| |
| |||||||
Log-Analyse und Auswertung: Elektroshop Wagner , leider geöffnet.............Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
20.05.2013, 13:24
| #1 |
| |  Elektroshop Wagner , leider geöffnet............. Hallo, auch ich "arbeite" mit oder besser gesagt gegen Elektoshop Wagner..... Ich bin nicht gerade die hellste Kerze auf der Computer-Geburtstagstorte und kenne mich nicht gut aus, deshalb hoffe ich auf Geduld und Formulierungen für Dummies! Also, besagte email erhalten und versucht zu öffnen  .Norton hat mir zwar "irgendetwas" isoliert und entfernt, aber ist jetzt wirlich alles weg? Habe mir OTL runtergeladen und einen quickscan durchgeführt. Als Ergebnis erhielt ich folgende Datei:OTL Logfile: Code:
ATTFilter OTL logfile created on: 20.05.2013 14:04:10 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Plum\Desktop Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,87 Gb Total Physical Memory | 0,60 Gb Available Physical Memory | 32,11% Memory free 3,74 Gb Paging File | 1,75 Gb Available in Paging File | 46,78% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 116,44 Gb Total Space | 34,39 Gb Free Space | 29,53% Space Free | Partition Type: NTFS Drive D: | 116,05 Gb Total Space | 110,73 Gb Free Space | 95,42% Space Free | Partition Type: NTFS Computer Name: PLUM-TOSH | User Name: Plum | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.05.20 14:02:55 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Plum\Desktop\OTL.exe PRC - [2013.05.17 16:13:13 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe PRC - [2013.05.15 13:08:05 | 001,855,880 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe PRC - [2013.01.22 12:26:01 | 000,188,192 | ---- | M] () -- C:\Programme\Continental Trading GmbH\AutoStarter\AutoStarter.exe PRC - [2012.12.18 16:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.10.12 17:23:40 | 000,263,784 | ---- | M] (Buyond GmbH) -- C:\Programme\Buyond_GmbH\GloboFleet_CC_Plus\GloboFleet_CC_Plus.exe PRC - [2012.07.03 10:04:58 | 000,507,312 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Common Files\Java\Java Update\jucheck.exe PRC - [2011.09.09 10:19:23 | 000,329,168 | ---- | M] () -- C:\Programme\Verbindungsassistent\WTGService.exe PRC - [2011.04.17 02:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Programme\Norton 360 Premier Edition\Engine\5.2.2.3\ccsvchst.exe PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2010.11.20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2010.06.14 15:07:14 | 000,615,936 | ---- | M] (Nokia) -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe PRC - [2010.06.07 13:51:24 | 000,138,752 | ---- | M] (Nokia) -- C:\Programme\PC Connectivity Solution\Transports\NclUSBSrv.exe PRC - [2010.05.14 10:32:30 | 001,479,680 | ---- | M] (Nokia) -- C:\Programme\Nokia\Nokia PC Suite 7\PCSuite.exe PRC - [2009.10.27 10:15:02 | 000,120,832 | ---- | M] (Nokia) -- C:\Programme\PC Connectivity Solution\Transports\NclRSSrv.exe PRC - [2009.08.27 14:37:10 | 000,185,712 | ---- | M] (TOSHIBA Corporation) -- C:\Programme\TOSHIBA\TECO\TecoService.exe PRC - [2009.08.17 11:48:46 | 001,294,136 | ---- | M] (TOSHIBA Corporation) -- C:\Programme\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe PRC - [2009.08.17 11:48:42 | 000,051,512 | ---- | M] (TOSHIBA Corporation) -- C:\Programme\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe PRC - [2009.08.10 20:55:46 | 000,185,712 | ---- | M] (TOSHIBA CORPORATION) -- C:\Programme\TOSHIBA\ConfigFree\CFIWmxSvcs.exe PRC - [2009.08.06 15:02:02 | 000,029,528 | ---- | M] (TOSHIBA Corporation) -- C:\Programme\TOSHIBA\ReelTime\TosReelTimeMonitor.exe PRC - [2009.08.05 15:18:50 | 000,464,224 | ---- | M] (TOSHIBA Corporation) -- C:\Programme\TOSHIBA\Power Saver\TosCoSrv.exe PRC - [2009.08.05 15:04:54 | 000,738,616 | ---- | M] (TOSHIBA Corporation) -- C:\Programme\TOSHIBA\FlashCards\TCrdMain.exe PRC - [2009.08.03 18:16:50 | 001,021,272 | ---- | M] (TOSHIBA Corporation) -- C:\Programme\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe PRC - [2009.08.03 18:16:32 | 000,111,960 | ---- | M] (TOSHIBA Corporation) -- C:\Programme\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe PRC - [2009.07.28 15:43:04 | 000,128,344 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe PRC - [2009.07.21 22:40:40 | 000,083,336 | ---- | M] (TOSHIBA CORPORATION) -- C:\Programme\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe PRC - [2009.07.14 03:14:17 | 000,008,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dinotify.exe PRC - [2009.03.10 19:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) -- C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe PRC - [2007.02.09 09:36:36 | 000,221,184 | ---- | M] (T-Com) -- C:\Programme\T-Home\Eumex 800 V1.30\ControlCenter.exe ========== Modules (No Company Name) ========== MOD - [2013.05.17 16:13:11 | 003,128,728 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll MOD - [2013.05.15 13:08:04 | 016,033,160 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_7_700_202.dll MOD - [2013.01.22 12:26:01 | 000,188,192 | ---- | M] () -- C:\Programme\Continental Trading GmbH\AutoStarter\AutoStarter.exe MOD - [2012.06.15 14:40:05 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\69ca4a43ba14b66689715ad62aed70e6\System.ServiceProcess.ni.dll MOD - [2012.06.15 14:39:02 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll MOD - [2012.06.15 14:38:50 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll MOD - [2012.05.15 11:22:20 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll MOD - [2012.05.15 11:22:14 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll MOD - [2012.05.15 11:22:12 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll MOD - [2012.05.15 11:21:34 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll MOD - [2011.06.24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011.06.24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2010.11.13 02:02:22 | 000,434,176 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll MOD - [2010.11.13 02:02:21 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2009.09.07 13:12:28 | 008,007,680 | ---- | M] () -- C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll MOD - [2009.08.03 18:17:24 | 000,079,192 | ---- | M] () -- C:\Programme\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll MOD - [2009.07.29 16:35:38 | 000,014,648 | ---- | M] () -- C:\Programme\TOSHIBA\TBS\NotifyTBS.dll MOD - [2009.07.16 16:27:48 | 000,052,536 | ---- | M] () -- C:\Programme\TOSHIBA\FlashCards\Hotkey\FnZ.dll MOD - [2009.07.16 16:27:44 | 007,263,544 | ---- | M] () -- C:\Programme\TOSHIBA\FlashCards\BlackPng.dll MOD - [2009.06.22 15:38:40 | 000,015,160 | ---- | M] () -- C:\Programme\TOSHIBA\TOSHIBA Assist\NotifyX.dll MOD - [2009.03.12 20:08:04 | 000,049,152 | ---- | M] () -- C:\Programme\TOSHIBA\PCDiag\NotifyPCD.dll MOD - [2008.08.12 11:16:16 | 002,023,424 | ---- | M] () -- C:\Programme\Nokia\Nokia PC Suite 7\QtCore4.dll MOD - [2008.07.29 14:47:56 | 000,016,384 | ---- | M] () -- C:\Programme\Nokia\Nokia PC Suite 7\imageformats\qsvg4.dll MOD - [2008.07.29 14:47:38 | 000,135,168 | ---- | M] () -- C:\Programme\Nokia\Nokia PC Suite 7\imageformats\qjpeg4.dll MOD - [2008.07.29 14:11:18 | 000,253,952 | ---- | M] () -- C:\Programme\Nokia\Nokia PC Suite 7\QtSvg4.dll MOD - [2008.07.29 14:01:12 | 007,331,840 | ---- | M] () -- C:\Programme\Nokia\Nokia PC Suite 7\QtGUI4.dll MOD - [2008.07.29 13:50:26 | 000,364,544 | ---- | M] () -- C:\Programme\Nokia\Nokia PC Suite 7\QtXml4.dll MOD - [2006.10.07 12:57:04 | 000,053,248 | ---- | M] () -- C:\Programme\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll ========== Services (SafeList) ========== SRV - [2013.05.17 16:13:12 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.05.15 13:08:09 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.01.08 13:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.12.18 16:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.03.11 19:09:04 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc) SRV - [2011.09.09 10:19:23 | 000,329,168 | ---- | M] () [Auto | Running] -- C:\Programme\Verbindungsassistent\WTGService.exe -- (WTGService) SRV - [2011.07.20 06:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2011.04.17 02:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton 360 Premier Edition\Engine\5.2.2.3\ccSvcHst.exe -- (N360) SRV - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2010.06.14 15:07:14 | 000,615,936 | ---- | M] (Nokia) [On_Demand | Running] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2009.08.27 14:37:10 | 000,185,712 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Programme\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service) SRV - [2009.08.17 11:48:42 | 000,051,512 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Programme\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo) SRV - [2009.08.10 20:55:46 | 000,185,712 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Programme\TOSHIBA\ConfigFree\CFIWmxSvcs.exe -- (cfWiMAXService) SRV - [2009.08.06 18:04:56 | 000,685,424 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Programme\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv) SRV - [2009.08.06 16:02:50 | 000,116,104 | ---- | M] (Toshiba Europe GmbH) [Auto | Stopped] -- C:\Programme\Toshiba TEMPRO\TemproSvc.exe -- (TemproMonitoringService) SRV - [2009.08.05 23:48:42 | 000,704,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Live\Family Safety\fsssvc.exe -- (fsssvc) SRV - [2009.08.05 15:18:50 | 000,464,224 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Programme\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv) SRV - [2009.08.03 18:16:32 | 000,111,960 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Programme\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service) SRV - [2009.07.30 06:20:04 | 000,144,752 | ---- | M] (TOSHIBA CORPORATION) [On_Demand | Stopped] -- C:\Programme\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service) SRV - [2009.07.28 15:43:04 | 000,128,344 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv) SRV - [2009.07.14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc) SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2009.03.10 19:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service) SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\RtsUCcid.sys -- (USBCCID) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\Rts516xIR.sys -- (RtsUIR) DRV - [2013.04.13 01:53:06 | 001,000,024 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20130502.001\BHDrvx86.sys -- (BHDrvx86) DRV - [2013.01.16 13:12:41 | 001,603,824 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20130519.005\NAVEX15.SYS -- (NAVEX15) DRV - [2013.01.16 13:12:41 | 000,093,296 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20130519.005\NAVENG.SYS -- (NAVENG) DRV - [2012.09.01 02:27:25 | 000,386,720 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20130517.001\IDSvix86.sys -- (IDSVix86) DRV - [2012.08.10 10:24:26 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Programme\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl) DRV - [2012.08.10 10:24:26 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Programme\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv) DRV - [2011.09.21 12:25:57 | 000,126,584 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent) DRV - [2011.09.09 10:16:40 | 000,103,040 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbfake.sys -- (hwusbfake) DRV - [2011.09.09 10:16:40 | 000,100,224 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewsercd.sys -- (ewsercd) DRV - [2011.04.21 03:37:49 | 000,299,640 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\0502020.003\symnets.sys -- (SymNetS) DRV - [2011.03.31 05:00:09 | 000,516,216 | R--- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\N360\0502020.003\srtsp.sys -- (SRTSP) DRV - [2011.03.31 05:00:09 | 000,050,168 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\0502020.003\srtspx.sys -- (SRTSPX) DRV - [2011.03.15 04:31:23 | 000,744,568 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\N360\0502020.003\symefa.sys -- (SymEFA) DRV - [2011.01.27 08:47:10 | 000,340,088 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\N360\0502020.003\symds.sys -- (SymDS) DRV - [2011.01.27 07:07:05 | 000,136,312 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\0502020.003\ironx86.sys -- (SymIRON) DRV - [2010.11.20 14:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus) DRV - [2010.11.20 14:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt) DRV - [2010.11.20 14:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc) DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010.11.20 11:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID) DRV - [2010.11.20 11:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap) DRV - [2010.02.26 14:32:58 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt) DRV - [2010.02.26 14:32:46 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev) DRV - [2010.02.26 14:32:44 | 000,022,528 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc) DRV - [2010.02.26 14:32:44 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd) DRV - [2010.02.26 14:21:22 | 000,137,344 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsu.sys -- (nmwcdnsu) DRV - [2010.02.26 14:21:22 | 000,008,320 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc) DRV - [2010.02.15 10:55:52 | 000,144,640 | ---- | M] (ZF Electronics) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ch2kccid.sys -- (CH2KCCID) DRV - [2009.08.27 23:19:22 | 000,859,136 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rtl8192se.sys -- (rtl8192se) DRV - [2009.08.05 15:44:44 | 000,049,400 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfusb.sys -- (Tosrfusb) DRV - [2009.08.05 13:55:08 | 000,061,168 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TosRfSnd.sys -- (TosRfSnd) DRV - [2009.07.30 21:02:34 | 000,036,208 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LPCFilter.sys -- (LPCFilter) DRV - [2009.07.30 18:45:22 | 000,171,520 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV - [2009.07.30 17:45:56 | 000,022,912 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst) DRV - [2009.07.28 21:01:26 | 000,069,480 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\tosrfcom.sys -- (Tosrfcom) DRV - [2009.07.24 16:57:06 | 000,275,536 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tos_sps32.sys -- (tos_sps32) DRV - [2009.07.24 12:31:58 | 000,021,608 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfnds.sys -- (tosrfnds) DRV - [2009.07.14 16:28:42 | 000,023,512 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ) DRV - [2009.07.14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp) DRV - [2009.07.14 00:09:17 | 004,194,816 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2009.07.14 00:02:46 | 001,096,704 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2009.07.13 23:13:10 | 000,015,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfec.sys -- (tosrfec) DRV - [2009.07.10 07:44:52 | 000,122,880 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) DRV - [2009.07.07 22:38:34 | 000,168,936 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfbd.sys -- (tosrfbd) DRV - [2009.06.22 18:04:58 | 000,024,064 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PGEffect.sys -- (PGEffect) DRV - [2009.06.19 20:31:08 | 000,012,920 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\TVALZFL.sys -- (TVALZFL) DRV - [2009.06.19 10:57:20 | 000,079,872 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Tosrfhid.sys -- (Tosrfhid) DRV - [2009.06.19 10:56:48 | 000,042,472 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfbnp.sys -- (tosrfbnp) DRV - [2009.06.17 12:59:46 | 000,046,984 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosporte.sys -- (tosporte) DRV - [2008.12.13 11:27:50 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard) DRV - [2008.08.26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2007.11.08 14:10:00 | 000,288,768 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTL8187B.sys -- (RTL8187B) DRV - [2007.08.15 01:00:00 | 000,567,936 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\fxusbase.sys -- (fxusbase) DRV - [2007.08.15 01:00:00 | 000,064,512 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avmcowan.sys -- (AVMCOWAN) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2101}: "URL" = hxxp://www.searchqu.com/web?src=ieb&appid=282&systemid=101&sr=0&q={searchTerms} IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://www.searchqu.com/web?src=ieb&appid=204&systemid=406&sr=0&q={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSEH&bmod=TSEH IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ig?hl=de&source=webhp#t_0 IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{1A2D7A4B-C65A-4AC5-9E90-627F356BA209}: "URL" = hxxp://www.amazon.de/gp/search?ie=UTF8&keywords={searchTerms}&tag=tochibade-win7-ie-search-21&index=blended&linkCode=ur2 IE - HKCU\..\SearchScopes\{23BBD3BE-B504-4B4E-8B97-C7446135415C}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=WCR&o=41647931&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=81&apn_dtid=YYYYYYYYDE&apn_uid=A122EDB3-0D72-4332-A050-106CD74431C5&apn_sauid=B451D1C7-3999-4261-AFCC-771B21ED406D IE - HKCU\..\SearchScopes\{632D4C05-90CC-49ED-8566-BD6B8B5AD660}: "URL" = hxxp://rover.ebay.com/rover/1/707-44556-9400-9/4?satitle={searchTerms} IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7TSEH_deDE367 IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2101}: "URL" = hxxp://www.searchqu.com/web?src=ieb&appid=282&systemid=101&sr=0&q={searchTerms} IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://www.searchqu.com/web?src=ieb&appid=204&systemid=406&sr=0&q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "" FF - prefs.js..browser.search.defaultthis.engineName: "Freecorder Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.selectedEngine: "" FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0 FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&SearchSource=2&q=" FF - prefs.js..network.proxy.type: 0 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.11.20 20:37:46 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\IPSFFPlgn\ [2012.02.19 21:11:47 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\coFFPlgn_2011_7_13_2 [2013.05.18 09:12:08 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.05.17 16:13:22 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.11.20 20:37:46 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.05.17 16:13:22 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.10.04 22:19:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Plum\AppData\Roaming\mozilla\Extensions [2012.12.28 13:44:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Plum\AppData\Roaming\mozilla\Firefox\Profiles\ot36nxgg.default\extensions [2012.01.27 23:32:26 | 000,000,000 | ---D | M] (Complitly - Speed up your search with your personal search suggestions tool) -- C:\Users\Plum\AppData\Roaming\mozilla\Firefox\Profiles\ot36nxgg.default\extensions\{33e0daa6-3af3-d8b5-6752-10e949c61516} [2011.07.04 15:54:25 | 000,000,000 | ---D | M] (IMinent Toolbar) -- C:\Users\Plum\AppData\Roaming\mozilla\Firefox\Profiles\ot36nxgg.default\extensions\{C9B68337-E93A-44EA-94DC-CB300EC06444} [2012.02.29 22:35:58 | 000,000,000 | ---D | M] (Softonic Toolbar) -- C:\Users\Plum\AppData\Roaming\mozilla\Firefox\Profiles\ot36nxgg.default\extensions\ffxtlbra@softonic.com [2012.01.18 20:41:14 | 000,000,923 | ---- | M] () -- C:\Users\Plum\AppData\Roaming\mozilla\firefox\profiles\ot36nxgg.default\searchplugins\conduit.xml [2011.10.09 15:15:30 | 000,003,915 | ---- | M] () -- C:\Users\Plum\AppData\Roaming\mozilla\firefox\profiles\ot36nxgg.default\searchplugins\SweetIM Search.xml [2012.10.26 21:34:20 | 000,003,915 | ---- | M] () -- C:\Users\Plum\AppData\Roaming\mozilla\firefox\profiles\ot36nxgg.default\searchplugins\sweetim.xml [2013.05.17 16:12:45 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2013.05.17 16:13:16 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\browser\extensions [2013.05.17 16:13:16 | 000,000,000 | ---D | M] (Default) -- C:\Programme\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ========== Chrome ========== CHR - default_search_provider: Web Search (Enabled) CHR - default_search_provider: search_url = hxxp://www.searchqu.com/web?src=crb&appid=204&systemid=406&sr=0&q={searchTerms} CHR - default_search_provider: suggest_url = CHR - homepage: hxxp://www.google.com O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (Complitly) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Users\Plum\AppData\Roaming\Complitly\Complitly.dll (SimplyGen) O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Programme\Norton 360 Premier Edition\Engine\5.2.2.3\coieplg.dll (Symantec Corporation) O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Programme\Norton 360 Premier Edition\Engine\5.2.2.3\ips\ipsbho.dll (Symantec Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Norton 360 Premier Edition\Engine\5.2.2.3\coieplg.dll (Symantec Corporation) O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {1CBF31FC-3C23-4BA6-AF16-2CEC501BD837} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Norton 360 Premier Edition\Engine\5.2.2.3\coieplg.dll (Symantec Corporation) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [00TCrdMain] C:\Programme\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [AutoStarter] C:\Programme\Continental Trading GmbH\AutoStarter\AutoStarter.exe () O4 - HKLM..\Run: [GloboFleet] C:\Program Files\Buyond_GmbH\GloboFleet_CC_Plus\GloboFleet_CC_Plus.exe (Buyond GmbH) O4 - HKLM..\Run: [HSON] C:\Programme\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.) O4 - HKLM..\Run: [SmartFaceVWatcher] C:\Programme\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA) O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation) O4 - HKCU..\Run: [PC Suite Tray] C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia) F3 - HKCU WinNT: Load - (C:\Users\Plum\LOCALS~1\Temp\msvavz.com) - File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Web-Suche - C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html File not found O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: fritz.repeater ([]* in Lokales Intranet) O15 - HKCU\..Trusted Ranges: Range1 ([*] in Lokales Intranet) O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control) O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-31-0.cab (EPUImageControl Class) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.9.2) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{06B7E884-D807-43EB-9CFE-5ABFDEEA5784}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4824081F-1933-45D4-875A-97E42CA189D3}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{b66540fc-2c10-11df-bcef-002622ec382d}\Shell - "" = AutoRun O33 - MountPoints2\{b66540fc-2c10-11df-bcef-002622ec382d}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a O33 - MountPoints2\{b8672c84-d14b-11e0-96ab-002622ec382d}\Shell - "" = AutoRun O33 - MountPoints2\{b8672c84-d14b-11e0-96ab-002622ec382d}\Shell\AutoRun\command - "" = F:\.\Autorun.exe AUTORUN=1 O33 - MountPoints2\{dbc86b8e-7c57-11df-96d3-002622ec382d}\Shell - "" = AutoRun O33 - MountPoints2\{dbc86b8e-7c57-11df-96d3-002622ec382d}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{dbc86b97-7c57-11df-96d3-002622ec382d}\Shell - "" = AutoRun O33 - MountPoints2\{dbc86b97-7c57-11df-96d3-002622ec382d}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{dbc86baa-7c57-11df-96d3-002622ec382d}\Shell - "" = AutoRun O33 - MountPoints2\{dbc86baa-7c57-11df-96d3-002622ec382d}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{dbc86baf-7c57-11df-96d3-002622ec382d}\Shell - "" = AutoRun O33 - MountPoints2\{dbc86baf-7c57-11df-96d3-002622ec382d}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\F\Shell - "" = AutoRun O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\.\Autorun.exe AUTORUN=1 O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.05.20 14:02:37 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Plum\Desktop\OTL.exe [2013.05.17 20:12:14 | 000,000,000 | ---D | C] -- C:\Users\Plum\AppData\Local\NPE [2013.05.17 16:12:40 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2013.05.17 14:07:29 | 000,000,000 | ---D | C] -- C:\Users\Plum\AppData\Roaming\Ycef [2013.05.17 14:07:29 | 000,000,000 | ---D | C] -- C:\Users\Plum\AppData\Roaming\Wemino [2013.05.17 14:07:29 | 000,000,000 | ---D | C] -- C:\Users\Plum\AppData\Roaming\Fapeyk [2013.05.17 12:42:48 | 000,000,000 | ---D | C] -- C:\Users\Plum\Local Settings [2013.04.24 13:41:54 | 000,000,000 | ---D | C] -- C:\Users\Plum\Documents\LuPO [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.05.20 14:07:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.05.20 14:02:55 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Plum\Desktop\OTL.exe [2013.05.20 13:33:57 | 000,654,280 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.05.20 13:33:57 | 000,616,122 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.05.20 13:33:57 | 000,130,120 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.05.20 13:33:57 | 000,106,502 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.05.20 13:31:09 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.05.20 13:30:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.05.20 10:46:17 | 000,017,504 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.05.20 10:46:17 | 000,017,504 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.05.20 10:31:58 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.05.18 21:50:52 | 000,025,729 | ---- | M] () -- C:\Users\Plum\Desktop\wer schweigt.jpg [2013.05.18 09:11:22 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl [2013.05.18 09:10:59 | 1504,342,016 | -HS- | M] () -- C:\hiberfil.sys [2013.05.17 12:34:15 | 000,002,361 | ---- | M] () -- C:\Windows\System32\tmp.xml [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.05.18 21:50:47 | 000,025,729 | ---- | C] () -- C:\Users\Plum\Desktop\wer schweigt.jpg [2013.03.01 11:56:37 | 000,000,217 | ---- | C] () -- C:\Windows\HBCIKRNL.ini [2013.03.01 11:53:50 | 000,000,032 | ---- | C] () -- C:\Windows\CD_Start.INI [2013.01.10 14:39:47 | 000,000,000 | ---- | C] () -- C:\Users\Plum\AutoStarter.lck [2013.01.10 14:21:04 | 000,000,000 | ---- | C] () -- C:\Users\Plum\KeyToolHidCom_6002594.lck [2013.01.10 14:20:46 | 000,000,000 | ---- | C] () -- C:\Users\Plum\KeyTools.lck [2012.06.26 12:41:21 | 000,000,046 | ---- | C] () -- C:\Windows\hmview.ini [2011.10.04 20:44:47 | 000,544,256 | ---- | C] () -- C:\Windows\System32\janGraphics.dll [2011.09.06 15:10:08 | 000,000,001 | R--- | C] () -- C:\Users\Plum\serverport [2011.06.14 10:48:48 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2011.01.18 19:59:32 | 000,001,940 | ---- | C] () -- C:\Users\Plum\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini [2011.01.13 17:14:57 | 000,003,584 | ---- | C] () -- C:\Users\Plum\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.02.19 19:11:03 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat ========== ZeroAccess Check ========== [2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2012.02.29 22:43:32 | 000,000,000 | ---D | M] -- C:\Users\Plum\AppData\Roaming\Bandoo [2012.01.27 23:32:23 | 000,000,000 | ---D | M] -- C:\Users\Plum\AppData\Roaming\Complitly [2010.04.10 16:34:04 | 000,000,000 | ---D | M] -- C:\Users\Plum\AppData\Roaming\COMPUTERBILD-Abzockschutz [2013.01.10 14:39:47 | 000,000,000 | ---D | M] -- C:\Users\Plum\AppData\Roaming\Continental Trading GmbH [2012.06.13 09:29:53 | 000,000,000 | ---D | M] -- C:\Users\Plum\AppData\Roaming\elsterformular [2012.01.12 22:06:21 | 000,000,000 | ---D | M] -- C:\Users\Plum\AppData\Roaming\eu.myphotobook.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1 [2013.05.17 14:07:29 | 000,000,000 | ---D | M] -- C:\Users\Plum\AppData\Roaming\Fapeyk [2012.07.01 20:57:46 | 000,000,000 | ---D | M] -- C:\Users\Plum\AppData\Roaming\Nokia [2012.08.15 09:35:39 | 000,000,000 | ---D | M] -- C:\Users\Plum\AppData\Roaming\PC Suite [2010.12.25 19:16:21 | 000,000,000 | ---D | M] -- C:\Users\Plum\AppData\Roaming\RavensburgerTipToi [2012.02.04 21:48:10 | 000,000,000 | ---D | M] -- C:\Users\Plum\AppData\Roaming\Thunderbird [2011.08.27 16:48:07 | 000,000,000 | ---D | M] -- C:\Users\Plum\AppData\Roaming\Tific [2012.01.12 09:41:30 | 000,000,000 | ---D | M] -- C:\Users\Plum\AppData\Roaming\Toshiba [2012.02.11 20:17:02 | 000,000,000 | ---D | M] -- C:\Users\Plum\AppData\Roaming\Verbindungsassistent [2013.05.17 14:31:53 | 000,000,000 | ---D | M] -- C:\Users\Plum\AppData\Roaming\Wemino [2013.05.17 14:15:07 | 000,000,000 | ---D | M] -- C:\Users\Plum\AppData\Roaming\Ycef ========== Purity Check ========== < End of report > Die email habe ich immer noch in meinem Postfach, wohin damit? So, wenn irgendjemand Mitleid hat: HAAAALLO hiiiiier IIIIIIICH! Bitte helfen! |
| Themen zu Elektroshop Wagner , leider geöffnet............. |
| adobe, adobe flash player, alert, autorun, bho, bonjour, defender, elektroshop wagner, email, error, explorer, firefox, flash player, format, helper, homepage, iminent toolbar, intranet, leider geöffnet..., logfile, mozilla, object, plug-in, programme, realtek, registry, senden, software, symantec, windows |
Baum-Darstellung