2240512 ----a-w- c:\windows\system32\wininet.dll
2013-02-21 10:14 . 2013-04-11 21:37 1365504 ----a-w- c:\windows\system32\urlmon.dll
2013-02-21 10:14 . 2013-04-11 21:37 19230208 ----a-w- c:\windows\system32\mshtml.dll
2013-02-21 10:14 . 2013-04-11 21:37 603136 ----a-w- c:\windows\system32\msfeeds.dll
2013-02-21 10:14 . 2013-04-11 21:37 3958784 ----a-w- c:\windows\system32\jscript9.dll
2013-02-21 10:14 . 2013-04-11 21:37 53248 ----a-w- c:\windows\system32\jsproxy.dll
2013-02-21 10:14 . 2013-04-11 21:37 855552 ----a-w- c:\windows\system32\jscript.dll
2013-02-21 10:14 . 2013-04-11 21:37 526336 ----a-w- c:\windows\system32\ieui.dll
2013-02-21 10:14 . 2013-04-11 21:37 67072 ----a-w- c:\windows\system32\iesetup.dll
2013-02-21 10:14 . 2013-04-11 21:37 2647040 ----a-w- c:\windows\system32\iertutil.dll
2013-02-21 10:14 . 2013-04-11 21:37 136704 ----a-w- c:\windows\system32\iesysprep.dll
2013-02-21 10:14 . 2013-04-11 21:37 39936 ----a-w- c:\windows\system32\iernonce.dll
2013-02-21 10:14 . 2013-04-11 21:37 15404544 ----a-w- c:\windows\system32\ieframe.dll
2013-02-19 12:01 . 2013-04-11 21:37 2706432 ----a-w- c:\windows\SysWow64\mshtml.tlb
2013-02-19 11:42 . 2013-04-11 21:37 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2013-02-19 11:10 . 2013-04-11 21:37 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2013-02-19 10:51 . 2013-04-11 21:37 89600 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-02-15 06:08 . 2013-04-11 14:16 44032 ----a-w- c:\windows\system32\tsgqec.dll
2013-02-15 06:06 . 2013-04-11 14:16 3717632 ----a-w- c:\windows\system32\mstscax.dll
2013-02-15 06:02 . 2013-04-11 14:16 158720 ----a-w- c:\windows\system32\aaclient.dll
2013-02-15 04:37 . 2013-04-11 14:16 3217408 ----a-w- c:\windows\SysWow64\mstscax.dll
2013-02-15 04:34 . 2013-04-11 14:16 131584 ----a-w- c:\windows\SysWow64\aaclient.dll
2013-02-15 03:25 . 2013-04-11 14:16 36864 ----a-w- c:\windows\SysWow64\tsgqec.dll
2013-02-12 05:45 . 2013-03-14 12:06 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45 . 2013-03-14 12:06 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45 . 2013-03-14 12:06 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45 . 2013-03-14 12:06 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48 . 2013-03-14 12:06 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-14 12:06 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-02-12 04:12 . 2013-03-20 19:56 19968 ----a-w- c:\windows\system32\drivers\usb8023.sys
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\programdata\1CD4CBFCA95BC35F00001CD4AF2DC92E ----
.
2013-05-10 20:20 . 2013-05-10 21:34 6048 ----a-w- c:\programdata\1CD4CBFCA95BC35F00001CD4AF2DC92E\1CD4CBFCA95BC35F00001CD4AF2DC92E
2013-05-10 20:13 . 2013-05-10 20:13 9662 ----a-w- c:\programdata\1CD4CBFCA95BC35F00001CD4AF2DC92E\1CD4CBFCA95BC35F00001CD4AF2DC92E.ico
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"ApplePhotoStreams"="e:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2012-12-17 59872]
"iCloudServices"="e:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2012-12-17 59872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-02-27 291608]
"FreePDF Assistant"="c:\program files (x86)\FreePDF_XP\fpassist.exe" [2011-02-23 371200]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
.
c:\users\Jasmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech . Produktregistrierung.lnk - c:\program files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe [2009-11-16 517384]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HD Writer.lnk - c:\program files (x86)\Common Files\Panasonic\HD Writer AutoStart\HDWriterAutoStart.exe [2013-1-4 292736]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2010-05-25 36328]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-21 20992]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-05-13 157672]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-05-13 16872]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-05-13 177640]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-21 88960]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-21 34816]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-21 117248]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
S0 iusb3hcs;Intel(R) USB 3.0 Hostcontroller-Switchtreiber;c:\windows\system32\DRIVERS\iusb3hcs.sys [2012-02-27 16152]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2011-10-04 55952]
S2 KSS;Kaspersky Security Scan Service;c:\program files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe [2012-04-25 202296]
S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2013-03-06 3560288]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2011-12-05 331264]
S3 iusb3hub;Intel(R) USB 3.0-Hubtreiber;c:\windows\system32\DRIVERS\iusb3hub.sys [2012-02-27 356120]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible-Hostcontrollertreiber;c:\windows\system32\DRIVERS\iusb3xhc.sys [2012-02-27 788760]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2012-06-12 726160]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-05-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-11 20:01]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-01-12 170264]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-01-12 398104]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-01-12 440600]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2013-02-21 2991856]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Nach Microsoft E&xcel exportieren - e:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Gott\AppData\Roaming\Mozilla\Firefox\Profiles\bdydd7wf.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.t-online.de/
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2013-05-10 23:18; {F003DA68-8256-4b37-A6C4-350FA04494DF}; c:\program files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-FRITZ! 2.0 - c:\windows\IsUn0407.exe
AddRemove-{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2468871 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe
AddRemove-{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2487367 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe
AddRemove-{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2533523 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe
AddRemove-{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2600217 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe
AddRemove-{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2656351 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe
AddRemove-{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2736428 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe
AddRemove-{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2742595 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2604121 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2656351 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2656368v2 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2656405 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2686827 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2729449 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2736428 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2737019 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2742595 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2789642 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-05-12 07:40:12
ComboFix-quarantined-files.txt 2013-05-12 05:40
ComboFix2.txt 2013-05-11 21:59
.
Vor Suchlauf: 9.671.876.608 Bytes frei
Nach Suchlauf: 9.470.955.520 Bytes frei
.
- - End Of File - - AB526D1CAD7D8BF1340CCC0A99A86F01
|
|
12.05.2013, 10:00
| #6 |
| /// TB-Ausbilder | "System Care Antivirus" eingefangen Da hab ich richtig vermutet, wir machen das mal weg: Combofix-Skript
__________________ --> "System Care Antivirus" eingefangen |
|
12.05.2013, 12:45
| #7 |
| | "System Care Antivirus" eingefangen Hi ryder! Vielen Dank nochmal für deinen Einsatz! Darf ich fragen was Du richtig vermutet hast? Hier ist der aktuelle LOG. Gruß Code:
ATTFilter ComboFix 13-05-12.01 - Gott 12.05.2013 13:36:52.4.4 - x64
Microsoft Windows 7 Enterprise 6.1.7601.1.1252.49.1031.18.7884.6090 [GMT 2:00]
ausgeführt von:: c:\users\Gott\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Gott\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\1CD4CBFCA95BC35F00001CD4AF2DC92E
c:\programdata\1CD4CBFCA95BC35F00001CD4AF2DC92E\1CD4CBFCA95BC35F00001CD4AF2DC92E
c:\programdata\1CD4CBFCA95BC35F00001CD4AF2DC92E\1CD4CBFCA95BC35F00001CD4AF2DC92E.ico
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-04-12 bis 2013-05-12 ))))))))))))))))))))))))))))))
.
.
2013-05-12 11:39 . 2013-05-12 11:39 -------- d-----w- c:\users\Jasmin\AppData\Local\temp
2013-05-12 11:39 . 2013-05-12 11:39 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-05-10 21:45 . 2013-05-09 08:58 287840 ----a-w- c:\windows\system32\aswBoot.exe
2013-05-10 21:45 . 2013-05-10 21:45 -------- d-----w- c:\program files\AVAST Software
2013-05-10 21:43 . 2013-05-11 19:51 -------- d-----w- c:\programdata\AVAST Software
2013-05-10 21:18 . 2013-05-10 21:18 -------- d-----w- c:\users\Jasmin\AppData\Roaming\Leadertech
2013-05-10 21:18 . 2013-05-10 21:18 -------- d-----w- c:\programdata\Kaspersky Lab
2013-05-10 21:18 . 2013-05-10 21:18 -------- d-----w- c:\program files (x86)\Kaspersky Lab
2013-05-10 21:18 . 2013-05-10 21:18 -------- d-----w- c:\programdata\Logitech
2013-05-10 21:17 . 2013-05-10 21:17 -------- d-----w- c:\program files\Logitech
2013-05-10 21:17 . 2013-05-10 21:18 -------- d-----w- c:\program files\Common Files\LogiShrd
2013-05-10 21:17 . 2013-05-10 21:17 -------- d-----w- c:\users\Jasmin\AppData\Roaming\Logishrd
2013-05-10 21:01 . 2013-05-10 21:12 -------- d-----w- c:\users\Jasmin\AppData\Roaming\QuickScan
2013-05-10 19:23 . 2013-04-10 03:46 9317456 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E8BC3D33-F9D3-4CE2-AD1D-7366D1811C33}\mpengine.dll
2013-04-24 16:54 . 2013-04-12 14:45 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-15 10:58 . 2013-04-15 10:58 -------- d-----w- c:\users\Jasmin\AppData\Roaming\Apple Computer
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-10 21:18 . 2012-10-13 19:56 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2013-05-02 00:06 . 2010-11-21 03:27 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-04-11 21:38 . 2012-08-13 17:40 72702784 ----a-w- c:\windows\system32\MRT.exe
2013-04-05 21:16 . 2013-04-05 21:16 97280 ----a-w- c:\windows\system32\mshtmled.dll
2013-04-05 21:16 . 2013-04-05 21:16 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-04-05 21:16 . 2013-04-05 21:16 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-04-05 21:16 . 2013-04-05 21:16 81408 ----a-w- c:\windows\system32\icardie.dll
2013-04-05 21:16 . 2013-04-05 21:16 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-04-05 21:16 . 2013-04-05 21:16 762368 ----a-w- c:\windows\system32\ieapfltr.dll
2013-04-05 21:16 . 2013-04-05 21:16 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-04-05 21:16 . 2013-04-05 21:16 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-04-05 21:16 . 2013-04-05 21:16 62976 ----a-w- c:\windows\system32\pngfilt.dll
2013-04-05 21:16 . 2013-04-05 21:16 61952 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-04-05 21:16 . 2013-04-05 21:16 599552 ----a-w- c:\windows\system32\vbscript.dll
2013-04-05 21:16 . 2013-04-05 21:16 523264 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-04-05 21:16 . 2013-04-05 21:16 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-04-05 21:16 . 2013-04-05 21:16 51200 ----a-w- c:\windows\system32\imgutil.dll
2013-04-05 21:16 . 2013-04-05 21:16 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-04-05 21:16 . 2013-04-05 21:16 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-04-05 21:16 . 2013-04-05 21:16 452096 ----a-w- c:\windows\system32\dxtmsft.dll
2013-04-05 21:16 . 2013-04-05 21:16 441856 ----a-w- c:\windows\system32\html.iec
2013-04-05 21:16 . 2013-04-05 21:16 38400 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-04-05 21:16 . 2013-04-05 21:16 361984 ----a-w- c:\windows\SysWow64\html.iec
2013-04-05 21:16 . 2013-04-05 21:16 281600 ----a-w- c:\windows\system32\dxtrans.dll
2013-04-05 21:16 . 2013-04-05 21:16 27648 ----a-w- c:\windows\system32\licmgr10.dll
2013-04-05 21:16 . 2013-04-05 21:16 270848 ----a-w- c:\windows\system32\iedkcs32.dll
2013-04-05 21:16 . 2013-04-05 21:16 247296 ----a-w- c:\windows\system32\webcheck.dll
2013-04-05 21:16 . 2013-04-05 21:16 235008 ----a-w- c:\windows\system32\url.dll
2013-04-05 21:16 . 2013-04-05 21:16 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-04-05 21:16 . 2013-04-05 21:16 226304 ----a-w- c:\windows\system32\elshyph.dll
2013-04-05 21:16 . 2013-04-05 21:16 216064 ----a-w- c:\windows\system32\msls31.dll
2013-04-05 21:16 . 2013-04-05 21:16 197120 ----a-w- c:\windows\system32\msrating.dll
2013-04-05 21:16 . 2013-04-05 21:16 185344 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-04-05 21:16 . 2013-04-05 21:16 173568 ----a-w- c:\windows\system32\ieUnatt.exe
2013-04-05 21:16 . 2013-04-05 21:16 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-04-05 21:16 . 2013-04-05 21:16 158720 ----a-w- c:\windows\SysWow64\msls31.dll
2013-04-05 21:16 . 2013-04-05 21:16 1509376 ----a-w- c:\windows\system32\inetcpl.cpl
2013-04-05 21:16 . 2013-04-05 21:16 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-04-05 21:16 . 2013-04-05 21:16 149504 ----a-w- c:\windows\system32\occache.dll
2013-04-05 21:16 . 2013-04-05 21:16 144896 ----a-w- c:\windows\system32\wextract.exe
2013-04-05 21:16 . 2013-04-05 21:16 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-04-05 21:16 . 2013-04-05 21:16 1400416 ----a-w- c:\windows\system32\ieapfltr.dat
2013-04-05 21:16 . 2013-04-05 21:16 138752 ----a-w- c:\windows\SysWow64\wextract.exe
2013-04-05 21:16 . 2013-04-05 21:16 13824 ----a-w- c:\windows\system32\mshta.exe
2013-04-05 21:16 . 2013-04-05 21:16 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-04-05 21:16 . 2013-04-05 21:16 136192 ----a-w- c:\windows\system32\iepeers.dll
2013-04-05 21:16 . 2013-04-05 21:16 135680 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-04-05 21:16 . 2013-04-05 21:16 12800 ----a-w- c:\windows\SysWow64\mshta.exe
2013-04-05 21:16 . 2013-04-05 21:16 12800 ----a-w- c:\windows\system32\msfeedssync.exe
2013-04-05 21:16 . 2013-04-05 21:16 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-04-05 21:16 . 2013-04-05 21:16 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-04-05 21:16 . 2013-04-05 21:16 102912 ----a-w- c:\windows\system32\inseng.dll
2013-03-19 06:04 . 2013-04-11 14:16 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-19 05:46 . 2013-04-11 14:16 43520 ----a-w- c:\windows\system32\csrsrv.dll
2013-03-19 05:04 . 2013-04-11 14:16 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04 . 2013-04-11 14:16 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47 . 2013-04-11 14:16 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll
2013-03-19 03:06 . 2013-04-11 14:16 112640 ----a-w- c:\windows\system32\smss.exe
2013-03-13 20:01 . 2012-08-11 14:46 73432 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-13 20:01 . 2012-08-11 14:46 693976 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-03-09 20:34 . 2012-09-03 18:21 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-03-09 20:34 . 2012-08-14 13:20 861088 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-03-09 20:34 . 2012-08-14 13:20 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-03-01 03:36 . 2013-04-11 14:16 3153408 ----a-w- c:\windows\system32\win32k.sys
2013-02-21 10:30 . 2013-04-11 21:37 1766912 ----a-w- c:\windows\SysWow64\wininet.dll
2013-02-21 10:29 . 2013-04-11 21:37 2877440 ----a-w- c:\windows\SysWow64\jscript9.dll
2013-02-21 10:29 . 2013-04-11 21:37 61440 ----a-w- c:\windows\SysWow64\iesetup.dll
2013-02-21 10:29 . 2013-04-11 21:37 109056 ----a-w- c:\windows\SysWow64\iesysprep.dll
2013-02-21 10:15 . 2013-04-11 21:37 51712 ----a-w- c:\windows\system32\ie4uinit.exe
2013-02-21 10:15 . 2013-04-11 21:37 2240512 ----a-w- c:\windows\system32\wininet.dll
2013-02-21 10:14 . 2013-04-11 21:37 1365504 ----a-w- c:\windows\system32\urlmon.dll
2013-02-21 10:14 . 2013-04-11 21:37 19230208 ----a-w- c:\windows\system32\mshtml.dll
2013-02-21 10:14 . 2013-04-11 21:37 603136 ----a-w- c:\windows\system32\msfeeds.dll
2013-02-21 10:14 . 2013-04-11 21:37 3958784 ----a-w- c:\windows\system32\jscript9.dll
2013-02-21 10:14 . 2013-04-11 21:37 53248 ----a-w- c:\windows\system32\jsproxy.dll
2013-02-21 10:14 . 2013-04-11 21:37 855552 ----a-w- c:\windows\system32\jscript.dll
2013-02-21 10:14 . 2013-04-11 21:37 526336 ----a-w- c:\windows\system32\ieui.dll
2013-02-21 10:14 . 2013-04-11 21:37 67072 ----a-w- c:\windows\system32\iesetup.dll
2013-02-21 10:14 . 2013-04-11 21:37 2647040 ----a-w- c:\windows\system32\iertutil.dll
2013-02-21 10:14 . 2013-04-11 21:37 136704 ----a-w- c:\windows\system32\iesysprep.dll
2013-02-21 10:14 . 2013-04-11 21:37 39936 ----a-w- c:\windows\system32\iernonce.dll
2013-02-21 10:14 . 2013-04-11 21:37 15404544 ----a-w- c:\windows\system32\ieframe.dll
2013-02-19 12:01 . 2013-04-11 21:37 2706432 ----a-w- c:\windows\SysWow64\mshtml.tlb
2013-02-19 11:42 . 2013-04-11 21:37 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2013-02-19 11:10 . 2013-04-11 21:37 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2013-02-19 10:51 . 2013-04-11 21:37 89600 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-02-15 06:08 . 2013-04-11 14:16 44032 ----a-w- c:\windows\system32\tsgqec.dll
2013-02-15 06:06 . 2013-04-11 14:16 3717632 ----a-w- c:\windows\system32\mstscax.dll
2013-02-15 06:02 . 2013-04-11 14:16 158720 ----a-w- c:\windows\system32\aaclient.dll
2013-02-15 04:37 . 2013-04-11 14:16 3217408 ----a-w- c:\windows\SysWow64\mstscax.dll
2013-02-15 04:34 . 2013-04-11 14:16 131584 ----a-w- c:\windows\SysWow64\aaclient.dll
2013-02-15 03:25 . 2013-04-11 14:16 36864 ----a-w- c:\windows\SysWow64\tsgqec.dll
2013-02-12 05:45 . 2013-03-14 12:06 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45 . 2013-03-14 12:06 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45 . 2013-03-14 12:06 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45 . 2013-03-14 12:06 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48 . 2013-03-14 12:06 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-14 12:06 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-02-12 04:12 . 2013-03-20 19:56 19968 ----a-w- c:\windows\system32\drivers\usb8023.sys
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"ApplePhotoStreams"="e:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2012-12-17 59872]
"iCloudServices"="e:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2012-12-17 59872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-02-27 291608]
"FreePDF Assistant"="c:\program files (x86)\FreePDF_XP\fpassist.exe" [2011-02-23 371200]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
.
c:\users\Jasmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech . Produktregistrierung.lnk - c:\program files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe [2009-11-16 517384]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HD Writer.lnk - c:\program files (x86)\Common Files\Panasonic\HD Writer AutoStart\HDWriterAutoStart.exe [2013-1-4 292736]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2010-05-25 36328]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-21 20992]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-05-13 157672]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-05-13 16872]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-05-13 177640]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-21 88960]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-21 34816]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-21 117248]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
S0 iusb3hcs;Intel(R) USB 3.0 Hostcontroller-Switchtreiber;c:\windows\system32\DRIVERS\iusb3hcs.sys [2012-02-27 16152]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2011-10-04 55952]
S2 KSS;Kaspersky Security Scan Service;c:\program files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe [2012-04-25 202296]
S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2013-03-06 3560288]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2011-12-05 331264]
S3 iusb3hub;Intel(R) USB 3.0-Hubtreiber;c:\windows\system32\DRIVERS\iusb3hub.sys [2012-02-27 356120]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible-Hostcontrollertreiber;c:\windows\system32\DRIVERS\iusb3xhc.sys [2012-02-27 788760]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2012-06-12 726160]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-05-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-11 20:01]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-01-12 170264]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-01-12 398104]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-01-12 440600]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2013-02-21 2991856]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Nach Microsoft E&xcel exportieren - e:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Gott\AppData\Roaming\Mozilla\Firefox\Profiles\bdydd7wf.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.t-online.de/
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2013-05-10 23:18; {F003DA68-8256-4b37-A6C4-350FA04494DF}; c:\program files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-FRITZ! 2.0 - c:\windows\IsUn0407.exe
AddRemove-{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2468871 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe
AddRemove-{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2487367 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe
AddRemove-{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2533523 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe
AddRemove-{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2600217 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe
AddRemove-{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2656351 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe
AddRemove-{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2736428 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe
AddRemove-{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2742595 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2604121 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2656351 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2656368v2 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2656405 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2686827 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2729449 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2736428 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2737019 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2742595 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2789642 - c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-05-12 13:40:55
ComboFix-quarantined-files.txt 2013-05-12 11:40
ComboFix2.txt 2013-05-12 05:40
ComboFix3.txt 2013-05-11 21:59
.
Vor Suchlauf: 9.146.896.384 Bytes frei
Nach Suchlauf: 9.086.771.200 Bytes frei
.
- - End Of File - - 599FCDB2F2F39FA3EACAD9AEE7E00EA5
|
|
12.05.2013, 12:55
| #8 |
| /// TB-Ausbilder | "System Care Antivirus" eingefangen Na dass das der Übeltäter war. Bevor es weiter geht: Besteht das Problem noch?
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
12.05.2013, 13:15
| #9 |
| | "System Care Antivirus" eingefangen Nein, das Problem besteht nicht mehr. Wie im ersten Post von mir beschrieben war das Programm, nach dem ich einen im Netz gefundenen Aktivierungscode eingegeben und somit über die Systemsteuerung - Software deinstalliert hatte, weg. Nur habe ich im Netz gelesen das sich das Ding wohl tief einnistet und es irgendwann wieder auftaucht. Ich habe auch gelesen, das man zwingend den Rechner neu aufsetzen muss und habe deshalb hier im Board nach Hilfe gesucht um diesen Schritt zu vermeiden. Wie es wohl aussieht klappt es dank deiner Hilfe auch ohne Neuinstallation. |
|
12.05.2013, 13:21
| #10 |
| /// TB-Ausbilder | "System Care Antivirus" eingefangen Mir war nur wichtig, dass man nicht noch irgendwelche Anzeichen gesehen hat. Gut!  Soweit ich das sehe haben wir damit alles Schädliche entfernt. Um sicher sein zu können müssen jetzt noch ein paar Kontrollen machen und werden dann deinen Computer noch auf einen sicheren Stand bringen. Da diese Scans jetzt sehr lange dauern können bitte ich dich mir erst wieder zu schreiben, wenn du auch wirklich alles erledigt hast oder Probleme auftreten sollten. Schritt 1: Quick-Scan mit Malwarebytes Downloade Dir bitteSchritt 2: Hinweis: Der Scan kann sehr lange (einige Stunden) dauern!  Schritt 3: Scan mit SecurityCheck Downloade Dir bitte  SecurityCheck und:
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
12.05.2013, 15:03
| #11 |
| | "System Care Antivirus" eingefangen So, Programme sind durch. Eset hat 5 Einträge gefunden (siehe Logs) Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.05.12.02 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16540 Gott :: HOMEOFFICE [Administrator] 12.05.2013 14:26:51 mbam-log-2013-05-12 (14-26-51).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 240800 Laufzeit: 2 Minute(n), 12 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=b31b420e0c88734c80579e311bf6a10d
# engine=13811
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-05-12 01:54:59
# local_time=2013-05-12 03:54:59 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=771 16777214 16 1 65037 65037 0 0
# compatibility_mode=5893 16776573 100 94 153104 119996749 0 0
# scanned=204981
# found=5
# cleaned=0
# scan_time=4811
sh=3AEF532A0211CE7869F0EB51E940D9E0C7CAE321 ft=1 fh=c7560653d3ee2314 vn="a variant of Win32/Adware.Yontoo.B application" ac=I fn="C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setupx.dll"
sh=3AEF532A0211CE7869F0EB51E940D9E0C7CAE321 ft=1 fh=c7560653d3ee2314 vn="a variant of Win32/Adware.Yontoo.B application" ac=I fn="C:\Users\All Users\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setupx.dll"
sh=166A1CC3CE5C144AD4031FE4B29F70EF4F8263D8 ft=0 fh=0000000000000000 vn="a variant of Java/Exploit.CVE-2013-2423.AI trojan" ac=I fn="C:\Users\Gott\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\4317d76b-5a4c692f"
sh=F36A83C657AA459D5E407A2D7CBADDA8E6159328 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Users\Jasmin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\3d7ed061-310e4268"
sh=27D4ABF9426897D5E3DC2F7AF62B6752C9F00385 ft=0 fh=0000000000000000 vn="Java/TrojanDownloader.Agent.NBN trojan" ac=I fn="H:\Neuer Ordner\Neuer Ordner (3)\Nicole\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48\68c854b0-59d6d0d0"
Code:
ATTFilter a Results of screen317's Security Check version 0.99.63 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware Version 1.75.0.1300 JavaFX 2.1.1 Java 7 Update 17 Java version out of Date! Adobe Flash Player 11.6.602.180 Adobe Reader 10.1.6 Adobe Reader out of Date! Mozilla Firefox (20.0.1) Mozilla Thunderbird 15.0. Thunderbird out of Date! ````````Process Check: objlist.exe by Laurent```````` `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` |
|
12.05.2013, 20:36
| #12 |
| /// TB-Ausbilder | "System Care Antivirus" eingefangen Gut. Lasse Eset nochmals laufen und entferne die Funde. Prima! Damit wären wir fertig. Wir räumen jetzt noch ein wenig auf und dann habe ich am Ende etwas Lesestoff für dich. Schritt 1: Tools deinstallieren Die Reihenfolge ist hier entscheidend.
Schritt 2: ESET deinstallieren (Optional)
Schritt 3: Java Update (Windows XP, Vista, 7) Dein Java ist nicht mehr aktuell. Ältere Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können. Schritt 4: Update für Thunderbird Abschließend noch Tipps zu folgenden Themen:
Lesestoff:Systemupdates Man kann es gar nicht oft genug erwähnen, wie wichtig es ist, sein System aktuell zu halten. Dein Auto bringst du ja auch regelmässig zur Inspektion in die Werkstatt. Stelle also bitte sicher, dass die Systemupdates aktiviert sind:
Lesestoff:Softwareupdates Ebenso wichtig wie die Systemprogramme ist auch die Software, die du täglich nutzt. Die folgende Liste gibt dir einen kleinen Überblick mit Links zu den Updates, welche Programme dringend aktuell gehalten werden müssen (falls du sie überhaupt installiert hast und nutzt), weil durch deren Sicherheitslücken oft Malware auf die Computer gelangen kann:
Lesestoff:Sicherheitssoftware Würde dich jemand nackt auf dem Motorrad auf der Autobahn überholen würdest du auch den Kopf schütteln. Dein Computer braucht auch einen Schutz vor den täglichen kleinen Angriffen durch Schädlinge. Neben hervorragenden kommerziellen Anti-Viren-Lösungen gibt es auch durchaus gute Schutzprogramme, die kostenfrei mit reduziertem Funktionsumfang erhältlich sind. Aber vorsicht, hier gilt nicht "je mehr desto besser". Was du brauchst ist genau einen Virenscanner mit Hintergrundwächter. Nicht mehr und nicht weniger. Es gibt hier viele Produkte auf dem Markt, die einem gute Dienste leisten. Ich persönlich empfehle dir Avast Free Antivirus. Es bietet relativ guten Schutz, bei wenig nerviger Werbung und installiert dir ein Browserplugin, das dich vor gefährlichen Webseiten warnt.
 Lesestoff:Sicheres Surfen Zunächst muss man sagen, dass es üblicherweise immer der menschliche Faktor ist, der es Malware ermöglicht auf einen Computer zu gelangen. Kaufst du Leuten, die an deiner Haustür klingeln, auch sofort ohne nachzudenken irgendwelches Zeug ab? Gewöhne dir daher zunächst einige Verhaltensregeln beim Surfen im Internet an:
Aber selbst bei der peinlichen Einhaltung dieser Regeln kann es dennoch zu einer sogenannten Drive-By-Infektion kommen, bei der ein Schädling aus dem Schutzmechanismus des Webbrowsers ausbricht. Um die Sicherheit noch weiter zu erhöhen gibt es spezielle Schutzsoftware, die deinen Browser noch weiter absichert.
Zuletzt denke bitte über die Benutzung eines alternativen Browsers nach. Programme, die nicht so oft verwendet werden, sind auch nicht so sehr im Focus der "bösen Jungs". D.h. du bist mit einem exotischen Browser eher auf der sicheren Seite. Grundsätzlich bist du erst einmal deutlich sicherer, wenn du nicht den Internet Explorer benutzt.
Damit wünsche ich dir noch viel Spaß beim Surfen im Internet ... und vielleicht möchtest du ja das Trojaner-Board unterstützen? Eine Bitte: Gib mir eine kurze Rückmeldung, wenn alles erledigt ist und keine Fragen mehr vorhanden sind, damit ich diesen Thread aus meinen Abos löschen kann.
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
13.05.2013, 20:46
| #13 |
| | "System Care Antivirus" eingefangen Hi ryder! Vielen, vielen Dank! Bin jetzt mit allem durch und habe keine Funde in irgendeiner Form mehr. Habe deine Ratschläge angenommen und alles aktualisiert, Avast Virescanner, Malwarebytes und Eset für einmal die Woche. Ich danke Dir nochmal für die super Unterstützung und werde etwas für das Board spenden! gruß dover |
|
13.05.2013, 20:48
| #14 |
| /// TB-Ausbilder | "System Care Antivirus" eingefangen Schön, dass wir helfen konnten  Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Solltest Du das Thema erneut brauchen schicke mir bitte eine PM. Jeder andere bitte hier klicken und einen eigenen Thread erstellen Falls du noch Lob oder Kritik loswerden möchtest, dann gibt es diesen Bereich hier: http://www.trojaner-board.de/lob-kritik-wuensche/
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
| Themen zu "System Care Antivirus" eingefangen |
| 7-zip, antivirus, application/pdf:, bho, bonjour, browser, error, fehler, firefox, flash player, google, helper, iexplore.exe, install.exe, kaspersky, keine tastatur, logfile, maus, mozilla, plug-in, problem, programm, realtek, registry, scan, security, svchost.exe, system, system care, system error, tracker, windows |
+ R Taste und kopiere folgenden Text in das Ausführen-Fenster und klicke OK.
Linear-Darstellung
