| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Trojaner TR/Spy.Banker.YF - Online Banking ProblemeWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
10.06.2013, 21:52
| #1 |
| |  Trojaner TR/Spy.Banker.YF - Online Banking Probleme Hallo liebe Trojaner-Helfer, habe leider einen neuen Mitbewohner auf meinem PC der Trojaner TR/Spy.Banker.YF. Was kann ich denn gegen diesen tun? Seitdem ich diesen Trojaner auf meinem PC habe kommt bei meinem Online Banking ein Aufruf von TÜV dass ich meine Handynummer eingeben soll wegen der neuen Smart 1.2 App ab 15.06.2013. Habe jetzt als erste Maßnahme mein Bankkonto gesperrt. Lasse gerade Anti Vir sowie Malware Bytes darüber laufen. Nur als kleine Anmerkung ich kann mein System nicht neuinstallieren, da sind ganz wichtige Daten darauf und meine externe FP habe ich die nächsten Tage nicht zur Hand. Vielen Dank dass ihr mir helft!! hab gerade das logfile von Malware Bytes erhalten: Malwarebytes Anti-Malware 1.75.0.1300 Malwarebytes : Free Anti-Malware download Datenbank Version: v2013.06.10.07 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 10.0.9200.16576 Carina :: CARINA-PC [Administrator] 10.06.2013 22:30:34 mbam-log-2013-06-10 (22-30-34).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 213126 Laufzeit: 28 Minute(n), 13 Sekunde(n) Infizierte Speicherprozesse: 1 C:\Windows\System32\dmwu.exe (PUP.InstallBrain) -> 1980 -> Keine Aktion durchgeführt. Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 17 HKCR\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9} (PUP.Software.Updater) -> Keine Aktion durchgeführt. HKCR\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476} (PUP.Software.Updater) -> Keine Aktion durchgeführt. HKCR\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67} (PUP.Software.Updater) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96} (PUP.Software.Updater) -> Keine Aktion durchgeführt. HKCR\Updater.AmiUpd.1 (PUP.Software.Updater) -> Keine Aktion durchgeführt. HKCR\Updater.AmiUpd (PUP.Software.Updater) -> Keine Aktion durchgeführt. HKCR\CLSID\{f34c9277-6577-4dff-b2d7-7d58092f272f} (PUP.Datamngr) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F34C9277-6577-4DFF-B2D7-7D58092F272F} (PUP.Datamngr) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F34C9277-6577-4DFF-B2D7-7D58092F272F} (PUP.Datamngr) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{F34C9277-6577-4DFF-B2D7-7D58092F272F} (PUP.Datamngr) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{F34C9277-6577-4DFF-B2D7-7D58092F272F} (PUP.Datamngr) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F34C9277-6577-4DFF-B2D7-7D58092F272F} (PUP.Datamngr) -> Keine Aktion durchgeführt. HKLM\SYSTEM\CurrentControlSet\Services\IBUpdaterService (PUP.InstallBrain) -> Keine Aktion durchgeführt. HKCR\CLSID\{C0F1636E-13A8-4C84-BB11-774BE45E1F83} (Trojan.Banker) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C0F1636E-13A8-4C84-BB11-774BE45E1F83} (Trojan.Banker) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{C0F1636E-13A8-4C84-BB11-774BE45E1F83} (Trojan.Banker) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C0F1636E-13A8-4C84-BB11-774BE45E1F83} (Trojan.Banker) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 2 HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{F34C9277-6577-4DFF-B2D7-7D58092F272F} (PUP.Datamngr) -> Daten: Search-Results Toolbar -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{f34c9277-6577-4dff-b2d7-7d58092f272f} (PUP.Datamngr) -> Daten: -> Keine Aktion durchgeführt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 6 C:\Users\Carina\AppData\Local\SwvUpdater\Updater.exe (PUP.Software.Updater) -> Keine Aktion durchgeführt. C:\Program Files\Search Results Toolbar\Datamngr\SRTOOL~1\searchresultsDx.dll (PUP.Datamngr) -> Keine Aktion durchgeführt. C:\Windows\Tasks\AmiUpdXp.job (PUP.Software.Updater) -> Keine Aktion durchgeführt. C:\Windows\System32\dmwu.exe (PUP.InstallBrain) -> Keine Aktion durchgeführt. C:\Users\Carina\AppData\Local\Temp\gugrerulre.pre (Trojan.Ransom.ED) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Carina\AppData\Local\Temp\rnzlbrlins.pre (Trojan.Agent.ED) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Geändert von carina145 (10.06.2013 um 22:00 Uhr) Grund: Logfile |
|
11.06.2013, 15:41
| #3 |
| | Trojaner TR/Spy.Banker.YF - Online Banking Probleme OTL Logfile:
__________________Code:
ATTFilter OTL logfile created on: 6/11/2013 4:23:14 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Carina\Downloads Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16576) Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2.87 Gb Total Physical Memory | 1.47 Gb Available Physical Memory | 51.12% Memory free 5.73 Gb Paging File | 3.96 Gb Available in Paging File | 69.05% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 424.66 Gb Total Space | 247.91 Gb Free Space | 58.38% Space Free | Partition Type: NTFS Drive D: | 40.00 Gb Total Space | 21.60 Gb Free Space | 53.99% Space Free | Partition Type: NTFS Computer Name: CARINA-PC | User Name: Carina | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013/06/11 16:22:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Carina\Downloads\OTL.exe PRC - [2013/06/05 15:02:56 | 000,020,248 | ---- | M] (Smartbar) -- C:\Users\Carina\AppData\Local\Smartbar\Application\Linkury.exe PRC - [2013/05/24 14:27:33 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2013/05/16 20:06:03 | 001,855,880 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe PRC - [2013/05/16 14:32:50 | 000,020,784 | ---- | M] () -- C:\Windows\System32\jmdp\stij.exe PRC - [2013/05/16 14:32:46 | 001,016,112 | ---- | M] () -- C:\Windows\System32\dmwu.exe PRC - [2013/05/11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2013/05/10 10:06:59 | 000,345,312 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2013/04/01 14:28:15 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2013/04/01 14:27:38 | 000,079,584 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe PRC - [2013/04/01 14:27:33 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2013/02/11 14:55:31 | 000,107,520 | ---- | M] () -- C:\Users\Carina\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe PRC - [2013/02/11 09:42:26 | 000,572,928 | ---- | M] () -- C:\Program Files\DefaultTab\DefaultTabSearch.exe PRC - [2013/02/05 17:48:44 | 000,272,248 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe PRC - [2013/01/31 16:10:00 | 000,201,808 | ---- | M] (Somoto) -- C:\Program Files\FilesFrog Update Checker\update_checker.exe PRC - [2012/11/18 09:50:52 | 001,681,472 | ---- | M] (Bandoo Media Inc) -- C:\Program Files\Search Results Toolbar\Datamngr\datamngrUI.exe PRC - [2012/10/04 16:34:36 | 000,115,032 | R--- | M] (SweetIM Technologies Ltd.) -- C:\Program Files\SweetIM\Messenger\SweetIM.exe PRC - [2012/10/02 13:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe PRC - [2012/09/11 17:30:18 | 001,034,880 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office 15\ClientX86\integratedoffice.exe PRC - [2012/07/12 14:24:28 | 000,138,096 | ---- | M] (Facebook Inc.) -- C:\Users\Carina\AppData\Local\Facebook\Update\FacebookUpdate.exe PRC - [2012/06/20 07:18:08 | 001,568,976 | ---- | M] (Ask) -- C:\Program Files\Ask.com\Updater\Updater.exe PRC - [2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010/07/12 18:32:48 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Winamp\winampa.exe PRC - [2010/04/23 16:53:10 | 001,423,904 | ---- | M] (Realtek Semiconductor) -- C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe PRC - [2010/03/04 05:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2010/01/13 19:18:30 | 000,413,696 | ---- | M] (Wistron Corp.) -- C:\Program Files\Launch Manager\WButton.exe PRC - [2009/12/14 20:25:00 | 000,200,704 | ---- | M] (Wistron) -- C:\Program Files\Launch Manager\HotkeyApp.exe PRC - [2009/12/12 00:18:16 | 000,348,960 | ---- | M] (Wistron Corp.) -- C:\Program Files\Launch Manager\OSD.exe PRC - [2009/12/10 08:48:26 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2009/12/10 08:48:24 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2009/11/02 23:21:26 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe PRC - [2009/10/23 02:05:40 | 000,118,560 | ---- | M] (Wistron Corp.) -- C:\Program Files\Launch Manager\WisLMSvc.exe PRC - [2009/10/09 17:07:20 | 000,493,248 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe PRC - [2009/09/10 15:12:10 | 000,185,632 | ---- | M] (Protexis Inc.) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe PRC - [2009/07/14 03:14:41 | 000,354,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\StikyNot.exe ========== Modules (No Company Name) ========== MOD - [2013/06/05 15:03:36 | 000,021,272 | ---- | M] () -- C:\Users\Carina\AppData\Local\Smartbar\Application\Smartbar.Resources.Utilities.dll MOD - [2013/06/05 15:03:32 | 000,025,368 | ---- | M] () -- C:\Users\Carina\AppData\Local\Smartbar\Application\Smartbar.Resources.SocialNetsSharer.dll MOD - [2013/06/05 15:03:30 | 000,019,736 | ---- | M] () -- C:\Users\Carina\AppData\Local\Smartbar\Application\Smartbar.Resources.SideBySide.dll MOD - [2013/06/05 15:03:26 | 000,013,592 | ---- | M] () -- C:\Users\Carina\AppData\Local\Smartbar\Application\Smartbar.Resources.ProcessDownMonitor.dll MOD - [2013/06/05 15:03:24 | 000,245,528 | ---- | M] () -- C:\Users\Carina\AppData\Local\Smartbar\Application\Smartbar.Resources.NetSeer.dll MOD - [2013/06/05 15:03:24 | 000,051,480 | ---- | M] () -- C:\Users\Carina\AppData\Local\Smartbar\Application\Smartbar.Resources.LanguageSettings.dll MOD - [2013/06/05 15:03:22 | 000,111,896 | ---- | M] () -- C:\Users\Carina\AppData\Local\Smartbar\Application\Smartbar.Resources.HistoryAndStatsWrapper.dll MOD - [2013/06/05 15:03:20 | 000,051,480 | ---- | M] () -- C:\Users\Carina\AppData\Local\Smartbar\Application\Smartbar.Resources.AutomaticUpdates.dll MOD - [2013/06/05 15:03:18 | 000,016,152 | ---- | M] () -- C:\Users\Carina\AppData\Local\Smartbar\Application\Smartbar.Personalization.Common.dll MOD - [2013/06/05 15:03:16 | 000,078,104 | ---- | M] () -- C:\Users\Carina\AppData\Local\Smartbar\Application\Smartbar.Personalization.BusinessLogic.dll MOD - [2013/06/05 15:03:12 | 000,149,784 | ---- | M] () -- C:\Users\Carina\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Utilities.dll MOD - [2013/06/05 15:03:12 | 000,057,112 | ---- | M] () -- C:\Users\Carina\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Plugins.InternetExplorerLocalPlugin.dll MOD - [2013/06/05 15:03:06 | 000,012,568 | ---- | M] () -- C:\Users\Carina\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.EventManager.dll MOD - [2013/06/05 15:03:04 | 000,032,024 | ---- | M] () -- C:\Users\Carina\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Core.dll MOD - [2013/06/05 15:03:04 | 000,014,104 | ---- | M] () -- C:\Users\Carina\AppData\Local\Smartbar\Application\Smartbar.GUI.Multimedia.Loader.dll MOD - [2013/06/05 15:03:04 | 000,013,592 | ---- | M] () -- C:\Users\Carina\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.BusinessEntities.dll MOD - [2013/06/05 15:03:02 | 001,725,208 | ---- | M] () -- C:\Users\Carina\AppData\Local\Smartbar\Application\Smartbar.GUI.MainClient.dll MOD - [2013/06/05 15:03:00 | 000,729,368 | ---- | M] () -- C:\Users\Carina\AppData\Local\Smartbar\Application\Smartbar.GUI.Controls.dll MOD - [2013/06/05 15:03:00 | 000,081,176 | ---- | M] () -- C:\Users\Carina\AppData\Local\Smartbar\Application\Smartbar.GUI.Docking.dll MOD - [2013/06/05 15:01:54 | 000,047,384 | ---- | M] () -- C:\Users\Carina\AppData\Local\Smartbar\Application\MACTrackBarLib.dll MOD - [2013/06/05 15:01:46 | 000,025,368 | ---- | M] () -- C:\Users\Carina\AppData\Local\Smartbar\Application\de\Smartbar.Resources.LanguageSettings.resources.dll MOD - [2013/05/24 14:27:33 | 003,128,728 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll MOD - [2013/05/19 10:39:54 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\30e3a21202000677d0a9270572251477\System.Windows.Forms.ni.dll MOD - [2013/05/19 10:39:27 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\764f15e86c82662e977bd418bd6318c1\System.Configuration.ni.dll MOD - [2013/05/16 20:06:03 | 016,033,160 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_7_700_202.dll MOD - [2013/05/16 14:32:50 | 000,020,784 | ---- | M] () -- C:\Windows\System32\jmdp\stij.exe MOD - [2013/05/16 14:32:02 | 000,291,840 | ---- | M] () -- C:\Windows\System32\jmdp\lmrn.dll MOD - [2013/05/16 14:02:42 | 000,362,029 | ---- | M] () -- C:\Windows\System32\jmdp\sqlite3.dll MOD - [2013/04/25 12:28:44 | 000,099,096 | ---- | M] () -- C:\Users\Carina\AppData\Roaming\Mozilla\Firefox\Profiles\gnlkn1dv.default\extensions\{bcf71921-e89e-4762-a1b5-f3d26650e9e2}\components\SmartbarFireFoxRemotePlugin_21.dll MOD - [2013/02/17 22:18:22 | 001,840,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\64cf6c356be66bb17c4667d6d8aa467b\System.Web.Services.ni.dll MOD - [2013/02/17 22:18:18 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\5ecf01964c70e453d71e5d7653912ff9\System.Web.ni.dll MOD - [2013/01/14 20:51:38 | 000,220,672 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\5baea82888a13fa558004b24e3b107cf\CustomMarshalers.ni.dll MOD - [2013/01/14 20:50:57 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\302207b4fa3083899fd8ab4db98cecc5\System.Management.ni.dll MOD - [2013/01/14 19:10:24 | 000,628,224 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\01c6cb58745f397c9b7ccf3ab7bfc9cd\System.EnterpriseServices.ni.dll MOD - [2013/01/14 19:10:23 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\536d704e93ffec9b54e4a0312fb5b996\System.Transactions.ni.dll MOD - [2013/01/14 19:10:22 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\dd20416f723ee13ffb4173ec1afc4ec4\System.Data.ni.dll MOD - [2013/01/14 19:09:20 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll MOD - [2013/01/14 19:08:49 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\520a80ddcdd1084993516f4d42a73e05\System.Xml.ni.dll MOD - [2013/01/14 19:08:40 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll MOD - [2013/01/14 19:08:09 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll MOD - [2012/10/24 19:12:50 | 006,307,952 | ---- | M] () -- C:\Program Files\Microsoft Office 15\root\office15\1033\grooveintlresource.dll MOD - [2012/06/24 15:39:23 | 000,910,680 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data.SQLite\1.0.66.0__db937bc2d44ff139\System.Data.SQLite.dll MOD - [2012/06/24 15:39:22 | 000,145,240 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Interop.SHDocVw\1.1.0.0__84542ff99aed6a4d\Interop.SHDocVw.dll MOD - [2012/06/06 02:59:04 | 008,007,680 | ---- | M] () -- C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll MOD - [2012/01/10 15:12:12 | 000,094,208 | ---- | M] () -- C:\Windows\System32\IccLibDll.dll MOD - [2010/11/13 02:02:21 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2010/11/05 03:58:05 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll MOD - [2010/11/05 03:57:39 | 000,069,120 | ---- | M] () -- C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll MOD - [2009/11/02 23:23:36 | 000,013,096 | ---- | M] () -- C:\Program Files\CyberLink\Power2Go\CLMLSvcPS.dll MOD - [2009/11/02 23:20:10 | 000,619,816 | ---- | M] () -- C:\Program Files\CyberLink\Power2Go\CLMediaLibrary.dll MOD - [2009/06/10 23:23:19 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll ========== Services (SafeList) ========== SRV - [2013/05/16 20:06:39 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013/05/16 14:32:46 | 001,016,112 | ---- | M] () [Auto | Running] -- C:\Windows\System32\dmwu.exe -- (IBUpdaterService) SRV - [2013/05/11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2013/04/01 14:28:15 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2013/04/01 14:27:33 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2013/02/28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2013/02/11 14:55:31 | 000,107,520 | ---- | M] () [Auto | Running] -- C:\Users\Carina\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe -- (DefaultTabUpdate) SRV - [2013/02/11 09:42:26 | 000,572,928 | ---- | M] () [Auto | Running] -- C:\Program Files\DefaultTab\DefaultTabSearch.exe -- (DefaultTabSearch) SRV - [2013/02/05 17:48:00 | 000,235,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe -- (McComponentHostService) SRV - [2012/10/02 13:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service) SRV - [2012/09/11 17:30:18 | 001,034,880 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Office 15\ClientX86\integratedoffice.exe -- (OfficeSvc) SRV - [2012/04/14 17:05:13 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc) SRV - [2010/03/04 05:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2009/12/10 08:48:26 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2009/12/10 08:48:24 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2009/10/23 02:05:40 | 000,118,560 | ---- | M] (Wistron Corp.) [On_Demand | Running] -- C:\Program Files\Launch Manager\WisLMSvc.exe -- (WisLMSvc) SRV - [2009/10/09 17:07:20 | 000,493,248 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent) SRV - [2009/09/10 15:12:10 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2) SRV - [2009/07/14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009/07/14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbmdm.sys -- (hwdatacard) DRV - [2013/06/11 07:37:56 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy) DRV - [2013/04/01 14:28:32 | 000,135,136 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2013/04/01 14:28:32 | 000,084,744 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2013/04/01 14:28:32 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2012/08/27 15:50:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2010/12/18 13:03:56 | 000,021,696 | ---- | M] (Almico Software) [Kernel | Boot | Running] -- C:\Windows\System32\speedfan.sys -- (speedfan) DRV - [2010/11/20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010/09/22 20:19:26 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sptd.sys -- (sptd) DRV - [2010/05/24 15:46:34 | 000,193,056 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV - [2010/03/02 13:24:58 | 001,006,624 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rtl8192se.sys -- (rtl8192se) DRV - [2010/02/27 05:01:22 | 000,132,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Impcd.sys -- (Impcd) DRV - [2010/02/03 19:06:34 | 000,232,960 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\IntcDAud.sys -- (IntcDAud) DRV - [2009/10/09 16:50:48 | 000,020,152 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vpnva.sys -- (vpnva) DRV - [2009/09/18 04:54:14 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI) DRV - [2009/07/14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp) DRV - [2009/07/14 00:02:47 | 000,050,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C) DRV - [1996/04/03 21:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\giveio.sys -- (giveio) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDY&co=TJ&userid=bcf71921-e89e-4762-a1b5-f3d26650e9e2&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=287&systemid=406&apn_dtid=BND406&apn_ptnrs=AG6&o=APN10645&apn_uid=2507441001194275&q={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://medion.msn.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=bcf71921-e89e-4762-a1b5-f3d26650e9e2&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}&installDate=01/01/1970 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=bcf71921-e89e-4762-a1b5-f3d26650e9e2&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}&installDate=01/01/1970 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://medion.msn.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=bcf71921-e89e-4762-a1b5-f3d26650e9e2&affid=111583&searchtype=hp&babsrc=lnkry_nt&installDate=01/01/1970 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=bcf71921-e89e-4762-a1b5-f3d26650e9e2&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}&installDate=01/01/1970 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=bcf71921-e89e-4762-a1b5-f3d26650e9e2&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}&installDate=01/01/1970 IE - HKCU\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5} IE - HKCU\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=bcf71921-e89e-4762-a1b5-f3d26650e9e2&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}&installDate=01/01/1970 IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 193.196.5.253:3128 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "SweetIM Search" FF - prefs.js..browser.search.defaulturl: "" FF - prefs.js..browser.search.selectedEngine: "Web Search" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=bcf71921-e89e-4762-a1b5-f3d26650e9e2&affid=111583&searchtype=hp&babsrc=lnkry&installDate=01/01/1970" FF - prefs.js..extensions.enabledAddons: addon%40defaulttab.com:2.0 FF - prefs.js..extensions.enabledAddons: %7Bbcf71921-e89e-4762-a1b5-f3d26650e9e2%7D:1.1 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0 FF - prefs.js..keyword.URL: "hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=bcf71921-e89e-4762-a1b5-f3d26650e9e2&affid=111583&searchtype=ds&babsrc=lnkry&installDate=01/01/1970&q=" FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "" FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "Web Search" FF - prefs.js..browser.startup.homepage: "hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=bcf71921-e89e-4762-a1b5-f3d26650e9e2&affid=111583&searchtype=hp&babsrc=lnkry&installDate={installDate}" FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=bcf71921-e89e-4762-a1b5-f3d26650e9e2&affid=111583&searchtype=ds&babsrc=lnkry&installDate={installDate}&q=" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Carina\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Carina\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Carina\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/06/08 14:10:46 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{33044118-6597-4D2F-ABEA-7974BB185379}: C:\Users\Carina\AppData\Roaming\17001.006 [2012/12/17 16:43:44 | 000,000,000 | ---D | M] [2012/12/20 19:23:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Carina\AppData\Roaming\mozilla\Extensions [2011/03/14 23:19:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Carina\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2013/06/05 19:11:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Carina\AppData\Roaming\mozilla\Firefox\Profiles\gnlkn1dv.default\extensions [2013/06/05 19:11:44 | 000,000,000 | ---D | M] ("Linkury Smartbar") -- C:\Users\Carina\AppData\Roaming\mozilla\Firefox\Profiles\gnlkn1dv.default\extensions\{bcf71921-e89e-4762-a1b5-f3d26650e9e2} [2013/05/11 15:21:46 | 000,027,737 | ---- | M] () (No name found) -- C:\Users\Carina\AppData\Roaming\mozilla\firefox\profiles\gnlkn1dv.default\extensions\addon@defaulttab.com.xpi [2013/05/22 15:40:54 | 000,195,916 | ---- | M] () (No name found) -- C:\Users\Carina\AppData\Roaming\mozilla\firefox\profiles\gnlkn1dv.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi [2013/06/11 16:16:10 | 000,002,025 | ---- | M] () -- C:\Users\Carina\AppData\Roaming\mozilla\firefox\profiles\gnlkn1dv.default\searchplugins\search-here.xml [2013/06/08 21:12:09 | 000,002,499 | ---- | M] () -- C:\Users\Carina\AppData\Roaming\mozilla\firefox\profiles\gnlkn1dv.default\searchplugins\Web Search.xml [2013/05/24 14:27:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2012/11/06 18:11:48 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013/05/24 14:27:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions [2013/05/24 14:27:34 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2012/03/31 12:47:57 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2010/07/12 18:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll [2012/11/14 19:23:32 | 000,003,573 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml [2011/11/09 14:26:57 | 000,002,519 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\SearchResults.xml [2012/11/21 19:09:45 | 000,002,687 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml ========== Chrome ========== CHR - homepage: hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=bcf71921-e89e-4762-a1b5-f3d26650e9e2&affid=111583&searchtype=hp&babsrc=lnkry&installDate=01/01/1970 CHR - Extension: Linkury Smartbar = C:\Users\Carina\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\ CHR - Extension: No name found = C:\Users\Carina\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: No name found = C:\Users\Carina\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: No name found = C:\Users\Carina\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2009/06/10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (DefaultTab Browser Helper) - {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Users\Carina\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll (Search Results LLC.) O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll () O2 - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Program Files\Windows iLivid Toolbar\Datamngr\BrowserConnection.dll (Bandoo Media, inc) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Microsoft SPFS Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\office15\grooveex.dll (Microsoft Corporation) O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O2 - BHO: (Search-Results Toolbar) - {f34c9277-6577-4dff-b2d7-7d58092f272f} - C:\Program Files\Search Results Toolbar\Datamngr\SRTOOL~1\searchresultsDx.dll (APN LLC) O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll () O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll () O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (Search-Results Toolbar) - {f34c9277-6577-4dff-b2d7-7d58092f272f} - C:\Program Files\Search Results Toolbar\Datamngr\SRTOOL~1\searchresultsDx.dll (APN LLC) O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll () O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [DATAMNGR] C:\Program Files\Search Results Toolbar\Datamngr\datamngrUI.exe (Bandoo Media Inc) O4 - HKLM..\Run: [HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe (Wistron) O4 - HKLM..\Run: [LMgrVolOSD] C:\Program Files\Launch Manager\OSD.exe (Wistron Corp.) O4 - HKLM..\Run: [Luxand Blink!] C:\Program Files\Luxand\Blink!\LuxandBlinkTray.exe (Luxand, Inc.) O4 - HKLM..\Run: [ROC_ROC_NT] "C:\Program Files\AVG Secure Search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT File not found O4 - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe (Realtek Semiconductor) O4 - HKLM..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.) O4 - HKLM..\Run: [Wbutton] C:\Program Files\Launch Manager\Wbutton.exe (Wistron Corp.) O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.) O4 - HKCU..\Run: [Browser Infrastructure Helper] C:\Users\Carina\AppData\Local\Smartbar\Application\Linkury.exe (Smartbar) O4 - HKCU..\Run: [dnsr] "C:\Users\Carina\AppData\Roaming\dnsr.exe" -autorun File not found O4 - HKCU..\Run: [Facebook Update] C:\Users\Carina\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) O4 - HKCU..\Run: [mxbblcen] C:\Users\Carina\AppData\Local\Temp\Njnx\isnrrbllcen.exe (Advanced Micro Devices, Inc.) O4 - HKCU..\Run: [puoomizl] C:\Users\Carina\AppData\Roaming\Brokxkwet\twdnwypmizl.exe () O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe (Microsoft Corporation) O4 - HKCU..\Run: [SDP] C:\Program Files\FilesFrog Update Checker\update_checker.exe (Somoto) O4 - HKCU..\Run: [winkpack] C:\Users\Carina\AppData\Roaming\winkpack.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O13 - gopher Prefix: missing O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{010B9879-A692-401A-AE4C-02616152CCA3}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4C303074-C9F1-4EE6-A9FB-97E51046D57B}: DhcpNameServer = 83.169.184.225 83.169.184.161 O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\msosb.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - AppInit_DLLs: (C:\PROGRA~1\SEARCH~1\Datamngr\datamngr.dll) - C:\Program Files\Search Results Toolbar\Datamngr\datamngr.dll (Bandoo Media Inc) O20 - AppInit_DLLs: (C:\PROGRA~1\WI3C8A~1\Datamngr\IEBHO.dll) - C:\Program Files\Windows iLivid Toolbar\Datamngr\IEBHO.dll (Bandoo Media Inc) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{0587236b-15f7-11e2-865c-00262dc0835e}\Shell - "" = AutoRun O33 - MountPoints2\{0587236b-15f7-11e2-865c-00262dc0835e}\Shell\AutoRun\command - "" = G:\ShareLink.exe O33 - MountPoints2\{d634d92d-f40d-11df-a944-00262dc0835e}\Shell - "" = AutoRun O33 - MountPoints2\{d634d92d-f40d-11df-a944-00262dc0835e}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a O33 - MountPoints2\{e04c2248-0a0b-11e2-bdab-00262dc0835e}\Shell - "" = AutoRun O33 - MountPoints2\{e04c2248-0a0b-11e2-bdab-00262dc0835e}\Shell\AutoRun\command - "" = G:\ShareLink.exe O33 - MountPoints2\{e24850c6-4a61-11e0-a90e-00262dc0835e}\Shell - "" = AutoRun O33 - MountPoints2\{e24850c6-4a61-11e0-a90e-00262dc0835e}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{e24850ed-4a61-11e0-a90e-00262dc0835e}\Shell - "" = AutoRun O33 - MountPoints2\{e24850ed-4a61-11e0-a90e-00262dc0835e}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{f75005a8-09a3-11e2-bafa-00262dc0835e}\Shell - "" = AutoRun O33 - MountPoints2\{f75005a8-09a3-11e2-bafa-00262dc0835e}\Shell\AutoRun\command - "" = G:\ShareLink.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013/06/11 07:37:56 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2013/06/10 22:29:48 | 000,000,000 | ---D | C] -- C:\Users\Carina\AppData\Roaming\Malwarebytes [2013/06/10 22:29:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013/06/10 22:29:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013/06/10 22:29:29 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2013/06/10 22:29:28 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2013/06/10 07:39:29 | 000,000,000 | -H-D | C] -- C:\Users\Carina\AppData\Roaming\Brokxkwet [2013/06/08 17:18:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus [2013/06/08 14:11:19 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan [2013/06/08 14:11:18 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee [2013/06/08 14:11:17 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan [2013/06/08 14:09:30 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2013/05/22 15:41:56 | 000,000,000 | ---D | C] -- C:\Users\Carina\AppData\Local\{12B5A6C9-392E-4189-8121-18B4EF705BB0} [2013/05/22 15:41:10 | 000,000,000 | ---D | C] -- C:\Users\Carina\Tracing [2013/05/22 15:41:07 | 000,000,000 | ---D | C] -- C:\Users\Carina\Local Settings [2013/05/22 15:41:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip [2013/05/22 15:41:05 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip [2013/05/22 15:40:40 | 000,000,000 | ---D | C] -- C:\ProgramData\SweetIM [2013/05/22 15:40:40 | 000,000,000 | ---D | C] -- C:\Program Files\SweetIM [2013/05/22 15:40:28 | 000,000,000 | ---D | C] -- C:\Windows\System32\jmdp [2013/05/22 15:40:28 | 000,000,000 | ---D | C] -- C:\Windows\System32\ARFC [2013/05/22 15:40:25 | 000,000,000 | ---D | C] -- C:\Windows\System32\WNLT [2013/05/22 15:40:24 | 000,000,000 | ---D | C] -- C:\Program Files\sweetpacks bundle uninstaller [2013/05/22 15:40:11 | 000,000,000 | ---D | C] -- C:\Users\Carina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FilesFrog Update Checker [2013/05/22 15:40:11 | 000,000,000 | ---D | C] -- C:\Program Files\FilesFrog Update Checker [2013/05/18 23:42:33 | 000,000,000 | ---D | C] -- C:\Users\Carina\Desktop\Lieder [2 C:\Users\Carina\AppData\Roaming\*.tmp files -> C:\Users\Carina\AppData\Roaming\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013/06/11 16:14:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013/06/11 08:09:29 | 000,009,920 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013/06/11 08:09:29 | 000,009,920 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013/06/11 08:01:00 | 2307,862,528 | -HS- | M] () -- C:\hiberfil.sys [2013/06/11 07:59:30 | 000,000,020 | ---- | M] () -- C:\Users\Carina\defogger_reenable [2013/06/11 07:37:56 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2013/06/11 06:34:24 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3410650692-588603448-4288098186-1000UA.job [2013/06/11 06:34:11 | 000,001,142 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3410650692-588603448-4288098186-1000UA.job [2013/06/11 06:34:11 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013/06/11 06:34:10 | 000,000,360 | ---- | M] () -- C:\Windows\tasks\AmiUpdXp.job [2013/06/11 06:34:03 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013/06/10 22:29:36 | 000,001,068 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013/06/10 22:01:53 | 000,081,170 | ---- | M] () -- C:\Users\Carina\Desktop\Unbenannt.JPG [2013/06/10 20:29:00 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3410650692-588603448-4288098186-1000Core.job [2013/06/10 17:52:13 | 000,001,072 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3410650692-588603448-4288098186-1000Core.job [2013/06/10 17:48:18 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013/06/08 17:18:45 | 000,002,005 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk [2013/06/08 17:18:45 | 000,002,005 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2013/06/08 14:10:47 | 000,001,990 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk [2013/06/08 12:31:49 | 000,046,709 | ---- | M] () -- C:\Users\Carina\Desktop\Anschreiben.pdf [2013/06/08 12:28:55 | 000,047,080 | ---- | M] () -- C:\Users\Carina\Desktop\Lebenslauf aktuell.pdf [2013/05/24 23:43:22 | 000,025,185 | ---- | M] () -- C:\Windows\System32\ieuinit.inf [2013/05/19 12:43:50 | 019,491,452 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013/05/19 12:43:50 | 006,254,796 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013/05/19 12:43:50 | 000,300,186 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013/05/19 12:43:50 | 000,038,050 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013/05/19 10:38:25 | 000,482,288 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2013/05/16 14:32:46 | 001,016,112 | ---- | M] () -- C:\Windows\System32\dmwu.exe [2013/05/16 14:30:02 | 000,028,160 | ---- | M] () -- C:\Windows\System32\ImHttpComm.dll [2 C:\Users\Carina\AppData\Roaming\*.tmp files -> C:\Users\Carina\AppData\Roaming\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013/06/11 07:59:01 | 000,000,020 | ---- | C] () -- C:\Users\Carina\defogger_reenable [2013/06/10 22:29:36 | 000,001,068 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013/06/10 22:01:52 | 000,081,170 | ---- | C] () -- C:\Users\Carina\Desktop\Unbenannt.JPG [2013/06/08 14:11:18 | 000,002,005 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk [2013/06/08 14:11:18 | 000,002,005 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2013/06/08 14:10:47 | 000,001,990 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk [2013/06/08 14:10:46 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk [2013/06/08 12:31:48 | 000,046,709 | ---- | C] () -- C:\Users\Carina\Desktop\Anschreiben.pdf [2013/06/05 19:11:42 | 000,002,335 | ---- | C] () -- C:\Users\Carina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk [2013/05/24 23:43:22 | 000,025,185 | ---- | C] () -- C:\Windows\System32\ieuinit.inf [2013/05/22 15:40:25 | 001,016,112 | ---- | C] () -- C:\Windows\System32\dmwu.exe [2013/05/22 15:40:25 | 000,028,160 | ---- | C] () -- C:\Windows\System32\ImHttpComm.dll [2013/03/02 17:49:09 | 000,001,493 | ---- | C] () -- C:\Users\Carina\AppData\Local\recently-used.xbel [2013/02/11 14:55:33 | 000,000,306 | RHS- | C] () -- C:\Users\Carina\ntuser.pol [2012/12/12 21:31:10 | 000,000,016 | ---- | C] () -- C:\Users\Carina\AppData\Roaming\blckdom.res [2012/04/17 14:19:34 | 000,044,544 | ---- | C] () -- C:\Windows\System32\Gif89.dll [2012/01/10 16:17:08 | 000,128,204 | ---- | C] () -- C:\Windows\System32\igcompkrng575.bin [2012/01/10 16:17:04 | 000,105,608 | ---- | C] () -- C:\Windows\System32\igfcg575m.bin [2012/01/10 16:17:02 | 000,867,020 | ---- | C] () -- C:\Windows\System32\igkrng575.bin [2012/01/10 15:29:54 | 013,904,384 | ---- | C] () -- C:\Windows\System32\ig4icd32.dll [2012/01/10 15:14:34 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll [2012/01/10 15:12:12 | 000,094,208 | ---- | C] () -- C:\Windows\System32\IccLibDll.dll [2011/09/08 14:08:51 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat [2011/07/29 13:07:37 | 000,000,000 | ---- | C] () -- C:\Users\Carina\AppData\Local\{0EEABC5A-FE6A-4FE2-A456-A99DF4A69A68} [2011/06/14 20:07:19 | 000,000,000 | ---- | C] () -- C:\Users\Carina\AppData\Local\C [2011/03/12 16:13:31 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys [2009/07/14 01:11:09 | 000,265,216 | ---- | C] () -- C:\Users\Carina\AppData\Roaming\winkpack.exe ========== ZeroAccess Check ========== [2009/07/14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2012/12/17 16:43:44 | 000,000,000 | ---D | M] -- C:\Users\Carina\AppData\Roaming\17001.006 [2010/11/19 21:10:43 | 000,000,000 | ---D | M] -- C:\Users\Carina\AppData\Roaming\Ashampoo [2012/11/10 16:56:57 | 000,000,000 | ---D | M] -- C:\Users\Carina\AppData\Roaming\Avbe [2013/06/10 07:39:29 | 000,000,000 | -H-D | M] -- C:\Users\Carina\AppData\Roaming\Brokxkwet [2012/11/14 20:45:28 | 000,000,000 | ---D | M] -- C:\Users\Carina\AppData\Roaming\Daeds [2010/09/22 20:28:45 | 000,000,000 | ---D | M] -- C:\Users\Carina\AppData\Roaming\DAEMON Tools Lite [2013/02/11 14:55:31 | 000,000,000 | ---D | M] -- C:\Users\Carina\AppData\Roaming\DefaultTab [2010/11/01 15:21:29 | 000,000,000 | ---D | M] -- C:\Users\Carina\AppData\Roaming\digital publishing [2010/09/26 17:36:46 | 000,000,000 | ---D | M] -- C:\Users\Carina\AppData\Roaming\DVDVideoSoftIEHelpers [2012/01/28 16:48:14 | 000,000,000 | ---D | M] -- C:\Users\Carina\AppData\Roaming\elsterformular [2012/12/17 18:44:48 | 000,000,000 | ---D | M] -- C:\Users\Carina\AppData\Roaming\Evky [2012/11/16 18:03:28 | 000,000,000 | ---D | M] -- C:\Users\Carina\AppData\Roaming\Fahaf [2011/09/29 16:14:16 | 000,000,000 | ---D | M] -- C:\Users\Carina\AppData\Roaming\Faxtxt [2011/03/23 19:32:10 | 000,000,000 | ---D | M] -- C:\Users\Carina\AppData\Roaming\gtk-2.0 [2013/05/22 15:43:26 | 000,000,000 | ---D | M] -- C:\Users\Carina\AppData\Roaming\ICQ [2012/12/12 21:31:01 | 000,000,000 | ---D | M] -- C:\Users\Carina\AppData\Roaming\kock [2011/05/22 15:16:29 | 000,000,000 | ---D | M] -- C:\Users\Carina\AppData\Roaming\Luxand [2012/06/01 17:10:40 | 000,000,000 | ---D | M] -- C:\Users\Carina\AppData\Roaming\OpenCandy [2011/03/16 19:18:34 | 000,000,000 | ---D | M] -- C:\Users\Carina\AppData\Roaming\OpenOffice.org [2011/03/31 20:15:17 | 000,000,000 | ---D | M] -- C:\Users\Carina\AppData\Roaming\SoftGrid Client [2010/11/10 18:29:29 | 000,000,000 | ---D | M] -- C:\Users\Carina\AppData\Roaming\T-Online [2011/03/14 23:19:26 | 000,000,000 | ---D | M] -- C:\Users\Carina\AppData\Roaming\Thunderbird [2010/09/12 12:11:43 | 000,000,000 | ---D | M] -- C:\Users\Carina\AppData\Roaming\TP [2012/09/29 10:17:42 | 000,000,000 | ---D | M] -- C:\Users\Carina\AppData\Roaming\TuneUp Software [2012/12/13 08:49:29 | 000,000,000 | ---D | M] -- C:\Users\Carina\AppData\Roaming\UAs [2012/11/14 19:23:15 | 000,000,000 | ---D | M] -- C:\Users\Carina\AppData\Roaming\Unywti [2011/05/22 15:03:59 | 000,000,000 | ---D | M] -- C:\Users\Carina\AppData\Roaming\Windows Live Writer [2012/12/13 08:55:43 | 000,000,000 | ---D | M] -- C:\Users\Carina\AppData\Roaming\xmldm [2012/11/14 19:23:15 | 000,000,000 | ---D | M] -- C:\Users\Carina\AppData\Roaming\Yntyyf ========== Purity Check ========== < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 6/11/2013 4:23:14 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Carina\Downloads
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2.87 Gb Total Physical Memory | 1.47 Gb Available Physical Memory | 51.12% Memory free
5.73 Gb Paging File | 3.96 Gb Available in Paging File | 69.05% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 424.66 Gb Total Space | 247.91 Gb Free Space | 58.38% Space Free | Partition Type: NTFS
Drive D: | 40.00 Gb Total Space | 21.60 Gb Free Space | 53.99% Space Free | Partition Type: NTFS
Computer Name: CARINA-PC | User Name: Carina | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1"
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0A2BD8D8-A59E-4263-955E-E85B61272989}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{0C2548EA-7942-48F0-86DD-06FC0AD5349E}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{0C8A1692-A33E-4629-8547-BE549C9C41F9}" = lport=2869 | protocol=6 | dir=in | app=system |
"{0D528E64-1695-40D5-BC01-E357B0A3D7AA}" = lport=137 | protocol=17 | dir=in | app=system |
"{0F7C3B92-1917-486F-A8A1-FBE843A7CBCE}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{1295488D-90AA-4D2D-8A85-937B61F1056C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{138D6145-9DC3-41E4-9A28-BE337641B24A}" = lport=445 | protocol=6 | dir=in | app=system |
"{1732A1C8-F2E4-4865-96A0-9EF60D565641}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{24A3A184-5C97-414A-A266-71DA38FB794C}" = rport=10243 | protocol=6 | dir=out | app=system |
"{26AA1875-58DC-45E4-9FDB-4002FD0F8BE7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2BC3B93B-D9DF-4299-B556-D7DB30A133E6}" = lport=138 | protocol=17 | dir=in | app=system |
"{3963A0CF-DCFF-453C-9C60-023E09AF154A}" = lport=10243 | protocol=6 | dir=in | app=system |
"{3ED4BE6D-0737-44E7-BEDC-2C4F24DB2158}" = rport=445 | protocol=6 | dir=out | app=system |
"{4017A60D-8A00-4776-A4FD-D48D974C40E5}" = lport=139 | protocol=6 | dir=in | app=system |
"{43118698-600A-46DA-A8D9-25E558BD0E25}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{5103FE3E-A98C-4E7A-8652-03C88E678786}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{51D2951C-12B7-48F2-A63A-6DD60490F2BC}" = rport=139 | protocol=6 | dir=out | app=system |
"{5A792883-A90F-493D-A558-B21D3F35F21F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{5B7F7972-B3DE-499C-81CE-66F42C5C40FB}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{5BED2861-C945-43C0-89A1-3B575DBB8DC8}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6938B202-BEAE-442D-B0FA-DBAC9564D142}" = lport=2869 | protocol=6 | dir=in | app=system |
"{693FB298-189D-49F2-A161-62DBEBA9C107}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{6AEB85DF-7622-47CC-997A-321F8ABE6C51}" = rport=138 | protocol=17 | dir=out | app=system |
"{6D11036A-98D1-42FC-8B77-9DF23A3D5D79}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{72A6536A-B927-42B2-B323-B060F5A8AB0B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{7C50FD87-323F-4F1A-BA34-4C42F291E28B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{8E8FEDFD-67BD-46D7-91E0-FE5D6D1F068D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A00C05F1-9CC9-4756-A1C4-E13B539BEAA4}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{AE891186-7FA7-461D-AE2D-036FD77D7D49}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{AF0D8BFB-08D5-417F-95E4-DAEEEF63B7DF}" = rport=137 | protocol=17 | dir=out | app=system |
"{B9528E37-5BE5-492E-B4F2-2F6902DFF763}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CE511578-D6B9-43D9-89B1-4343CA056544}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D413F8F2-B009-4B86-9ADC-78CDB6F647F4}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D6846CFF-8C63-42DA-BFB8-E7E3BF44E14C}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office 15\root\office15\outlook.exe |
"{D7F35B49-1594-43D4-A732-E2A74B38F148}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{FA858057-8FA9-474A-9D91-68C6DFFD93CC}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{FE7BE993-FDB2-4A8D-B390-07D72F2AB120}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02C23B67-2531-46C8-9BAD-26E7E90046AF}" = dir=in | app=c:\users\carina\appdata\local\microsoft\skydrive\skydrive.exe |
"{07A9EDA2-748D-4D00-BBB9-AEB6B99B11B7}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{0A3AAFB0-5977-40D8-A32A-0FF596258F12}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{0B794838-A347-4E6C-AA53-072C9D738EE3}" = dir=in | app=c:\program files\cyberlink\powerdvd9\powerdvd cinema\powerdvdcinema.exe |
"{0DE43924-C16E-410E-99F8-01A5953D3B68}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{24886AB9-D6C2-47ED-81C7-0FF832922C22}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{2F94A7B4-0BD3-4CC0-B609-30209C85F942}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{3DB5C193-51DF-49D8-8AEC-2ACB658B0FEF}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{3E5CAFFB-0D58-463F-9D51-31264D22A0AD}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{3E9554B0-6394-4662-88DA-2BFFD5C4F310}" = protocol=6 | dir=out | app=system |
"{3FAD9779-5A4E-4F8D-AC05-1E39E359D022}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{43B08700-ADBA-460A-A67D-F802F87B695E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4724C203-0D88-4CCB-AC86-BC5D5481864D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{501DE42C-8CBD-4B12-9F08-FBED696DA779}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{52396FBA-1B71-4652-BD34-8DF727624A3D}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe |
"{52D0F378-CF03-4646-9FD7-6B4AC04233EA}" = protocol=17 | dir=in | app=e:\alicesetup.exe |
"{6335E80C-814D-4846-9141-C601A492DC5E}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe |
"{6531E4E8-D3E9-45A4-A71E-8F92C13DB46B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{682B1235-AA91-4662-A1DB-F3088E7A05B5}" = protocol=6 | dir=in | app=c:\program files\search results toolbar\datamngr\srtool~1\dtuser.exe |
"{71F97452-D7D7-4D67-8F30-7AC3C551DA4D}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe |
"{7593633D-8B78-4A84-B0D7-90AEA9B72643}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
"{85DD15A8-8358-47C0-8C50-1D5ACAB93928}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe |
"{8747F26B-9919-470B-B86B-2E7D77BC9A5A}" = dir=in | app=c:\program files\cyberlink\powerdvd9\powerdvd9.exe |
"{87A0947C-83ED-423E-A4BA-AF06A337678B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{92766B57-D818-459A-AFAC-79FE5B61DA18}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{94147CA9-E192-4A51-A698-43912C3DE013}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{96B88A18-F328-4FD8-9D95-2F3C82B7BD17}" = protocol=17 | dir=in | app=c:\program files\search results toolbar\datamngr\srtool~1\dtuser.exe |
"{9A21878F-F2CB-4146-B018-F918A7CD92D3}" = dir=in | app=c:\users\carina\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{9DD94E34-F3E5-4A97-95B3-8787A2B13C34}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{9F0D41F4-E280-469C-B5E6-A362FB1B7BBA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A6FD2A97-4E54-49F6-BF26-63A7027C3BF0}" = protocol=17 | dir=in | app=c:\program files\windows ilivid toolbar\datamngr\toolbar\dtuser.exe |
"{B5858166-4C79-4DA8-AC24-8C008B011174}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{B5F5EE25-F724-41C9-B1BB-69DF9B06230C}" = protocol=6 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{B922EE37-D5A7-46EE-A26D-2FBB5C7086D8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C1F34636-3072-43D4-B5B3-224110B64EA8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CB385344-596B-49A5-A49F-D1C5AAFC9F8C}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe |
"{CCB514F0-0AEC-4E15-B3ED-C25014A507C8}" = protocol=6 | dir=in | app=e:\alicesetup.exe |
"{D0F459B7-F96F-4C07-A001-0A2BCE4012BE}" = protocol=6 | dir=in | app=c:\program files\windows ilivid toolbar\datamngr\toolbar\dtuser.exe |
"{D2628B81-624A-4227-A8EC-053AA84AC828}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D7764F80-7CF1-4417-8D7D-057EEE271748}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{DCAF7858-9743-4DED-BD48-F18821FC0305}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe |
"{E3E269DE-1CE4-4666-832B-366BE8744ABB}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{E9373D70-788B-4690-8433-2197AECE7490}" = protocol=17 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{F87704D4-7494-4350-B9BF-C2A12B5EF0BA}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{F8D24FDB-6660-4340-AF24-BC0599176471}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{FE1860D9-59CE-4862-8441-79DDCE1596CB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{442F78DB-CA51-4751-8775-7E0F21E41DB7}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{4B46D7B0-A105-4F15-93E3-1C1123D50933}C:\users\carina\downloads\822c757f950547419fb2dbe5e56ece9f_pod14_de-de.exe" = protocol=6 | dir=in | app=c:\users\carina\downloads\822c757f950547419fb2dbe5e56ece9f_pod14_de-de.exe |
"TCP Query User{58BB7EF5-1BCA-43C4-8A10-031EA5073524}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{62518171-C3A9-418B-B625-A7AB97BA8D92}C:\program files\icq7.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe |
"TCP Query User{9A30B723-32A9-44CF-ABDE-DC69BC81633D}C:\windows\system32\taskhost.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskhost.exe |
"TCP Query User{A1696CB1-D5F8-4E49-B48C-CD83600AFA85}C:\users\carina\downloads\f660ce21f4aa4ceaad9c8919f0e13ca0_pod12_de-de.exe" = protocol=6 | dir=in | app=c:\users\carina\downloads\f660ce21f4aa4ceaad9c8919f0e13ca0_pod12_de-de.exe |
"TCP Query User{BED4F0C8-96B4-42A0-BFF8-D7FB0247C82E}C:\program files\icq7.2\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"UDP Query User{2D285118-0048-4D35-8855-2921561B3470}C:\windows\system32\taskhost.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskhost.exe |
"UDP Query User{36EEB358-8AF8-47DD-AC6A-1E5AC7D5027C}C:\users\carina\downloads\822c757f950547419fb2dbe5e56ece9f_pod14_de-de.exe" = protocol=17 | dir=in | app=c:\users\carina\downloads\822c757f950547419fb2dbe5e56ece9f_pod14_de-de.exe |
"UDP Query User{3D5C6049-FE37-41F5-8E6D-7379D41975FD}C:\program files\icq7.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe |
"UDP Query User{6E95950A-61E7-46A0-9879-8997F7E5C813}C:\users\carina\downloads\f660ce21f4aa4ceaad9c8919f0e13ca0_pod12_de-de.exe" = protocol=17 | dir=in | app=c:\users\carina\downloads\f660ce21f4aa4ceaad9c8919f0e13ca0_pod12_de-de.exe |
"UDP Query User{8F27196C-E320-4350-95A3-6AF267389D7E}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{D03365D7-D1E5-49B0-B0F0-218AEF8AC0AD}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{E5F073A6-828D-45C0-B20F-0C17D593175F}C:\program files\icq7.2\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}" = CorelDRAW Essentials 4
"_{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}" = CorelDRAW Essentials 4 - Windows Shell Extension
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{02602409-9189-4567-BC07-562605243B69}" = Windows Live Remote Client Resources
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{07B62101-7EBD-434A-94B1-B38063BE5516}" = CorelDRAW Essentials 4 - PHOTO-PAINT
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0ED4216F-3540-4D6B-8199-1C8DDEA3924B}" = CorelDRAW Essentials 4 - Lang DE
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19AC095C-3520-4999-AA15-93B6D0248A50}" = CorelDRAW Essentials 4 - Content
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Medion Home Cinema
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20150000-008C-0000-0000-0000000FF1CE}" = Office 15 Click-to-Run Extensibility Component
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2A6355EB-273D-4368-9DB6-FB99EBA9FABD}" = Cisco AnyConnect VPN Client
"{2D6E3D97-1FDF-4993-AC75-72F59EC445C5}" = Windows Live Family Safety
"{2FB1052B-2F3D-48CE-A65D-006240516ECE}_is1" = Office 2010 Trial Extender
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34A9406E-1994-4C20-AC72-04CFA2B24545}" = CorelDRAW Essentials 4 - Lang EN
"{3576C335-958D-4D60-A812-F68F9A2796AF}" = CorelDRAW Essentials 4 - Lang IT
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3A65A74A-5B6E-451A-92D8-50F1182BBE9A}" = Windows Live Remote Service Resources
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{432E898E-207A-475C-B6E8-0317C4A08A46}" = Jaws PDF Editor 4
"{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C552FD3-2CCD-4E00-AC64-0681DBB3F8B5}" = OpenOffice.org 3.4
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{50150000-007E-0000-0000-0000000FF1CE}" = Office 15 Click-to-Run Licensing Component
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{5500BB35-1C21-4328-9F16-F894B860FADE}" = CorelDRAW Essentials 4 - Lang NL
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{76E852ED-1B06-4BC8-9D6A-625DB95FB7E5}" = CorelDRAW Essentials 4 - IPM - No VBA
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_PROR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0000-0000-0000000FF1CE}" = Microsoft Office Excel 2007
"{90120000-0016-0000-0000-0000000FF1CE}_EXCEL_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_EXCEL_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_PROR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_PROR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_PROR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_PROR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_EXCEL_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_EXCEL_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_EXCEL_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_EXCEL_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_EXCEL_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PRJPROR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.VISIOR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PRJPROR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.VISIOR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PRJPROR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.VISIOR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PRJPROR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.VISIOR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PRJPROR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.VISIOR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0054-0407-0000-0000000FF1CE}" = Microsoft Office Visio MUI (German) 2010
"{90140000-0054-0407-0000-0000000FF1CE}_Office14.VISIOR_{1FEAC070-BB09-4055-9BD0-48CF52023F92}" = Microsoft Office 2010 Language Pack Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PRJPROR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.VISIOR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00B4-0407-0000-0000000FF1CE}" = Microsoft Office Project MUI (German) 2010
"{90140000-00B4-0407-0000-0000000FF1CE}_Office14.PRJPROR_{86D01646-1942-4253-B11F-68F5ED259B17}" = Microsoft Project 2010 Service Pack 1 (SP1)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9043B9A0-9505-405B-8202-E7167A38A89C}" = CorelDRAW Essentials 4
"{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91140000-003B-0000-0000-0000000FF1CE}" = Microsoft Office Project Professional 2010
"{91140000-003B-0000-0000-0000000FF1CE}_Office14.PRJPROR_{8A8F117F-8EDB-440D-B679-F08909D729F7}" = Microsoft Project 2010 Service Pack 1 (SP1)
"{91140000-0057-0000-0000-0000000FF1CE}" = Microsoft Office Visio 2010
"{91140000-0057-0000-0000-0000000FF1CE}_Office14.VISIOR_{01D8AE4B-A04D-47E5-81BF-E3F98B81B8C3}" = Microsoft Visio 2010 Service Pack 1 (SP1)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}" = Software Version Updater
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D3D8C60-A55F-4fed-B2B9-173F09590E16}" = REALTEK Wireless LAN Driver
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C9DF2B-89B5-4483-8983-18A68200F1B4}" = SweetIM for Messenger 3.7
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{ABD8B955-1C69-4AF3-949B-13CD587C175F}" = CorelDRAW Essentials 4 - Lang BR
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.03) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AF72E557-0647-4DE5-ACDA-ECFB38D5D732}" = Licensing Service Install
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{B9FA9F15-A1F3-4DB1-AD49-0B9351843FAA}" = CorelDRAW Essentials 4 - Draw
"{BA9319FE-BCEF-4C99-8039-F464648D046E}" = CorelDRAW Essentials 4 - Lang FR
"{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}" = Microsoft SQL Server 2005 Compact Edition [DEU]
"{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}" = CorelDRAW Essentials 4 - ICA
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die*Sims™*3
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C682F3F0-00A6-4379-B083-4F3273624D7B}" = CorelDRAW Essentials 4 - Lang ES
"{C9A87D86-FDFD-418B-BF96-EF09320973B3}" = PC Inspector smart recovery
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}" = CorelDRAW Essentials 4 - Windows Shell Extension
"{D0846526-66DD-4DC9-A02C-98F9A2806812}" = Launch Manager V1.5.0.8
"{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaShow Espresso
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{EEE6C374-6118-11DC-9C72-001320C79847}" = SweetPacks Toolbar For Firefox 1.13.0.0
"{F04C4F83-D9C7-408C-9DEB-D5526E72108C}" = Linkury Smartbar
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F16841F6-5F0F-4DBE-B318-63CEB916F21D}" = CorelDRAW Essentials 4 - Filters
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F5A4F780-DF0C-444F-BA82-637CCF5C8052}" = Windows Live Family Safety
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"7-Zip" = 7-Zip 9.20
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ALDI SÜD Mah Jong" = ALDI SÜD Mah Jong
"Ashampoo Burning Studio_is1" = Ashampoo Burning Studio
"Ashampoo Photo Commander_is1" = Ashampoo Photo Commander
"Ashampoo Snap_is1" = Ashampoo Snap
"Avira AntiVir Desktop" = Avira Free Antivirus
"bi_uninstaller" = Bundled software uninstaller
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"DefaultTab" = DefaultTab
"ElsterFormular" = ElsterFormular
"EXCEL" = Microsoft Office Excel 2007
"FilesFrog Update Checker" = FilesFrog Update Checker
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.8
"GIMP-2_is1" = GIMP 2.8.4
"GotClip" = GotClip Downloader
"HaaliMkx" = Haali Media Splitter
"iLivid" = iLivid
"ilividtoolbarguid" = Search-Results Toolbar
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Medion Home Cinema
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaShow Espresso
"InstallShield_{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy
"LuxandBlink_is1" = Luxand Blink! v2.2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Office Professional 15 (Technical Preview) - en-us" = Microsoft Office 365 Home Premium Preview - en-us
"Mozilla Firefox 21.0 (x86 de)" = Mozilla Firefox 21.0 (x86 de)
"Office14.PRJPROR" = Microsoft Project Professional 2010
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"Office14.VISIOR" = Microsoft Visio Professional 2010
"PhotoRescue Expert PC Demo_is1" = PhotoRescue Expert PC Demo 2.1.712
"PROR" = Microsoft Office Professional 2007
"SpeedFan" = SpeedFan (remove only)
"Stellar Phoenix Photo Recovery_is1" = Stellar Phoenix Photo Recovery
"SweetIM Bundle by SweetPacks" = SweetIM Bundle by SweetPacks
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Uninstall_is1" = Uninstall 1.0.0.1
"Winamp" = Winamp
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"Windows Searchqu Toolbar" = Windows iLivid Toolbar
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"WNLT" = SweetPacks Updater
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Avira SearchFree Toolbar plus Web Protection Updater
"{e2ca506f-ef22-4fb2-8829-d1135f1c1e05}" = Linkury Smartbar Engine
"Adobe Connect Add-in" = Adobe Connect Add-in
"Google Chrome" = Google Chrome
"SkyDriveSetup.exe" = Microsoft SkyDrive
"Winamp Detect" = Winamp Erkennungs-Plug-in
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 6/10/2013 11:37:00 AM | Computer Name = Carina-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bc100 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0xf1eef1ee ID des fehlerhaften
Prozesses: 0x2558 Startzeit der fehlerhaften Anwendung: 0x01ce659cdb7fca81 Pfad der
fehlerhaften Anwendung: C:\Windows\system32\svchost.exe Pfad des fehlerhaften Moduls:
unknown Berichtskennung: 970c7030-d1e3-11e2-a3c9-00262dc0835e
Error - 6/10/2013 11:37:04 AM | Computer Name = Carina-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: SweetIM.exe, Version: 3.7.0.7, Zeitstempel:
0x506d9e00 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel:
0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x02e1e9b0 ID des fehlerhaften Prozesses:
0xfc8 Startzeit der fehlerhaften Anwendung: 0x01ce641646f46478 Pfad der fehlerhaften
Anwendung: C:\Program Files\SweetIM\Messenger\SweetIM.exe Pfad des fehlerhaften
Moduls: unknown Berichtskennung: 994ede93-d1e3-11e2-a3c9-00262dc0835e
Error - 6/10/2013 11:39:49 AM | Computer Name = Carina-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: McCHSvc.exe, Version: 3.0.318.0,
Zeitstempel: 0x511128a4 Name des fehlerhaften Moduls: WebInfoScanner.dll_unloaded,
Version: 0.0.0.0, Zeitstempel: 0x511128ea Ausnahmecode: 0xc0000005 Fehleroffset:
0x6417c58f ID des fehlerhaften Prozesses: 0x2be0 Startzeit der fehlerhaften Anwendung:
0x01ce65f0664579ec Pfad der fehlerhaften Anwendung: C:\Program Files\McAfee Security
Scan\3.0.318\McCHSvc.exe Pfad des fehlerhaften Moduls: WebInfoScanner.dll Berichtskennung:
fb9b4978-d1e3-11e2-a3c9-00262dc0835e
Error - 6/10/2013 12:08:26 PM | Computer Name = Carina-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 21.0.0.4879,
Zeitstempel: 0x518ec3cc Name des fehlerhaften Moduls: xul.dll, Version: 21.0.0.4879,
Zeitstempel: 0x518ec306 Ausnahmecode: 0xc0000005 Fehleroffset: 0x001c9789 ID des fehlerhaften
Prozesses: 0xba4 Startzeit der fehlerhaften Anwendung: 0x01ce65f27d2f5cba Pfad der
fehlerhaften Anwendung: C:\Program Files\Mozilla Firefox\firefox.exe Pfad des fehlerhaften
Moduls: C:\Program Files\Mozilla Firefox\xul.dll Berichtskennung: fb5d38fa-d1e7-11e2-a3c9-00262dc0835e
Error - 6/10/2013 3:13:47 PM | Computer Name = Carina-PC | Source = Application Hang | ID = 1002
Description = Programm avscan.exe, Version 13.6.0.1262 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1434 Startzeit:
01ce65f7a0f41296 Endzeit: 60000 Anwendungspfad: C:\Program Files\Avira\AntiVir Desktop\avscan.exe
Berichts-ID:
b165cb0e-d201-11e2-a3c9-00262dc0835e
Error - 6/10/2013 4:02:17 PM | Computer Name = Carina-PC | Source = Application Hang | ID = 1002
Description = Programm SnippingTool.exe, Version 6.1.7600.16385 kann nicht mehr
unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: fdc Startzeit: 01ce66153ea85cd7 Endzeit: 20 Anwendungspfad:
C:\Windows\system32\SnippingTool.exe Berichts-ID: a1e2a08b-d208-11e2-a3c9-00262dc0835e
Error - 6/10/2013 11:26:16 PM | Computer Name = Carina-PC | Source = Google Update | ID = 20
Description =
Error - 6/11/2013 12:34:11 AM | Computer Name = Carina-PC | Source = Google Update | ID = 20
Description =
Error - 6/11/2013 12:36:46 AM | Computer Name = Carina-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: DefaultTabSearch.exe, Version: 0.0.0.0,
Zeitstempel: 0x511246e7 Name des fehlerhaften Moduls: DefaultTabSearch.exe, Version:
0.0.0.0, Zeitstempel: 0x511246e7 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00002c60
ID
des fehlerhaften Prozesses: 0x734 Startzeit der fehlerhaften Anwendung: 0x01ce665d3e173a82
Pfad
der fehlerhaften Anwendung: C:\Program Files\DefaultTab\DefaultTabSearch.exe Pfad
des fehlerhaften Moduls: C:\Program Files\DefaultTab\DefaultTabSearch.exe Berichtskennung:
85bd3dfb-d250-11e2-8b5c-00262dc0835e
Error - 6/11/2013 1:59:52 AM | Computer Name = Carina-PC | Source = Avira Antivirus | ID = 4118
Description = AUSNAHMEFEHLER beim Aufruf der Funktion AVEPROC_TestFile() für die
Datei C:\$RECYCLE.BIN\S-1-5-21-3410650692-588603448-4288098186-1000\$RQ1R9BD.JPG.
[ACCESS_VIOLATION Exception!! EIP = 0x6e127f32] Bitte Avira informieren und die
obige Datei übersenden!
Error - 6/11/2013 2:03:02 AM | Computer Name = Carina-PC | Source = MsiInstaller | ID = 11609
Description =
[ Cisco AnyConnect VPN Client Events ]
Error - 4/4/2013 9:46:59 AM | Computer Name = Carina-PC | Source = vpnui | ID = 67108866
Description = Function: CMainFrame::OnConnectBtn File: .\mainfrm.cpp Line: 218 Invoked
Function: CMainFrame::attemptConnect Return Code: -33554422 (0xFE00000A) Description:
GLOBAL_ERROR_UNKNOWN
Error - 4/4/2013 9:47:03 AM | Computer Name = Carina-PC | Source = vpnui | ID = 67108866
Description = Function: CMainFrame::attemptConnect File: .\mainfrm.cpp Line: 1460 Invoked
Function: CMainFrame::initiateConnect Return Code: -33554422 (0xFE00000A) Description:
GLOBAL_ERROR_UNKNOWN
Error - 4/4/2013 9:47:15 AM | Computer Name = Carina-PC | Source = vpnui | ID = 67108866
Description = Function: CTransportWinInet::SendRequest File: .\CTransportWinInet.cpp
Line:
1125 Invoked Function: CTransportWinInet::SendRequest Return Code: 12044 (0x00002F0C)
Description:
A certificate is required to complete client authentication
Error - 4/4/2013 9:47:24 AM | Computer Name = Carina-PC | Source = vpnagent | ID = 67108866
Description = Function: CVirtualAdapter::GetConnName File: .\WindowsVirtualAdapter.cpp
Line:
2355 Invoked Function: GetAdaptersAddresses Return Code: 111 (0x0000006F) Description:
Der Dateiname ist zu lang.
Error - 4/4/2013 9:47:25 AM | Computer Name = Carina-PC | Source = vpnagent | ID = 67108866
Description = Function: CChangeRouteHelper::AddRouteChange File: .\ChangeRouteHelper.cpp
Line:
1295 Invoked Function: AddRouteChange Return Code: -33095667 (0xFE07000D) Description:
ROUTETABLE_ERROR_CREATEIPFORWARDENTRY_FAILED
Error - 4/4/2013 9:47:25 AM | Computer Name = Carina-PC | Source = vpnagent | ID = 67110872
Description = Failed Route change: Action: AddRoute Destination: 0.0.0.0 Netmask:
0.0.0.0 Gateway: 193.197.41.1 Interface: 193.197.41.154 Metric: 1
Error - 4/4/2013 9:47:25 AM | Computer Name = Carina-PC | Source = vpnagent | ID = 67108866
Description = Function: CChangeRouteHelper::SetRouteTable File: .\ChangeRouteHelper.cpp
Line:
226 Invoked Function: AddRouteChange Return Code: -33095667 (0xFE07000D) Description:
ROUTETABLE_ERROR_CREATEIPFORWARDENTRY_FAILED
Error - 4/4/2013 9:47:25 AM | Computer Name = Carina-PC | Source = vpnagent | ID = 67108866
Description = Function: CChangeRouteHelper::AddRouteChange File: .\ChangeRouteHelper.cpp
Line:
1295 Invoked Function: AddRouteChange Return Code: -33095666 (0xFE07000E) Description:
ROUTETABLE_ERROR_DELETEIPFORWARDENTRY_FAILED
Error - 4/4/2013 9:47:25 AM | Computer Name = Carina-PC | Source = vpnagent | ID = 67110872
Description = Failed Route change: Action: DelRoute Destination: 192.168.178.255
Netmask: 255.255.255.255 Gateway: 192.168.178.39 Interface: 192.168.178.39 Metric:
256
Error - 4/4/2013 9:47:25 AM | Computer Name = Carina-PC | Source = vpnagent | ID = 67108866
Description = Function: CChangeRouteHelper::SetRouteTable File: .\ChangeRouteHelper.cpp
Line:
245 Invoked Function: AddRouteChange Return Code: -33095666 (0xFE07000E) Description:
ROUTETABLE_ERROR_DELETEIPFORWARDENTRY_FAILED
[ Media Center Events ]
Error - 11/3/2010 4:27:37 PM | Computer Name = Carina-PC | Source = MCUpdate | ID = 0
Description = 21:27:36 - Fehler beim Herstellen der Internetverbindung. 21:27:36
- Serververbindung konnte nicht hergestellt werden..
Error - 11/14/2010 6:52:37 AM | Computer Name = Carina-PC | Source = MCUpdate | ID = 0
Description = 11:52:37 - Fehler beim Herstellen der Internetverbindung. 11:52:37
- Serververbindung konnte nicht hergestellt werden..
Error - 11/14/2010 6:52:46 AM | Computer Name = Carina-PC | Source = MCUpdate | ID = 0
Description = 11:52:42 - Fehler beim Herstellen der Internetverbindung. 11:52:42
- Serververbindung konnte nicht hergestellt werden..
Error - 11/18/2010 3:39:29 PM | Computer Name = Carina-PC | Source = MCUpdate | ID = 0
Description = 20:39:29 - Fehler beim Herstellen der Internetverbindung. 20:39:29
- Serververbindung konnte nicht hergestellt werden..
Error - 11/18/2010 3:39:41 PM | Computer Name = Carina-PC | Source = MCUpdate | ID = 0
Description = 20:39:34 - Fehler beim Herstellen der Internetverbindung. 20:39:34
- Serververbindung konnte nicht hergestellt werden..
Error - 11/22/2010 2:58:53 PM | Computer Name = Carina-PC | Source = MCUpdate | ID = 0
Description = 19:58:53 - Directory konnte nicht abgerufen werden (Fehler: Die Verbindung
mit dem Remoteserver kann nicht hergestellt werden.)
Error - 11/22/2010 3:00:11 PM | Computer Name = Carina-PC | Source = MCUpdate | ID = 0
Description = 20:00:07 - Fehler beim Herstellen der Internetverbindung. 20:00:07
- Serververbindung konnte nicht hergestellt werden..
Error - 11/22/2010 4:03:16 PM | Computer Name = Carina-PC | Source = MCUpdate | ID = 0
Description = 21:03:16 - Directory konnte nicht abgerufen werden (Fehler: Timeout
für Vorgang überschritten)
Error - 10/19/2011 2:26:55 PM | Computer Name = Carina-PC | Source = MCUpdate | ID = 0
Description = 20:26:55 - Fehler beim Herstellen der Internetverbindung. 20:26:55
- Serververbindung konnte nicht hergestellt werden..
Error - 10/19/2011 2:27:29 PM | Computer Name = Carina-PC | Source = MCUpdate | ID = 0
Description = 20:27:24 - Fehler beim Herstellen der Internetverbindung. 20:27:24
- Serververbindung konnte nicht hergestellt werden..
[ System Events ]
Error - 6/5/2013 2:15:13 PM | Computer Name = Carina-PC | Source = Schannel | ID = 36874
Description = Eine SSL 3.0-Verbindungsanforderung wurde von einer Remoteclientanwendung
übermittelt, jedoch werden keine der Verschlüsselungssammlungen, die von der Clientanwendung
unterstützt werden, vom Server unterstützt. Fehler bei der SSL-Verbindungsanforderung.
Error - 6/5/2013 2:15:13 PM | Computer Name = Carina-PC | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus
lautet: 107.
Error - 6/5/2013 2:16:15 PM | Computer Name = Carina-PC | Source = Schannel | ID = 36874
Description = Eine SSL 3.0-Verbindungsanforderung wurde von einer Remoteclientanwendung
übermittelt, jedoch werden keine der Verschlüsselungssammlungen, die von der Clientanwendung
unterstützt werden, vom Server unterstützt. Fehler bei der SSL-Verbindungsanforderung.
Error - 6/5/2013 2:16:15 PM | Computer Name = Carina-PC | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus
lautet: 107.
Error - 6/5/2013 2:16:15 PM | Computer Name = Carina-PC | Source = Schannel | ID = 36874
Description = Eine SSL 3.0-Verbindungsanforderung wurde von einer Remoteclientanwendung
übermittelt, jedoch werden keine der Verschlüsselungssammlungen, die von der Clientanwendung
unterstützt werden, vom Server unterstützt. Fehler bei der SSL-Verbindungsanforderung.
Error - 6/5/2013 2:16:15 PM | Computer Name = Carina-PC | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus
lautet: 107.
Error - 6/8/2013 3:03:46 AM | Computer Name = Carina-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "DefaultTabSearch" wurde unerwartet beendet. Dies ist bereits
1 Mal passiert.
Error - 6/10/2013 11:39:56 AM | Computer Name = Carina-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "McAfee Security Scan Component Host Service" wurde unerwartet
beendet. Dies ist bereits 1 Mal passiert.
Error - 6/11/2013 12:36:54 AM | Computer Name = Carina-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "DefaultTabSearch" wurde unerwartet beendet. Dies ist bereits
1 Mal passiert.
Error - 6/11/2013 1:59:55 AM | Computer Name = Carina-PC | Source = DCOM | ID = 10010
Description =
< End of report >
|
|
11.06.2013, 15:46
| #4 |
| /// TB-Ausbilder   | Trojaner TR/Spy.Banker.YF - Online Banking Probleme Fehlt nur noch das Gmer-Log und dann legen wir los. Aber ich hab so auf die Schnelle schon gesehen, dass einiges drauf ist..
__________________ cheers, Leo |
|
11.06.2013, 15:55
| #5 |
| | Trojaner TR/Spy.Banker.YF - Online Banking Probleme Läuft noch :-) Aber danke schon mal. Ich seh da nämlich gar nichts. :-) |
|
11.06.2013, 16:06
| #6 |
| /// TB-Ausbilder | Trojaner TR/Spy.Banker.YF - Online Banking Probleme Ok. 
__________________ --> Trojaner TR/Spy.Banker.YF - Online Banking Probleme |
|
11.06.2013, 20:07
| #7 |
| | Trojaner TR/Spy.Banker.YF - Online Banking Probleme GMER Logfile: Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-06-11 21:07:02
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD50 rev.01.0 465,76GB
Running: gmer_2.1.19163(1).exe; Driver: C:\Users\Carina\AppData\Local\Temp\pwdirpod.sys
---- System - GMER 2.1 ----
SSDT 96A534DE ZwCreateSection
SSDT 96A534E8 ZwRequestWaitReplyPort
SSDT 96A534E3 ZwSetContextThread
SSDT 96A534ED ZwSetSecurityObject
SSDT 96A534F2 ZwSystemDebugControl
SSDT 96A5347F ZwTerminateProcess
---- Kernel code sections - GMER 2.1 ----
.text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 83051A09 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 8308B1F2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 11F7 8309234C 4 Bytes [DE, 34, A5, 96]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1553 830926A8 4 Bytes [E8, 34, A5, 96]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1597 830926EC 4 Bytes [E3, 34, A5, 96] {JECXZ 0x36; MOVSD ; XCHG ESI, EAX}
.text ntkrnlpa.exe!KeRemoveQueueEx + 1613 83092768 4 Bytes [ED, 34, A5, 96] {IN EAX, DX; XOR AL, 0xa5; XCHG ESI, EAX}
.text ntkrnlpa.exe!KeRemoveQueueEx + 1667 830927BC 4 Bytes [F2, 34, A5, 96] {XOR AL, 0xa5; XCHG ESI, EAX}
.text ...
---- User code sections - GMER 2.1 ----
.text C:\Windows\Explorer.EXE[1076] kernel32.dll!CreateProcessW 778B204D 5 Bytes JMP 05E43DC4
.text C:\Windows\Explorer.EXE[1076] ADVAPI32.dll!CreateProcessAsUserW 7606C592 5 Bytes JMP 05E43B6C
.text C:\Windows\Explorer.EXE[1076] WININET.dll!InternetCloseHandle 761B3CC2 5 Bytes JMP 05E42B74
.text C:\Windows\Explorer.EXE[1076] WININET.dll!HttpQueryInfoA 761B6AB7 5 Bytes JMP 05E42AA4
.text C:\Windows\Explorer.EXE[1076] WININET.dll!HttpQueryInfoW 761B7202 5 Bytes JMP 05E42B0C
.text C:\Windows\Explorer.EXE[1076] WININET.dll!HttpSendRequestW 761B76E6 5 Bytes JMP 05E404F8
.text C:\Windows\Explorer.EXE[1076] WININET.dll!HttpOpenRequestW 761B7E1D 5 Bytes JMP 05E3EAC8
.text C:\Windows\Explorer.EXE[1076] WININET.dll!InternetConnectW 761BAC54 5 Bytes JMP 05E3E1C0
.text C:\Windows\Explorer.EXE[1076] WININET.dll!InternetQueryDataAvailable 7620A1AD 5 Bytes JMP 05E41400
.text C:\Windows\Explorer.EXE[1076] WININET.dll!InternetReadFile 7620A5EF 5 Bytes JMP 05E4192C
.text C:\Windows\Explorer.EXE[1076] WININET.dll!InternetReadFileExW 76211A4B 5 Bytes JMP 05E422DC
.text C:\Windows\Explorer.EXE[1076] WININET.dll!InternetReadFileExA 76211AA2 5 Bytes JMP 05E41B14
.text C:\Windows\Explorer.EXE[1076] WININET.dll!InternetOpenA 7622EAF8 5 Bytes JMP 05E3E16C
.text C:\Windows\Explorer.EXE[1076] WININET.dll!InternetConnectA 7625F6B3 5 Bytes JMP 05E3E3A0
.text C:\Windows\Explorer.EXE[1076] WININET.dll!HttpSendRequestA 76285876 5 Bytes JMP 05E3FD80
.text C:\Windows\Explorer.EXE[1076] WININET.dll!HttpOpenRequestA 76285B15 5 Bytes JMP 05E3ED1C
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2416] USER32.dll!RegisterMessagePumpHook + 2F1 76948B9E 7 Bytes JMP 60AAEA03 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2416] USER32.dll!IsDialogMessageW + 340 76954444 7 Bytes JMP 60AAE992 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2416] USER32.dll!GetWindowInfo 76954B5E 5 Bytes JMP 608E5238 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2416] USER32.dll!ToUnicodeEx + 71 76962223 7 Bytes JMP 608E5811 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[5076] ntdll.dll!NtClose 77CF54C8 5 Bytes JMP 61BEDB70 C:\PROGRA~1\SEARCH~1\Datamngr\datamngr.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[5076] ntdll.dll!NtCreateFile 77CF55C8 5 Bytes JMP 61BED840 C:\PROGRA~1\SEARCH~1\Datamngr\datamngr.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[5076] ntdll.dll!NtFlushBuffersFile 77CF5958 5 Bytes JMP 61BED970 C:\PROGRA~1\SEARCH~1\Datamngr\datamngr.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[5076] ntdll.dll!NtLockFile 77CF5B98 5 Bytes JMP 61BEDA60 C:\PROGRA~1\SEARCH~1\Datamngr\datamngr.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[5076] ntdll.dll!NtOpenFile 77CF5CD8 5 Bytes JMP 61BED7C0 C:\PROGRA~1\SEARCH~1\Datamngr\datamngr.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[5076] ntdll.dll!NtQueryInformationFile 77CF6018 5 Bytes JMP 61BC3390 C:\PROGRA~1\SEARCH~1\Datamngr\datamngr.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[5076] ntdll.dll!NtReadFile 77CF62B8 5 Bytes JMP 61BC31F0 C:\PROGRA~1\SEARCH~1\Datamngr\datamngr.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[5076] ntdll.dll!NtSetInformationFile 77CF6638 5 Bytes JMP 61BED9E0 C:\PROGRA~1\SEARCH~1\Datamngr\datamngr.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[5076] ntdll.dll!NtUnlockFile 77CF6998 5 Bytes JMP 61BEDAF0 C:\PROGRA~1\SEARCH~1\Datamngr\datamngr.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[5076] ntdll.dll!NtWriteFile 77CF6A68 5 Bytes JMP 61BED8E0 C:\PROGRA~1\SEARCH~1\Datamngr\datamngr.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[5076] ntdll.dll!LdrGetProcedureAddress + 26 77D12239 7 Bytes JMP 02069CF0 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[5076] kernel32.dll!K32GetDeviceDriverBaseNameW + 5D 778F941E 7 Bytes JMP 02615408 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[5076] kernel32.dll!QueryPerformanceCounter + 13 778FC435 7 Bytes JMP 0261542B C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[5076] kernel32.dll!LoadAppInitDlls + 355 778FF4F6 7 Bytes JMP 0207369E C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[5076] GDI32.dll!GetViewportOrgEx + 26C 77BD884B 7 Bytes JMP 02615389 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[5076] wininet.DLL!InternetCloseHandle 761B3CC2 5 Bytes JMP 03492B74
.text C:\Program Files\Mozilla Firefox\firefox.exe[5076] wininet.DLL!HttpQueryInfoA 761B6AB7 5 Bytes JMP 03492AA4
.text C:\Program Files\Mozilla Firefox\firefox.exe[5076] wininet.DLL!HttpQueryInfoW 761B7202 5 Bytes JMP 03492B0C
.text C:\Program Files\Mozilla Firefox\firefox.exe[5076] wininet.DLL!HttpSendRequestW 761B76E6 5 Bytes JMP 034904F8
.text C:\Program Files\Mozilla Firefox\firefox.exe[5076] wininet.DLL!HttpOpenRequestW 761B7E1D 5 Bytes JMP 0348EAC8
.text C:\Program Files\Mozilla Firefox\firefox.exe[5076] wininet.DLL!InternetConnectW 761BAC54 5 Bytes JMP 0348E1C0
.text C:\Program Files\Mozilla Firefox\firefox.exe[5076] wininet.DLL!InternetQueryDataAvailable 7620A1AD 5 Bytes JMP 03491400
.text C:\Program Files\Mozilla Firefox\firefox.exe[5076] wininet.DLL!InternetReadFile 7620A5EF 5 Bytes JMP 0349192C
.text C:\Program Files\Mozilla Firefox\firefox.exe[5076] wininet.DLL!InternetReadFileExW 76211A4B 5 Bytes JMP 034922DC
.text C:\Program Files\Mozilla Firefox\firefox.exe[5076] wininet.DLL!InternetReadFileExA 76211AA2 5 Bytes JMP 03491B14
.text C:\Program Files\Mozilla Firefox\firefox.exe[5076] wininet.DLL!InternetOpenA 7622EAF8 5 Bytes JMP 0348E16C
.text C:\Program Files\Mozilla Firefox\firefox.exe[5076] wininet.DLL!InternetConnectA 7625F6B3 5 Bytes JMP 0348E3A0
.text C:\Program Files\Mozilla Firefox\firefox.exe[5076] wininet.DLL!HttpSendRequestA 76285876 5 Bytes JMP 0348FD80
.text C:\Program Files\Mozilla Firefox\firefox.exe[5076] wininet.DLL!HttpOpenRequestA 76285B15 5 Bytes JMP 0348ED1C
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] ntdll.dll!NtCreateFile + 6 77CF55CE 4 Bytes [28, B0, 07, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] ntdll.dll!NtCreateFile + B 77CF55D3 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] ntdll.dll!NtCreateKey + 6 77CF560E 4 Bytes [68, B1, 07, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] ntdll.dll!NtCreateKey + B 77CF5613 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] ntdll.dll!NtCreateMutant + 6 77CF564E 4 Bytes [68, B2, 07, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] ntdll.dll!NtCreateMutant + B 77CF5653 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] ntdll.dll!NtCreateSection + 6 77CF56EE 4 Bytes [A8, B2, 07, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] ntdll.dll!NtCreateSection + B 77CF56F3 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] ntdll.dll!NtMapViewOfSection + B 77CF5C33 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] ntdll.dll!NtOpenFile + 6 77CF5CDE 4 Bytes [68, B0, 07, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] ntdll.dll!NtOpenFile + B 77CF5CE3 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] ntdll.dll!NtOpenKey + 6 77CF5D0E 4 Bytes [A8, B1, 07, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] ntdll.dll!NtOpenKey + B 77CF5D13 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] ntdll.dll!NtOpenKeyEx + B 77CF5D23 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] ntdll.dll!NtOpenMutant + 6 77CF5D5E 4 Bytes [28, B2, 07, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] ntdll.dll!NtOpenMutant + B 77CF5D63 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] ntdll.dll!NtOpenProcess + 6 77CF5D8E 4 Bytes [68, B3, 07, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] ntdll.dll!NtOpenProcess + B 77CF5D93 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] ntdll.dll!NtOpenProcessToken + 6 77CF5D9E 4 Bytes [A8, B3, 07, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] ntdll.dll!NtOpenProcessToken + B 77CF5DA3 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] ntdll.dll!NtOpenProcessTokenEx + 6 77CF5DAE 4 Bytes [68, B4, 07, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] ntdll.dll!NtOpenProcessTokenEx + B 77CF5DB3 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] ntdll.dll!NtOpenSection + B 77CF5DD3 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] ntdll.dll!NtOpenThread + 6 77CF5E0E 4 Bytes [28, B3, 07, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] ntdll.dll!NtOpenThread + B 77CF5E13 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] ntdll.dll!NtOpenThreadToken + 6 77CF5E1E 4 Bytes [28, B4, 07, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] ntdll.dll!NtOpenThreadToken + B 77CF5E23 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] ntdll.dll!NtOpenThreadTokenEx + 6 77CF5E2E 4 Bytes [A8, B4, 07, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] ntdll.dll!NtOpenThreadTokenEx + B 77CF5E33 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] ntdll.dll!NtQueryAttributesFile + 6 77CF5F3E 4 Bytes [A8, B0, 07, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] ntdll.dll!NtQueryAttributesFile + B 77CF5F43 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] ntdll.dll!NtQueryFullAttributesFile + B 77CF5FF3 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] ntdll.dll!NtSetInformationFile + 6 77CF663E 4 Bytes [28, B1, 07, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] ntdll.dll!NtSetInformationFile + B 77CF6643 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] ntdll.dll!NtSetInformationThread + B 77CF66A3 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] ntdll.dll!NtUnmapViewOfSection + 6 77CF69BE 4 Bytes [28, B5, 07, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] ntdll.dll!NtUnmapViewOfSection + B 77CF69C3 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] kernel32.dll!CreateProcessW 778B204D 5 Bytes JMP 00080030
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] kernel32.dll!CreateProcessA 778B2082 5 Bytes JMP 00080070
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] user32.DLL!ActivateKeyboardLayout 76948203 5 Bytes JMP 001304F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] user32.DLL!ScreenToClient 7694A506 7 Bytes JMP 00130670
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] user32.DLL!RegisterClipboardFormatA 7694C091 5 Bytes JMP 001302F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] user32.DLL!RegisterClipboardFormatW 7694DF8D 5 Bytes JMP 001302B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] user32.DLL!SetCursor 76953075 5 Bytes JMP 00130530
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] user32.DLL!MonitorFromWindow 76953622 7 Bytes JMP 00130630
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] user32.DLL!PostMessageW 7695447B 5 Bytes JMP 001305F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] user32.DLL!IsWindowVisible 76954D69 7 Bytes JMP 001306B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] user32.DLL!GetClientRect 769554DD 7 Bytes JMP 001305B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] user32.DLL!MapWindowPoints 76955CAA 5 Bytes JMP 00130570
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] user32.DLL!GetParent 76956029 7 Bytes JMP 001306F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] user32.DLL!EmptyClipboard 7696290C 5 Bytes JMP 00130130
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] user32.DLL!SetClipboardData 76962962 5 Bytes JMP 00130170
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] user32.DLL!GetClipboardData 76962BA7 5 Bytes JMP 00130030
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] user32.DLL!GetClipboardFormatNameW 76965FD2 5 Bytes JMP 00130230
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] user32.DLL!SetClipboardViewer 76966FF6 5 Bytes JMP 001304B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] user32.DLL!GetClipboardFormatNameA 7696700A 5 Bytes JMP 00130270
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] user32.DLL!ChangeClipboardChain 7697147C 5 Bytes JMP 00130430
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] user32.DLL!GetTopWindow 769724D9 7 Bytes JMP 00130730
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] user32.DLL!CloseClipboard 7697446C 5 Bytes JMP 001300B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] user32.DLL!OpenClipboard 7697447E 5 Bytes JMP 00130070
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] user32.DLL!IsClipboardFormatAvailable 769744FF 5 Bytes JMP 001300F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] user32.DLL!GetClipboardSequenceNumber 76974513 5 Bytes JMP 00130330
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] user32.DLL!GetClipboardOwner 76974525 5 Bytes JMP 00130370
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] user32.DLL!CountClipboardFormats 7697470A 5 Bytes JMP 001301F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] user32.DLL!EnumClipboardFormats 769747EC 5 Bytes JMP 001301B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] user32.DLL!GetOpenClipboardWindow 7697480B 5 Bytes JMP 001303F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] user32.DLL!SetCursorPos 7698C1B0 5 Bytes JMP 00130770
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] user32.DLL!GetClipboardViewer 769A4AF7 5 Bytes JMP 00130470
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] user32.DLL!GetPriorityClipboardFormat 769A4BF9 5 Bytes JMP 001303B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] GDI32.dll!DeleteObject 77BD5F14 5 Bytes JMP 001401B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] GDI32.dll!SelectObject 77BD6640 5 Bytes JMP 001405F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] GDI32.dll!SetTextColor 77BD6906 5 Bytes JMP 00140A30
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] GDI32.dll!SetBkMode 77BD69B1 5 Bytes JMP 001408F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] GDI32.dll!DeleteDC 77BD6EAA 5 Bytes JMP 00140170
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] GDI32.dll!GetDeviceCaps 77BD6F7F 5 Bytes JMP 001403B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] GDI32.dll!ExtSelectClipRgn 77BD7114 5 Bytes JMP 001402F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] GDI32.dll!SelectClipRgn 77BD7242 5 Bytes JMP 001405B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] GDI32.dll!SetStretchBltMode 77BD7705 5 Bytes JMP 001406B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] GDI32.dll!GetCurrentObject 77BD7917 5 Bytes JMP 00140370
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] GDI32.dll!GetTextMetricsW 77BD7B8F 5 Bytes JMP 00140E30
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] GDI32.dll!GetTextAlign 77BD7DAF 5 Bytes JMP 00140D70
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] GDI32.dll!IntersectClipRect 77BD7DFE 5 Bytes JMP 001403F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] GDI32.dll!ExtTextOutW 77BD8192 5 Bytes JMP 00140970
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] GDI32.dll!SetTextAlign 77BD828E 5 Bytes JMP 001409F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] GDI32.dll!GetClipBox 77BD8525 5 Bytes JMP 00140330
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] GDI32.dll!MoveToEx 77BD8C21 5 Bytes JMP 00140470
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] GDI32.dll!StretchDIBits 77BDA53E 5 Bytes JMP 00140770
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] GDI32.dll!RestoreDC 77BDA67B 5 Bytes JMP 00140530
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] GDI32.dll!SaveDC 77BDA74B 5 Bytes JMP 00140570
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] GDI32.dll!GetTextExtentPoint32W 77BDB4B5 5 Bytes JMP 00140670
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] GDI32.dll!GetTextFaceW 77BDB73A 2 Bytes JMP 00140D30
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] GDI32.dll!GetTextFaceW + 3 77BDB73D 2 Bytes [56, 88]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] GDI32.dll!GetFontData 77BDBCC4 5 Bytes JMP 00140C70
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] GDI32.dll!SetWorldTransform 77BDC90A 5 Bytes JMP 001406F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] GDI32.dll!CreateDCA 77BDCCA9 5 Bytes JMP 001400B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] GDI32.dll!CreateDCW 77BDCF79 5 Bytes JMP 001400F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] GDI32.dll!CreateICW 77BDCFD0 5 Bytes JMP 00140130
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] GDI32.dll!GetTextMetricsA 77BDD0F2 5 Bytes JMP 00140DF0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] GDI32.dll!Rectangle 77BDF1FF 5 Bytes JMP 001409B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] GDI32.dll!LineTo 77BDF59B 5 Bytes JMP 00140430
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] GDI32.dll!SetICMMode 77BDFAA4 5 Bytes JMP 00140DB0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] GDI32.dll!ExtTextOutA 77BE03F9 5 Bytes JMP 00140930
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] GDI32.dll!GetTextExtentPoint32A 77BE07B0 5 Bytes JMP 00140630
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] GDI32.dll!ExtEscape 77BE2949 5 Bytes JMP 001402B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] GDI32.dll!Escape 77BE3939 5 Bytes JMP 00140270
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] GDI32.dll!GetTextFaceA 77BE3E6A 5 Bytes JMP 00140CF0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] GDI32.dll!SetPolyFillMode 77BED851 5 Bytes JMP 00140B30
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] GDI32.dll!SetMiterLimit 77BEDA0D 5 Bytes JMP 00140B70
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] GDI32.dll!EndPage 77BF00D7 5 Bytes JMP 00140230
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] GDI32.dll!ResetDCW 77BF050D 5 Bytes JMP 00140AB0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] GDI32.dll!GetGlyphOutlineW 77BFC1BA 5 Bytes JMP 00140CB0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] GDI32.dll!CreateScalableFontResourceW 77BFE817 5 Bytes JMP 00140BB0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] GDI32.dll!AddFontResourceW 77BFEC13 5 Bytes JMP 00140BF0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] GDI32.dll!RemoveFontResourceW 77BFF109 5 Bytes JMP 00140C30
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] GDI32.dll!AbortDoc 77C04C63 5 Bytes JMP 00140030
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] GDI32.dll!EndDoc 77C050AA 5 Bytes JMP 001401F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] GDI32.dll!StartPage 77C05195 5 Bytes JMP 00140730
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] GDI32.dll!StartDocW 77C05BB0 5 Bytes JMP 001407F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] GDI32.dll!BeginPath 77C0635D 5 Bytes JMP 00140830
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] GDI32.dll!SelectClipPath 77C063B4 5 Bytes JMP 00140AF0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] GDI32.dll!CloseFigure 77C0640F 5 Bytes JMP 00140070
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] GDI32.dll!EndPath 77C06466 5 Bytes JMP 00140A70
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] GDI32.dll!StrokePath 77C06699 5 Bytes JMP 001407B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] GDI32.dll!FillPath 77C06726 5 Bytes JMP 00140870
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] GDI32.dll!PolylineTo 77C06B94 5 Bytes JMP 001404F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] GDI32.dll!PolyBezierTo 77C06C25 5 Bytes JMP 001404B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] GDI32.dll!PolyDraw 77C06CD7 5 Bytes JMP 001408B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] ole32.dll!OleSetClipboard 763C0045 5 Bytes JMP 00160030
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] ole32.dll!OleIsCurrentClipboard 763C36B2 5 Bytes JMP 00160070
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe[5180] ole32.dll!OleGetClipboard 763EFDCD 5 Bytes JMP 001600B0
.text C:\Windows\explorer.exe[5312] kernel32.dll!CreateProcessW 778B204D 5 Bytes JMP 03313DC4
.text C:\Windows\explorer.exe[5312] ADVAPI32.dll!CreateProcessAsUserW 7606C592 5 Bytes JMP 03313B6C
.text C:\Windows\explorer.exe[5312] wininet.DLL!InternetCloseHandle 761B3CC2 5 Bytes JMP 03312B74
.text C:\Windows\explorer.exe[5312] wininet.DLL!HttpQueryInfoA 761B6AB7 5 Bytes JMP 03312AA4
.text C:\Windows\explorer.exe[5312] wininet.DLL!HttpQueryInfoW 761B7202 5 Bytes JMP 03312B0C
.text C:\Windows\explorer.exe[5312] wininet.DLL!HttpSendRequestW 761B76E6 5 Bytes JMP 033104F8
.text C:\Windows\explorer.exe[5312] wininet.DLL!HttpOpenRequestW 761B7E1D 5 Bytes JMP 0330EAC8
.text C:\Windows\explorer.exe[5312] wininet.DLL!InternetConnectW 761BAC54 5 Bytes JMP 0330E1C0
.text C:\Windows\explorer.exe[5312] wininet.DLL!InternetQueryDataAvailable 7620A1AD 5 Bytes JMP 03311400
.text C:\Windows\explorer.exe[5312] wininet.DLL!InternetReadFile 7620A5EF 5 Bytes JMP 0331192C
.text C:\Windows\explorer.exe[5312] wininet.DLL!InternetReadFileExW 76211A4B 5 Bytes JMP 033122DC
.text C:\Windows\explorer.exe[5312] wininet.DLL!InternetReadFileExA 76211AA2 5 Bytes JMP 03311B14
.text C:\Windows\explorer.exe[5312] wininet.DLL!InternetOpenA 7622EAF8 5 Bytes JMP 0330E16C
.text C:\Windows\explorer.exe[5312] wininet.DLL!InternetConnectA 7625F6B3 5 Bytes JMP 0330E3A0
.text C:\Windows\explorer.exe[5312] wininet.DLL!HttpSendRequestA 76285876 5 Bytes JMP 0330FD80
.text C:\Windows\explorer.exe[5312] wininet.DLL!HttpOpenRequestA 76285B15 5 Bytes JMP 0330ED1C
---- Devices - GMER 2.1 ----
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{6B683E0E-1505-488C-8053-3C1301924246}\Linkage@Bind \Device\{CAF87DC8-9EAF-4A4B-9191-612F9A386DB8}?\Device\{AA545348-63AE-4B34-906E-A7345A340833}?\Device\{34B32756-4FD2-43AB-A9D3-5E9027F85821}?
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{6B683E0E-1505-488C-8053-3C1301924246}\Linkage@Route "{CAF87DC8-9EAF-4A4B-9191-612F9A386DB8}"?"{AA545348-63AE-4B34-906E-A7345A340833}"?"{34B32756-4FD2-43AB-A9D3-5E9027F85821}"?
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{6B683E0E-1505-488C-8053-3C1301924246}\Linkage@Export \Device\TCPIP6TUNNEL_{CAF87DC8-9EAF-4A4B-9191-612F9A386DB8}?\Device\TCPIP6TUNNEL_{AA545348-63AE-4B34-906E-A7345A340833}?\Device\TCPIP6TUNNEL_{34B32756-4FD2-43AB-A9D3-5E9027F85821}?
Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{AA545348-63AE-4B34-906E-A7345A340833}@InterfaceName isatap.{B23AD125-C9B4-4D84-9572-03610279EA18}
Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{AA545348-63AE-4B34-906E-A7345A340833}@ReusableType 0
Reg HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch2@Epoch 13238
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x7D 0x9A 0xB2 0x33 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x43 0xF7 0x59 0xD4 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xC0 0x5F 0x06 0x5B ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x7D 0x9A 0xB2 0x33 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x43 0xF7 0x59 0xD4 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xC0 0x5F 0x06 0x5B ...
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ----
endlich geschafft...sorry für die verspätung |
|
11.06.2013, 20:26
| #8 |
| /// TB-Ausbilder | Trojaner TR/Spy.Banker.YF - Online Banking Probleme So, dann legen wir los. Schritt 1
Schritt 2 Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Schritt 3 Scan mit Combofix
Schritt 3 Starte bitte die OTL.exe.
Bitte poste in deiner nächsten Antwort:
__________________ cheers, Leo |
|
11.06.2013, 21:24
| #9 |
| | Trojaner TR/Spy.Banker.YF - Online Banking Probleme AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v2.303 - Datei am 11/06/2013 um 21:49:47 erstellt
# Aktualisiert am 08/06/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Benutzer : Carina - CARINA-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Carina\Downloads\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml
Datei Gelöscht : C:\Program Files\Mozilla FireFox\searchplugins\Search_Results.xml
Datei Gelöscht : C:\Program Files\Mozilla Firefox\searchplugins\SearchResults.xml
Datei Gelöscht : C:\Users\Carina\AppData\Local\Temp\Uninstall.exe
Datei Gelöscht : C:\Users\Carina\AppData\Roaming\Mozilla\Firefox\Profiles\gnlkn1dv.default\searchplugins\Web Search.xml
Datei Gelöscht : C:\Windows\Tasks\AmiUpdXp.job
Ordner Gelöscht : C:\Program Files\Ask.com
Ordner Gelöscht : C:\Program Files\Common Files\DVDVideoSoft\TB
Ordner Gelöscht : C:\Program Files\DAEMON Tools Toolbar
Ordner Gelöscht : C:\Program Files\ICQ6Toolbar
Ordner Gelöscht : C:\Program Files\Search Results Toolbar
Ordner Gelöscht : C:\Program Files\SweetIM
Ordner Gelöscht : C:\Program Files\Windows iLivid Toolbar
Ordner Gelöscht : C:\ProgramData\Ask
Ordner Gelöscht : C:\ProgramData\boost_interprocess
Ordner Gelöscht : C:\ProgramData\ICQ\ICQToolbar
Ordner Gelöscht : C:\Users\Carina\AppData\Local\APN
Ordner Gelöscht : C:\Users\Carina\AppData\Local\PackageAware
Ordner Gelöscht : C:\Users\Carina\AppData\Local\SwvUpdater
Ordner Gelöscht : C:\Users\Carina\AppData\LocalLow\AskToolbar
Ordner Gelöscht : C:\Users\Carina\AppData\LocalLow\searchquband
Ordner Gelöscht : C:\Users\Carina\AppData\LocalLow\Searchqutoolbar
Ordner Gelöscht : C:\Users\Carina\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gelöscht : C:\Users\Carina\AppData\Roaming\OpenCandy
Ordner Gelöscht : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Ordner Gelöscht : C:\Windows\system32\WNLT
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\APN
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\AskToolbar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\searchqutoolbar
Schlüssel Gelöscht : HKCU\Software\Ask.com
Schlüssel Gelöscht : HKCU\Software\BI
Schlüssel Gelöscht : HKCU\Software\DataMngr
Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar
Schlüssel Gelöscht : HKCU\Software\ilivid
Schlüssel Gelöscht : HKCU\Software\IM
Schlüssel Gelöscht : HKCU\Software\ImInstaller
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D717F81-9148-4F12-8568-69135F087DB0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F34C9277-6577-4DFF-B2D7-7D58092F272F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{32099AAC-C132-4136-9E9A-4E364A424E17}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{58124A0B-DC32-4180-9BFF-E0E21AE34026}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9D717F81-9148-4F12-8568-69135F087DB0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F34C9277-6577-4DFF-B2D7-7D58092F272F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{32099AAC-C132-4136-9E9A-4E364A424E17}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D717F81-9148-4F12-8568-69135F087DB0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F34C9277-6577-4DFF-B2D7-7D58092F272F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gelöscht : HKCU\Software\SmartBar
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKLM\Software\APN
Schlüssel Gelöscht : HKLM\Software\AskToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{AC662AF2-4601-4A68-84DF-A3FE83F1A5F9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D97A8234-F2A2-4AD4-91D5-FECDB2C553AF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\BrowserConnection.dll
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\DNSBHO.dll
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Applications\ilividsetup.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BrowserConnection.Loader
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BrowserConnection.Loader.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{63E471BB-23F1-3A92-8D43-4079E7B7FA8E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{9D717F81-9148-4F12-8568-69135F087DB0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{9FF9AE6F-4553-41A7-B645-B0E88850EABF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{B397BC55-576C-39E6-BF64-9E2A96317447}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{B973AB12-952F-31C4-A321-E8FA6FE4421E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CE4DB5A3-58E6-41F1-8761-47238DF4F468}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EC5983DF-8DE2-31B5-989F-850F265E7F3C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F34C9277-6577-4DFF-B2D7-7D58092F272F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FEFD3AF5-A346-4451-AA23-A3AD54915515}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\DnsBHO.BHO
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\DnsBHO.BHO.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\DTToolbar.ToolBandObj
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\DTToolbar.ToolBandObj.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iLividIEHelper.DNSGuard
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iLividIEHelper.DNSGuard.1
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{44B619BC-3D2B-4990-AA4F-9AA366921792}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\LinkurySmartBar.BHO
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\LinkurySmartBar.DockingPanel
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\LinkurySmartBar.LinkuryMenuForm
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\LinkurySmartBar.LinkurySmartBar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\LinkurySmartBar.LinkurySmartBarBandObject
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{5B4144E1-B61D-495A-9A50-CD1A95D86D15}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{75E8DA27-44AF-40AE-927C-F2EEC99D65B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{841D5A49-E48D-413C-9C28-EB3D9081D705}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Updater.AmiUpd
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Updater.AmiUpd.1
Schlüssel Gelöscht : HKLM\Software\iLividSRTB
Schlüssel Gelöscht : HKLM\Software\Iminent
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F34C9277-6577-4DFF-B2D7-7D58092F272F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F994E0D9-8335-48F1-99C2-A712C21F8D5F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\BundleSweetIMSetup_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\BundleSweetIMSetup_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\iLivid_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\iLivid_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\iLividMediaBar_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\iLividMediaBar_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetup_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetup_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D717F81-9148-4F12-8568-69135F087DB0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\120DFADEB50841F408F04D2A278F9509
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2BDF3E992C0908741B7C11F4B4E0F775
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6B3BC4CF5ECE1F54BBA174C13A1AB907
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D0E499F53381f84992C7A212CF1D8F5
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B5BAE2ED018083A4C8DA86D6E3F4B024
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BEABAA33A5E68374DBF197F2A00CD011
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CB61AF52AD64B6B45930BE969F316720
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\bi_uninstaller
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Search Results Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows Searchqu Toolbar
Schlüssel Gelöscht : HKLM\Software\SearchquMediabarTb
Schlüssel Gelöscht : HKLM\SOFTWARE\Software
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{32099AAC-C132-4136-9E9A-4E364A424E17}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{32099AAC-C132-4136-9E9A-4E364A424E17}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{99079A25-328F-4BD4-BE04-00955ACAA0A7}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [10]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
***** [Internet Browser] *****
-\\ Internet Explorer v10.0.9200.16576
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Search Page] = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=bcf71921-e89e-4762-a1b5-f3d26650e9e2&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}&installDate=01/01/1970 --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=bcf71921-e89e-4762-a1b5-f3d26650e9e2&affid=111583&searchtype=hp&babsrc=lnkry_nt&installDate=01/01/1970 --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - ICQ Search] = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Search Bar] = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=bcf71921-e89e-4762-a1b5-f3d26650e9e2&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}&installDate=01/01/1970 --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Search - Default_Search_URL] = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=bcf71921-e89e-4762-a1b5-f3d26650e9e2&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}&installDate=01/01/1970 --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=bcf71921-e89e-4762-a1b5-f3d26650e9e2&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}&installDate=01/01/1970 --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\SearchUrl - Default] = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=bcf71921-e89e-4762-a1b5-f3d26650e9e2&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}&installDate=01/01/1970 --> hxxp://www.google.com
Ersetzt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl - Default] = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDY&co=TJ&userid=bcf71921-e89e-4762-a1b5-f3d26650e9e2&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms} --> hxxp://www.google.com
-\\ Mozilla Firefox v21.0 (de)
Datei : C:\Users\Carina\AppData\Roaming\Mozilla\Firefox\Profiles\gnlkn1dv.default\prefs.js
Gelöscht : user_pref("browser.search.defaultenginename", "SweetIM Search");
Gelöscht : user_pref("browser.search.selectedEngine", "Web Search");
Gelöscht : user_pref("browser.startup.homepage", "hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=[...]
Gelöscht : user_pref("extensions.helperbar.SmartbarDisabled", false);
Gelöscht : user_pref("extensions.helperbar.SmartbarStateMinimaized", false);
Gelöscht : user_pref("keyword.URL", "hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=bcf71921-e89e[...]
-\\ Google Chrome v27.0.1453.110
Datei : C:\Users\Carina\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
*************************
AdwCleaner[S1].txt - [27388 octets] - [11/06/2013 21:49:47]
########## EOF - C:\AdwCleaner[S1].txt - [27449 octets] ##########
Combofix Logfile: Code:
ATTFilter ComboFix 13-06-08.02 - Carina 11.06.2013 22:00:17.1.4 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.2935.1233 [GMT 2:00]
ausgeführt von:: c:\users\Carina\Desktop\ComboFix.exe
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\users\Carina\AppData\Roaming\17001.006
c:\users\Carina\AppData\Roaming\17001.006\chrome.manifest
c:\users\Carina\AppData\Roaming\17001.006\components\AcroFF.txt
c:\users\Carina\AppData\Roaming\17001.006\install.rdf
c:\users\Carina\AppData\Roaming\AcroIEHelpe.txt
c:\users\Carina\AppData\Roaming\nz966p5a.default.tmp
c:\users\Carina\AppData\Roaming\srvblck5.tmp
c:\users\Carina\AppData\Roaming\videoqhmem.exe
c:\users\Carina\AppData\Roaming\Yntyyf
c:\users\Carina\AppData\Roaming\Yntyyf\ycyh.xoi
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-05-11 bis 2013-06-11 ))))))))))))))))))))))))))))))
.
.
2013-06-11 20:11 . 2013-06-11 20:12 -------- d-----w- c:\users\Carina\AppData\Local\temp
2013-06-11 20:11 . 2013-06-11 20:11 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-06-11 05:37 . 2013-06-11 05:37 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2013-06-10 20:29 . 2013-06-10 20:29 -------- d-----w- c:\users\Carina\AppData\Roaming\Malwarebytes
2013-06-10 20:29 . 2013-06-10 20:29 -------- d-----w- c:\programdata\Malwarebytes
2013-06-10 20:29 . 2013-04-04 12:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-06-10 20:29 . 2013-06-10 20:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-06-10 05:39 . 2013-06-10 05:39 -------- d--h--w- c:\users\Carina\AppData\Roaming\Brokxkwet
2013-06-08 12:11 . 2013-06-08 12:11 -------- d-----w- c:\programdata\McAfee
2013-06-08 10:28 . 2013-06-11 20:05 60872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1FF692E1-87FF-4E5C-974C-F5279CBBA698}\offreg.dll
2013-06-07 13:33 . 2013-05-13 06:19 7016152 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1FF692E1-87FF-4E5C-974C-F5279CBBA698}\mpengine.dll
2013-05-24 21:42 . 2013-05-24 21:42 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-05-24 12:27 . 2013-05-24 12:27 262552 ----a-w- c:\program files\Mozilla Firefox\browser\components\browsercomps.dll
2013-05-22 13:41 . 2013-05-22 13:41 -------- d-----w- c:\users\Carina\Tracing
2013-05-22 13:41 . 2013-05-22 13:41 -------- d-----w- c:\program files\7-Zip
2013-05-22 13:40 . 2013-05-16 12:02 632656 ----a-w- c:\windows\system32\msvcr80.dll
2013-05-22 13:40 . 2013-05-16 12:02 554832 ----a-w- c:\windows\system32\msvcp80.dll
2013-05-22 13:40 . 2013-05-16 12:02 479232 ----a-w- c:\windows\system32\msvcm80.dll
2013-05-18 08:14 . 2013-04-10 05:18 728424 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-05-18 08:14 . 2013-04-10 05:18 218984 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2013-05-18 08:14 . 2013-04-10 03:14 2347520 ----a-w- c:\windows\system32\win32k.sys
2013-05-18 08:13 . 2013-03-19 04:53 186368 ----a-w- c:\windows\system32\wwansvc.dll
2013-05-18 08:13 . 2013-03-19 03:33 40960 ----a-w- c:\windows\system32\wwanprotdim.dll
2013-05-18 08:13 . 2013-02-27 05:05 101720 ----a-w- c:\windows\system32\consent.exe
2013-05-18 08:13 . 2013-02-27 04:49 1796096 ----a-w- c:\windows\system32\authui.dll
2013-05-18 08:13 . 2013-02-27 04:49 47104 ----a-w- c:\windows\system32\appinfo.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-16 18:06 . 2012-07-14 16:35 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-05-16 18:06 . 2011-09-05 16:59 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-14 09:54 . 2011-03-28 10:36 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-10 08:07 . 2013-05-10 08:08 66656 ----a-w- c:\windows\system32\drivers\avnetflt.sys
2013-05-02 00:06 . 2010-06-28 23:04 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-04-13 04:45 . 2013-05-18 08:14 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-18 08:14 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-04-12 13:45 . 2013-04-27 16:14 1211752 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-01 12:28 . 2012-10-18 16:53 84744 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2013-04-01 12:28 . 2012-10-18 16:53 37352 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2013-04-01 12:28 . 2012-10-18 16:53 135136 ----a-w- c:\windows\system32\drivers\avipbb.sys
2013-03-19 05:04 . 2013-04-14 09:35 3968856 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-03-19 05:04 . 2013-04-14 09:35 3913560 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-19 04:48 . 2013-04-14 09:35 38912 ----a-w- c:\windows\system32\csrsrv.dll
2013-03-19 02:49 . 2013-04-14 09:35 69632 ----a-w- c:\windows\system32\smss.exe
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-11-14 17:41 220632 ----a-w- c:\users\Carina\AppData\Local\Microsoft\SkyDrive\16.4.6003.0710_1\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-11-14 17:41 220632 ----a-w- c:\users\Carina\AppData\Local\Microsoft\SkyDrive\16.4.6003.0710_1\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-11-14 17:41 220632 ----a-w- c:\users\Carina\AppData\Local\Microsoft\SkyDrive\16.4.6003.0710_1\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2012-10-24 17:19 2042528 ----a-w- c:\program files\Microsoft Office 15\root\office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2012-10-24 17:19 2042528 ----a-w- c:\program files\Microsoft Office 15\root\office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2012-10-24 17:19 2042528 ----a-w- c:\program files\Microsoft Office 15\root\office15\grooveex.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Facebook Update"="c:\users\Carina\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-12 138096]
"RESTART_STICKY_NOTES"="c:\windows\System32\StikyNot.exe" [2009-07-14 354304]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-04-19 18678376]
"puoomizl"="c:\users\Carina\AppData\Roaming\Brokxkwet\twdnwypmizl.exe" [2013-06-10 141312]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-04-23 9177632]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RtHDVBg.exe" [2010-04-23 1423904]
"HotkeyApp"="c:\program files\Launch Manager\HotkeyApp.exe" [2009-12-14 200704]
"LMgrVolOSD"="c:\program files\Launch Manager\OSD.exe" [2009-12-11 348960]
"Wbutton"="c:\program files\Launch Manager\Wbutton.exe" [2010-01-13 413696]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-12-11 1594664]
"CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2009-11-02 103720]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2010-07-12 74752]
"Luxand Blink!"="c:\program files\Luxand\Blink!\LuxandBlinkTray.exe" [2010-10-18 7143224]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-01-10 142616]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-01-10 177432]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-01-10 177944]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2013-05-10 345312]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-05-11 958576]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Google Update"="c:\users\Carina\AppData\Local\Google\Update\GoogleUpdate.exe" /c
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
.
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-10-02 3064000]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-02-28 161384]
R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-27 132480]
R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-02-03 232960]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2013-06-11 40776]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys [2010-05-24 193056]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2012-04-14 1343400]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-09-22 691696]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2013-04-01 37352]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2013-04-01 86752]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]
S2 OfficeSvc;Microsoft Office Service;c:\program files\Microsoft Office 15\ClientX86\integratedoffice.exe [2012-09-11 1034880]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-12-10 2320920]
S2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2009-10-09 493248]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x86.sys [2009-07-13 50688]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [2010-03-02 1006624]
S3 WisLMSvc;WisLMSvc;c:\program files\Launch Manager\WisLMSvc.exe [2009-10-23 118560]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-06-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-14 18:06]
.
2013-06-10 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3410650692-588603448-4288098186-1000Core.job
- c:\users\Carina\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-05 12:24]
.
2013-06-11 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3410650692-588603448-4288098186-1000UA.job
- c:\users\Carina\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-05 12:24]
.
2013-06-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-06-17 15:56]
.
2013-06-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-06-17 15:56]
.
2013-06-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3410650692-588603448-4288098186-1000Core.job
- c:\users\Carina\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-18 01:02]
.
2013-06-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3410650692-588603448-4288098186-1000UA.job
- c:\users\Carina\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-18 01:02]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com
uInternet Settings,ProxyServer = 193.196.5.253:3128
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com
IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\ICQ7.5\ICQ.exe
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Carina\AppData\Roaming\Mozilla\Firefox\Profiles\gnlkn1dv.default\
FF - prefs.js: browser.search.defaulturl -
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
HKCU-Run-dnsr - c:\users\Carina\AppData\Roaming\dnsr.exe
HKCU-Run-videoqhmem - c:\users\Carina\AppData\Roaming\videoqhmem.exe
HKLM-Run-ROC_ROC_NT - c:\program files\AVG Secure Search\ROC_ROC_NT.exe
SafeBoot-BsScanner
AddRemove-DAEMON Tools Toolbar - c:\program files\DAEMON Tools Toolbar\uninst.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-06-11 22:18:53
ComboFix-quarantined-files.txt 2013-06-11 20:18
.
Vor Suchlauf: 7 Verzeichnis(se), 267.098.808.320 Bytes frei
Nach Suchlauf: 12 Verzeichnis(se), 267.541.602.304 Bytes frei
.
- - End Of File - - 4762ED62930A289B0C12ABEB54D1EBF8
8A1C59E4DFEF87510470928550466632 OTL Logfile: Code:
ATTFilter OTL logfile created on: 6/11/2013 10:20:00 PM - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Carina\Downloads Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16576) Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2.87 Gb Total Physical Memory | 1.66 Gb Available Physical Memory | 57.96% Memory free 5.73 Gb Paging File | 4.40 Gb Available in Paging File | 76.70% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 424.66 Gb Total Space | 249.23 Gb Free Space | 58.69% Space Free | Partition Type: NTFS Drive D: | 40.00 Gb Total Space | 21.60 Gb Free Space | 53.99% Space Free | Partition Type: NTFS Computer Name: CARINA-PC | User Name: Carina | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013/06/11 16:22:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Carina\Downloads\OTL.exe PRC - [2013/05/11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2013/05/10 10:06:59 | 000,345,312 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2013/04/01 14:28:15 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2013/04/01 14:27:38 | 000,079,584 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe PRC - [2013/04/01 14:27:33 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2012/09/11 17:30:18 | 001,034,880 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office 15\ClientX86\integratedoffice.exe PRC - [2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010/07/12 18:32:48 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Winamp\winampa.exe PRC - [2010/04/23 16:53:10 | 001,423,904 | ---- | M] (Realtek Semiconductor) -- C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe PRC - [2010/03/04 05:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2010/01/13 19:18:30 | 000,413,696 | ---- | M] (Wistron Corp.) -- C:\Program Files\Launch Manager\WButton.exe PRC - [2009/12/14 20:25:00 | 000,200,704 | ---- | M] (Wistron) -- C:\Program Files\Launch Manager\HotkeyApp.exe PRC - [2009/12/12 00:18:16 | 000,348,960 | ---- | M] (Wistron Corp.) -- C:\Program Files\Launch Manager\OSD.exe PRC - [2009/12/10 08:48:26 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2009/12/10 08:48:24 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2009/11/02 23:21:26 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe PRC - [2009/10/23 02:05:40 | 000,118,560 | ---- | M] (Wistron Corp.) -- C:\Program Files\Launch Manager\WisLMSvc.exe PRC - [2009/10/09 17:07:20 | 000,493,248 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe PRC - [2009/09/10 15:12:10 | 000,185,632 | ---- | M] (Protexis Inc.) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe PRC - [2009/07/14 03:14:41 | 000,354,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\StikyNot.exe ========== Modules (No Company Name) ========== MOD - [2013.05.24 14:27:33 | 003,128,728 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll MOD - [2012.10.24 19:12:50 | 006,307,952 | ---- | M] () -- C:\Program Files\Microsoft Office 15\root\office15\1033\grooveintlresource.dll MOD - [2012.01.10 15:12:12 | 000,094,208 | ---- | M] () -- C:\Windows\System32\IccLibDll.dll MOD - [2009.11.02 23:23:36 | 000,013,096 | ---- | M] () -- C:\Program Files\CyberLink\Power2Go\CLMLSvcPS.dll MOD - [2009.11.02 23:20:10 | 000,619,816 | ---- | M] () -- C:\Program Files\CyberLink\Power2Go\CLMediaLibrary.dll ========== Services (SafeList) ========== SRV - [2013.05.16 20:06:39 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.05.11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2013.04.01 14:28:15 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2013.04.01 14:27:33 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2013.02.28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.10.02 13:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Stopped] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service) SRV - [2012.09.11 17:30:18 | 001,034,880 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Office 15\ClientX86\integratedoffice.exe -- (OfficeSvc) SRV - [2012.04.14 17:05:13 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc) SRV - [2010.03.04 05:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2009.12.10 08:48:26 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2009.12.10 08:48:24 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2009.10.23 02:05:40 | 000,118,560 | ---- | M] (Wistron Corp.) [On_Demand | Running] -- C:\Program Files\Launch Manager\WisLMSvc.exe -- (WisLMSvc) SRV - [2009.10.09 17:07:20 | 000,493,248 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent) SRV - [2009.09.10 15:12:10 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2) SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Unknown] -- C:\ComboFix\mbr.sys -- (mbr) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbmdm.sys -- (hwdatacard) DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\Carina\AppData\Local\Temp\catchme.sys -- (catchme) DRV - [2013.06.11 07:37:56 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy) DRV - [2013.04.01 14:28:32 | 000,135,136 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2013.04.01 14:28:32 | 000,084,744 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2013.04.01 14:28:32 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2012.08.27 15:50:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2010.12.18 13:03:56 | 000,021,696 | ---- | M] (Almico Software) [Kernel | Boot | Running] -- C:\Windows\System32\speedfan.sys -- (speedfan) DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010.09.22 20:19:26 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sptd.sys -- (sptd) DRV - [2010.05.24 15:46:34 | 000,193,056 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV - [2010.03.02 13:24:58 | 001,006,624 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rtl8192se.sys -- (rtl8192se) DRV - [2010.02.27 05:01:22 | 000,132,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Impcd.sys -- (Impcd) DRV - [2010.02.03 19:06:34 | 000,232,960 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\IntcDAud.sys -- (IntcDAud) DRV - [2009.10.09 16:50:48 | 000,020,152 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vpnva.sys -- (vpnva) DRV - [2009.09.18 04:54:14 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI) DRV - [2009.07.14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp) DRV - [2009.07.14 00:02:47 | 000,050,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C) DRV - [1996.04.03 21:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\giveio.sys -- (giveio) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://medion.msn.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com IE - HKCU\..\SearchScopes,DefaultScope = IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 193.196.5.253:3128 ========== FireFox ========== FF - prefs.js..browser.search.defaulturl: "" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Carina\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Carina\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Carina\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.06.08 14:10:46 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{33044118-6597-4D2F-ABEA-7974BB185379}: C:\Users\Carina\AppData\Roaming\17001.006 [2013.06.11 21:43:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Carina\AppData\Roaming\mozilla\Extensions [2011.03.14 23:19:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Carina\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2013.06.11 21:41:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Carina\AppData\Roaming\mozilla\Firefox\Profiles\gnlkn1dv.default\extensions [2013.06.11 21:43:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2012.11.06 18:11:48 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013.05.24 14:27:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions [2013.05.24 14:27:34 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2012.03.31 12:47:57 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2010.07.12 18:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll ========== Chrome ========== CHR - homepage: hxxp://start.iminent.com/?appId=88DA0528-E556-4B54-8EBF-653911D9816D CHR - Extension: No name found = C:\Users\Carina\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: No name found = C:\Users\Carina\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: No name found = C:\Users\Carina\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2013.06.11 22:12:34 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Microsoft SPFS Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\office15\grooveex.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe (Wistron) O4 - HKLM..\Run: [LMgrVolOSD] C:\Program Files\Launch Manager\OSD.exe (Wistron Corp.) O4 - HKLM..\Run: [Luxand Blink!] C:\Program Files\Luxand\Blink!\LuxandBlinkTray.exe (Luxand, Inc.) O4 - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Wbutton] C:\Program Files\Launch Manager\Wbutton.exe (Wistron Corp.) O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.) O4 - HKCU..\Run: [Facebook Update] C:\Users\Carina\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) O4 - HKCU..\Run: [puoomizl] C:\Users\Carina\AppData\Roaming\Brokxkwet\twdnwypmizl.exe (Advanced Micro Devices, Inc.) O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe (Microsoft Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{010B9879-A692-401A-AE4C-02616152CCA3}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4C303074-C9F1-4EE6-A9FB-97E51046D57B}: DhcpNameServer = 83.169.184.225 83.169.184.161 O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\msosb.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.06.11 22:19:12 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013.06.11 22:19:06 | 000,000,000 | ---D | C] -- C:\Users\Carina\AppData\Local\temp [2013.06.11 21:55:51 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013.06.11 21:55:51 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013.06.11 21:55:51 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013.06.11 21:54:06 | 000,000,000 | ---D | C] -- C:\Qoobox [2013.06.11 21:53:40 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013.06.11 21:52:40 | 005,078,680 | R--- | C] (Swearware) -- C:\Users\Carina\Desktop\ComboFix.exe [2013.06.11 07:37:56 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2013.06.10 22:29:48 | 000,000,000 | ---D | C] -- C:\Users\Carina\AppData\Roaming\Malwarebytes [2013.06.10 22:29:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.06.10 22:29:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.06.10 22:29:29 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2013.06.10 22:29:28 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2013.06.10 07:39:29 | 000,000,000 | -H-D | C] -- C:\Users\Carina\AppData\Roaming\Brokxkwet [2013.06.08 14:11:18 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee [2013.06.08 14:09:30 | 000,000,000 | ---D | C] -- C:\Config.Msi [2013.05.22 15:41:56 | 000,000,000 | ---D | C] -- C:\Users\Carina\AppData\Local\{12B5A6C9-392E-4189-8121-18B4EF705BB0} [2013.05.22 15:41:10 | 000,000,000 | ---D | C] -- C:\Users\Carina\Tracing [2013.05.22 15:41:07 | 000,000,000 | ---D | C] -- C:\Users\Carina\Local Settings [2013.05.22 15:41:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip [2013.05.22 15:41:05 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip [2013.05.18 23:42:33 | 000,000,000 | ---D | C] -- C:\Users\Carina\Desktop\Lieder [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.06.11 22:12:34 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2013.06.11 21:58:59 | 000,009,920 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.06.11 21:58:58 | 000,009,920 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.06.11 21:53:06 | 005,078,680 | R--- | M] (Swearware) -- C:\Users\Carina\Desktop\ComboFix.exe [2013.06.11 21:51:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.06.11 21:51:05 | 2307,862,528 | -HS- | M] () -- C:\hiberfil.sys [2013.06.11 07:59:30 | 000,000,020 | ---- | M] () -- C:\Users\Carina\defogger_reenable [2013.06.11 07:37:56 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2013.06.11 06:34:24 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3410650692-588603448-4288098186-1000UA.job [2013.06.11 06:34:11 | 000,001,142 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3410650692-588603448-4288098186-1000UA.job [2013.06.11 06:34:11 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.06.11 06:34:03 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.06.10 22:29:36 | 000,001,068 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.06.10 22:01:53 | 000,081,170 | ---- | M] () -- C:\Users\Carina\Desktop\Unbenannt.JPG [2013.06.10 20:29:00 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3410650692-588603448-4288098186-1000Core.job [2013.06.10 17:52:13 | 000,001,072 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3410650692-588603448-4288098186-1000Core.job [2013.06.10 17:48:18 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.06.08 14:10:47 | 000,001,990 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk [2013.06.08 12:31:49 | 000,046,709 | ---- | M] () -- C:\Users\Carina\Desktop\Anschreiben.pdf [2013.06.08 12:28:55 | 000,047,080 | ---- | M] () -- C:\Users\Carina\Desktop\Lebenslauf aktuell.pdf [2013.05.24 23:43:22 | 000,025,185 | ---- | M] () -- C:\Windows\System32\ieuinit.inf [2013.05.19 12:43:50 | 019,491,452 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.05.19 12:43:50 | 006,254,796 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.05.19 12:43:50 | 000,300,186 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.05.19 12:43:50 | 000,038,050 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.05.19 10:38:25 | 000,482,288 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.06.11 21:55:51 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013.06.11 21:55:51 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013.06.11 21:55:51 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013.06.11 21:55:51 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013.06.11 21:55:51 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013.06.11 07:59:01 | 000,000,020 | ---- | C] () -- C:\Users\Carina\defogger_reenable [2013.06.10 22:29:36 | 000,001,068 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.06.10 22:01:52 | 000,081,170 | ---- | C] () -- C:\Users\Carina\Desktop\Unbenannt.JPG [2013.06.08 14:10:47 | 000,001,990 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk [2013.06.08 14:10:46 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk [2013.06.08 12:31:48 | 000,046,709 | ---- | C] () -- C:\Users\Carina\Desktop\Anschreiben.pdf [2013.05.24 23:43:22 | 000,025,185 | ---- | C] () -- C:\Windows\System32\ieuinit.inf [2013.03.02 17:49:09 | 000,001,493 | ---- | C] () -- C:\Users\Carina\AppData\Local\recently-used.xbel [2013.02.11 14:55:33 | 000,000,306 | RHS- | C] () -- C:\Users\Carina\ntuser.pol [2012.12.12 21:31:10 | 000,000,016 | ---- | C] () -- C:\Users\Carina\AppData\Roaming\blckdom.res [2012.04.17 14:19:34 | 000,044,544 | ---- | C] () -- C:\Windows\System32\Gif89.dll [2012.01.10 16:17:08 | 000,128,204 | ---- | C] () -- C:\Windows\System32\igcompkrng575.bin [2012.01.10 16:17:04 | 000,105,608 | ---- | C] () -- C:\Windows\System32\igfcg575m.bin [2012.01.10 16:17:02 | 000,867,020 | ---- | C] () -- C:\Windows\System32\igkrng575.bin [2012.01.10 15:29:54 | 013,904,384 | ---- | C] () -- C:\Windows\System32\ig4icd32.dll [2012.01.10 15:14:34 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll [2012.01.10 15:12:12 | 000,094,208 | ---- | C] () -- C:\Windows\System32\IccLibDll.dll [2011.09.08 14:08:51 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat [2011.07.29 13:07:37 | 000,000,000 | ---- | C] () -- C:\Users\Carina\AppData\Local\{0EEABC5A-FE6A-4FE2-A456-A99DF4A69A68} [2011.06.14 20:07:19 | 000,000,000 | ---- | C] () -- C:\Users\Carina\AppData\Local\C [2011.03.12 16:13:31 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys ========== ZeroAccess Check ========== [2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2010.11.19 21:10:43 | 000,000,000 | ---D | M] -- C:\Users\Carina\AppData\Roaming\Ashampoo [2012.11.10 16:56:57 | 000,000,000 | ---D | M] -- C:\Users\Carina\AppData\Roaming\Avbe [2013.06.10 07:39:29 | 000,000,000 | -H-D | M] -- C:\Users\Carina\AppData\Roaming\Brokxkwet [2012.11.14 20:45:28 | 000,000,000 | ---D | M] -- C:\Users\Carina\AppData\Roaming\Daeds [2010.09.22 20:28:45 | 000,000,000 | ---D | M] -- C:\Users\Carina\AppData\Roaming\DAEMON Tools Lite [2010.11.01 15:21:29 | 000,000,000 | ---D | M] -- C:\Users\Carina\AppData\Roaming\digital publishing [2012.01.28 16:48:14 | 000,000,000 | ---D | M] -- C:\Users\Carina\AppData\Roaming\elsterformular [2012.12.17 18:44:48 | 000,000,000 | ---D | M] -- C:\Users\Carina\AppData\Roaming\Evky [2012.11.16 18:03:28 | 000,000,000 | ---D | M] -- C:\Users\Carina\AppData\Roaming\Fahaf [2011.09.29 16:14:16 | 000,000,000 | ---D | M] -- C:\Users\Carina\AppData\Roaming\Faxtxt [2011.03.23 19:32:10 | 000,000,000 | ---D | M] -- C:\Users\Carina\AppData\Roaming\gtk-2.0 [2013.05.22 15:43:26 | 000,000,000 | ---D | M] -- C:\Users\Carina\AppData\Roaming\ICQ [2012.12.12 21:31:01 | 000,000,000 | ---D | M] -- C:\Users\Carina\AppData\Roaming\kock [2011.05.22 15:16:29 | 000,000,000 | ---D | M] -- C:\Users\Carina\AppData\Roaming\Luxand [2011.03.16 19:18:34 | 000,000,000 | ---D | M] -- C:\Users\Carina\AppData\Roaming\OpenOffice.org [2011.03.31 20:15:17 | 000,000,000 | ---D | M] -- C:\Users\Carina\AppData\Roaming\SoftGrid Client [2010.11.10 18:29:29 | 000,000,000 | ---D | M] -- C:\Users\Carina\AppData\Roaming\T-Online [2011.03.14 23:19:26 | 000,000,000 | ---D | M] -- C:\Users\Carina\AppData\Roaming\Thunderbird [2010.09.12 12:11:43 | 000,000,000 | ---D | M] -- C:\Users\Carina\AppData\Roaming\TP [2012.09.29 10:17:42 | 000,000,000 | ---D | M] -- C:\Users\Carina\AppData\Roaming\TuneUp Software [2012.12.13 08:49:29 | 000,000,000 | ---D | M] -- C:\Users\Carina\AppData\Roaming\UAs [2012.11.14 19:23:15 | 000,000,000 | ---D | M] -- C:\Users\Carina\AppData\Roaming\Unywti [2011.05.22 15:03:59 | 000,000,000 | ---D | M] -- C:\Users\Carina\AppData\Roaming\Windows Live Writer [2012.12.13 08:55:43 | 000,000,000 | ---D | M] -- C:\Users\Carina\AppData\Roaming\xmldm ========== Purity Check ========== < End of report > |
|
11.06.2013, 21:44
| #10 |
| /// TB-Ausbilder | Trojaner TR/Spy.Banker.YF - Online Banking Probleme Hallo, Combofix hat noch nicht ganz alles erwischt. Helfen wir ein bisschen nach:  Warnung: InfostealerAus deinen Logs ist ersichtlich, dass du Malware eingefangen hast, die es speziell auf deine sensitiven Daten (Benutzernamen, Passwörter, Onlinebankingzugangsdaten, etc.) abgesehen hat. Man kann nicht genau wissen, was alles mitgeloggt wurde, aber sicherheitshalber würd ich alle auf diesem Rechner eingegebenen Daten und Passwörter als bekannt voraussetzen. Ich würde dir daher raten, zum Schluss oder von einem sauberen Rechner aus sämtliche Zugangsdaten, welche an diesem Rechner verwendet wurden, zu ändern. Schritt 1 Combofix-Skript
Bitte poste in deiner nächsten Antwort:
__________________ cheers, Leo |
|
11.06.2013, 22:10
| #11 |
| | Trojaner TR/Spy.Banker.YF - Online Banking Probleme Combofix Logfile: Code:
ATTFilter ComboFix 13-06-08.02 - Carina 11.06.2013 22:57:52.2.4 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.2935.1602 [GMT 2:00]
ausgeführt von:: c:\users\Carina\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Carina\Desktop\CFScript.txt
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\users\Carina\AppData\Roaming\blckdom.res"
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Carina\AppData\Roaming\Avbe
c:\users\Carina\AppData\Roaming\Avbe\haid.lux
c:\users\Carina\AppData\Roaming\blckdom.res
c:\users\Carina\AppData\Roaming\Brokxkwet
c:\users\Carina\AppData\Roaming\Brokxkwet\twdnwypmizl.exe
c:\users\Carina\AppData\Roaming\Daeds
c:\users\Carina\AppData\Roaming\Daeds\xiazu.uwd
c:\users\Carina\AppData\Roaming\Evky
c:\users\Carina\AppData\Roaming\Fahaf
c:\users\Carina\AppData\Roaming\Faxtxt
c:\users\Carina\AppData\Roaming\kock
c:\users\Carina\AppData\Roaming\UAs
c:\users\Carina\AppData\Roaming\UAs\_UAs001.dat
c:\users\Carina\AppData\Roaming\Unywti
c:\users\Carina\AppData\Roaming\Unywti\tocir.keu
c:\users\Carina\AppData\Roaming\xmldm
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-05-11 bis 2013-06-11 ))))))))))))))))))))))))))))))
.
.
2013-06-11 21:07 . 2013-06-11 21:07 -------- d-----w- c:\users\Carina\AppData\Local\temp
2013-06-11 21:07 . 2013-06-11 21:07 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-06-11 05:37 . 2013-06-11 05:37 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2013-06-10 20:29 . 2013-06-10 20:29 -------- d-----w- c:\users\Carina\AppData\Roaming\Malwarebytes
2013-06-10 20:29 . 2013-06-10 20:29 -------- d-----w- c:\programdata\Malwarebytes
2013-06-10 20:29 . 2013-04-04 12:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-06-10 20:29 . 2013-06-10 20:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-06-08 12:11 . 2013-06-08 12:11 -------- d-----w- c:\programdata\McAfee
2013-06-07 13:33 . 2013-05-13 06:19 7016152 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1FF692E1-87FF-4E5C-974C-F5279CBBA698}\mpengine.dll
2013-05-24 21:42 . 2013-05-24 21:42 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-05-24 12:27 . 2013-05-24 12:27 262552 ----a-w- c:\program files\Mozilla Firefox\browser\components\browsercomps.dll
2013-05-22 13:41 . 2013-05-22 13:41 -------- d-----w- c:\users\Carina\Tracing
2013-05-22 13:41 . 2013-05-22 13:41 -------- d-----w- c:\program files\7-Zip
2013-05-22 13:40 . 2013-05-16 12:02 632656 ----a-w- c:\windows\system32\msvcr80.dll
2013-05-22 13:40 . 2013-05-16 12:02 554832 ----a-w- c:\windows\system32\msvcp80.dll
2013-05-22 13:40 . 2013-05-16 12:02 479232 ----a-w- c:\windows\system32\msvcm80.dll
2013-05-18 08:14 . 2013-04-10 05:18 728424 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-05-18 08:14 . 2013-04-10 05:18 218984 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2013-05-18 08:14 . 2013-04-10 03:14 2347520 ----a-w- c:\windows\system32\win32k.sys
2013-05-18 08:13 . 2013-03-19 04:53 186368 ----a-w- c:\windows\system32\wwansvc.dll
2013-05-18 08:13 . 2013-03-19 03:33 40960 ----a-w- c:\windows\system32\wwanprotdim.dll
2013-05-18 08:13 . 2013-02-27 05:05 101720 ----a-w- c:\windows\system32\consent.exe
2013-05-18 08:13 . 2013-02-27 04:49 1796096 ----a-w- c:\windows\system32\authui.dll
2013-05-18 08:13 . 2013-02-27 04:49 47104 ----a-w- c:\windows\system32\appinfo.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-16 18:06 . 2012-07-14 16:35 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-05-16 18:06 . 2011-09-05 16:59 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-14 09:54 . 2011-03-28 10:36 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-10 08:07 . 2013-05-10 08:08 66656 ----a-w- c:\windows\system32\drivers\avnetflt.sys
2013-05-02 00:06 . 2010-06-28 23:04 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-04-13 04:45 . 2013-05-18 08:14 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-18 08:14 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-04-12 13:45 . 2013-04-27 16:14 1211752 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-01 12:28 . 2012-10-18 16:53 84744 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2013-04-01 12:28 . 2012-10-18 16:53 37352 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2013-04-01 12:28 . 2012-10-18 16:53 135136 ----a-w- c:\windows\system32\drivers\avipbb.sys
2013-03-19 05:04 . 2013-04-14 09:35 3968856 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-03-19 05:04 . 2013-04-14 09:35 3913560 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-19 04:48 . 2013-04-14 09:35 38912 ----a-w- c:\windows\system32\csrsrv.dll
2013-03-19 02:49 . 2013-04-14 09:35 69632 ----a-w- c:\windows\system32\smss.exe
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-11-14 17:41 220632 ----a-w- c:\users\Carina\AppData\Local\Microsoft\SkyDrive\16.4.6003.0710_1\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-11-14 17:41 220632 ----a-w- c:\users\Carina\AppData\Local\Microsoft\SkyDrive\16.4.6003.0710_1\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-11-14 17:41 220632 ----a-w- c:\users\Carina\AppData\Local\Microsoft\SkyDrive\16.4.6003.0710_1\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2012-10-24 17:19 2042528 ----a-w- c:\program files\Microsoft Office 15\root\office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2012-10-24 17:19 2042528 ----a-w- c:\program files\Microsoft Office 15\root\office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2012-10-24 17:19 2042528 ----a-w- c:\program files\Microsoft Office 15\root\office15\grooveex.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Facebook Update"="c:\users\Carina\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-12 138096]
"RESTART_STICKY_NOTES"="c:\windows\System32\StikyNot.exe" [2009-07-14 354304]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-04-19 18678376]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-04-23 9177632]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RtHDVBg.exe" [2010-04-23 1423904]
"HotkeyApp"="c:\program files\Launch Manager\HotkeyApp.exe" [2009-12-14 200704]
"LMgrVolOSD"="c:\program files\Launch Manager\OSD.exe" [2009-12-11 348960]
"Wbutton"="c:\program files\Launch Manager\Wbutton.exe" [2010-01-13 413696]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-12-11 1594664]
"CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2009-11-02 103720]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2010-07-12 74752]
"Luxand Blink!"="c:\program files\Luxand\Blink!\LuxandBlinkTray.exe" [2010-10-18 7143224]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-01-10 142616]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-01-10 177432]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-01-10 177944]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2013-05-10 345312]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-05-11 958576]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Google Update"="c:\users\Carina\AppData\Local\Google\Update\GoogleUpdate.exe" /c
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
.
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-10-02 3064000]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-02-28 161384]
R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-27 132480]
R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-02-03 232960]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2013-06-11 40776]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys [2010-05-24 193056]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2012-04-14 1343400]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-09-22 691696]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2013-04-01 37352]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2013-04-01 86752]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]
S2 OfficeSvc;Microsoft Office Service;c:\program files\Microsoft Office 15\ClientX86\integratedoffice.exe [2012-09-11 1034880]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-12-10 2320920]
S2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2009-10-09 493248]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x86.sys [2009-07-13 50688]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [2010-03-02 1006624]
S3 WisLMSvc;WisLMSvc;c:\program files\Launch Manager\WisLMSvc.exe [2009-10-23 118560]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-06-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-14 18:06]
.
2013-06-10 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3410650692-588603448-4288098186-1000Core.job
- c:\users\Carina\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-05 12:24]
.
2013-06-11 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3410650692-588603448-4288098186-1000UA.job
- c:\users\Carina\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-05 12:24]
.
2013-06-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-06-17 15:56]
.
2013-06-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-06-17 15:56]
.
2013-06-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3410650692-588603448-4288098186-1000Core.job
- c:\users\Carina\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-18 01:02]
.
2013-06-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3410650692-588603448-4288098186-1000UA.job
- c:\users\Carina\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-18 01:02]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com
IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\ICQ7.5\ICQ.exe
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Carina\AppData\Roaming\Mozilla\Firefox\Profiles\gnlkn1dv.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKCU-Run-puoomizl - c:\users\Carina\AppData\Roaming\Brokxkwet\twdnwypmizl.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-06-11 23:09:16
ComboFix-quarantined-files.txt 2013-06-11 21:09
ComboFix2.txt 2013-06-11 20:18
.
Vor Suchlauf: 11 Verzeichnis(se), 267.271.864.320 Bytes frei
Nach Suchlauf: 12 Verzeichnis(se), 267.241.570.304 Bytes frei
.
- - End Of File - - 072A8AD28CD9ADF393923EF75372ABE0
8A1C59E4DFEF87510470928550466632 so...ist er endlich weg? :-) Danke schon mal für die ganze Mühe und Arbeit. Habt ihr eigtl ein Spendenkonto? :-) Geändert von carina145 (11.06.2013 um 22:15 Uhr) |
|
11.06.2013, 22:21
| #12 | ||
| /// TB-Ausbilder | Trojaner TR/Spy.Banker.YF - Online Banking ProblemeZitat:
Aber zur Sicherheit machen wir noch einen Kontrolldurchgang. Und wir schliessen auch noch vorhandene Sicherheitslücken, um so ein Schlamassel in Zukunft zu verhindern. Zitat:
Schritt 1
Schritt 2 ESET Online Scanner
Schritt 3 Downloade Dir bitte  SecurityCheck und:
Schritt 4 Starte bitte die OTL.exe.
Bitte poste in deiner nächsten Antwort:
__________________ cheers, Leo |
|
11.06.2013, 22:57
| #13 |
| | Trojaner TR/Spy.Banker.YF - Online Banking Probleme Results of screen317's Security Check version 0.99.64 Windows 7 Service Pack 1 x86 (UAC is enabled) Internet Explorer 10 ``````````````Antivirus/Firewall Check:`````````````` Avira Desktop Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware Version 1.75.0.1300 Java(TM) 6 Update 31 Java version out of Date! Adobe Flash Player 11.7.700.202 Adobe Reader XI Mozilla Firefox (21.0) Google Chrome 27.0.1453.110 Google Chrome 27.0.1453.94 ````````Process Check: objlist.exe by Laurent```````` Avira Antivir avgnt.exe Avira Antivir avguard.exe ESET ESET Online Scanner OnlineScannerApp.exe ESET ESET Online Scanner OnlineCmdLineScanner.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.06.11.07 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 10.0.9200.16576 Carina :: CARINA-PC [Administrator] 11.06.2013 23:25:15 mbam-log-2013-06-11 (23-25-15).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 211277 Laufzeit: 8 Minute(n), 7 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) OTL Logfile: Code:
ATTFilter OTL logfile created on: 6/11/2013 11:38:17 PM - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Carina\Downloads Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16576) Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2.87 Gb Total Physical Memory | 1.33 Gb Available Physical Memory | 46.29% Memory free 5.73 Gb Paging File | 4.07 Gb Available in Paging File | 71.06% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 424.66 Gb Total Space | 248.84 Gb Free Space | 58.60% Space Free | Partition Type: NTFS Drive D: | 40.00 Gb Total Space | 21.60 Gb Free Space | 53.99% Space Free | Partition Type: NTFS Computer Name: CARINA-PC | User Name: Carina | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013/06/11 23:34:14 | 000,890,839 | ---- | M] () -- C:\Users\Carina\Desktop\SecurityCheck.exe PRC - [2013/06/11 16:22:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Carina\Downloads\OTL.exe PRC - [2013/05/24 14:27:33 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2013/05/16 20:06:03 | 001,855,880 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe PRC - [2013/05/11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2013/05/10 10:06:59 | 000,345,312 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2013/04/01 14:28:15 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2013/04/01 14:27:38 | 000,079,584 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe PRC - [2013/04/01 14:27:33 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2013/02/07 12:35:46 | 000,546,944 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Online Scanner\OnlineScannerApp.exe PRC - [2013/02/07 12:35:40 | 000,579,904 | ---- | M] () -- C:\Program Files\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe PRC - [2012/11/30 04:55:25 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2012/09/11 17:30:18 | 001,034,880 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office 15\ClientX86\integratedoffice.exe PRC - [2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010/11/20 14:17:00 | 000,302,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cmd.exe PRC - [2010/07/12 18:32:48 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Winamp\winampa.exe PRC - [2010/04/23 16:53:10 | 001,423,904 | ---- | M] (Realtek Semiconductor) -- C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe PRC - [2010/03/04 05:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2010/01/13 19:18:30 | 000,413,696 | ---- | M] (Wistron Corp.) -- C:\Program Files\Launch Manager\WButton.exe PRC - [2009/12/14 20:25:00 | 000,200,704 | ---- | M] (Wistron) -- C:\Program Files\Launch Manager\HotkeyApp.exe PRC - [2009/12/12 00:18:16 | 000,348,960 | ---- | M] (Wistron Corp.) -- C:\Program Files\Launch Manager\OSD.exe PRC - [2009/12/10 08:48:26 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2009/12/10 08:48:24 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2009/11/02 23:21:26 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe PRC - [2009/10/23 02:05:40 | 000,118,560 | ---- | M] (Wistron Corp.) -- C:\Program Files\Launch Manager\WisLMSvc.exe PRC - [2009/10/09 17:07:20 | 000,493,248 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe PRC - [2009/09/10 15:12:10 | 000,185,632 | ---- | M] (Protexis Inc.) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe PRC - [2009/07/14 03:14:41 | 000,354,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\StikyNot.exe PRC - [2009/07/14 03:14:16 | 000,176,128 | ---- | M] (Microsoft Corp.) -- C:\Windows\System32\Defrag.exe ========== Modules (No Company Name) ========== MOD - [2013/06/11 23:34:14 | 000,890,839 | ---- | M] () -- C:\Users\Carina\Desktop\SecurityCheck.exe MOD - [2013/05/24 14:27:33 | 003,128,728 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll MOD - [2013/05/16 20:06:03 | 016,033,160 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_7_700_202.dll MOD - [2013/02/07 12:35:40 | 000,579,904 | ---- | M] () -- C:\Program Files\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe MOD - [2012/10/24 19:12:50 | 006,307,952 | ---- | M] () -- C:\Program Files\Microsoft Office 15\root\office15\1033\grooveintlresource.dll MOD - [2012/01/10 15:12:12 | 000,094,208 | ---- | M] () -- C:\Windows\System32\IccLibDll.dll MOD - [2010/03/15 11:28:22 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll MOD - [2009/11/02 23:23:36 | 000,013,096 | ---- | M] () -- C:\Program Files\CyberLink\Power2Go\CLMLSvcPS.dll MOD - [2009/11/02 23:20:10 | 000,619,816 | ---- | M] () -- C:\Program Files\CyberLink\Power2Go\CLMediaLibrary.dll ========== Services (SafeList) ========== SRV - [2013/05/16 20:06:39 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013/05/11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2013/04/01 14:28:15 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2013/04/01 14:27:33 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2013/02/28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012/10/02 13:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Stopped] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service) SRV - [2012/09/11 17:30:18 | 001,034,880 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Office 15\ClientX86\integratedoffice.exe -- (OfficeSvc) SRV - [2012/04/14 17:05:13 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc) SRV - [2010/03/04 05:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2009/12/10 08:48:26 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2009/12/10 08:48:24 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2009/10/23 02:05:40 | 000,118,560 | ---- | M] (Wistron Corp.) [On_Demand | Running] -- C:\Program Files\Launch Manager\WisLMSvc.exe -- (WisLMSvc) SRV - [2009/10/09 17:07:20 | 000,493,248 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent) SRV - [2009/09/10 15:12:10 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2) SRV - [2009/07/14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009/07/14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Unknown] -- C:\ComboFix\mbr.sys -- (mbr) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbmdm.sys -- (hwdatacard) DRV - File not found [Kernel | On_Demand | Running] -- C:\Users\Carina\AppData\Local\Temp\catchme.sys -- (catchme) DRV - [2013/04/01 14:28:32 | 000,135,136 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2013/04/01 14:28:32 | 000,084,744 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2013/04/01 14:28:32 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2012/08/27 15:50:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2010/12/18 13:03:56 | 000,021,696 | ---- | M] (Almico Software) [Kernel | Boot | Running] -- C:\Windows\System32\speedfan.sys -- (speedfan) DRV - [2010/11/20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010/09/22 20:19:26 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sptd.sys -- (sptd) DRV - [2010/05/24 15:46:34 | 000,193,056 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV - [2010/03/02 13:24:58 | 001,006,624 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rtl8192se.sys -- (rtl8192se) DRV - [2010/02/27 05:01:22 | 000,132,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Impcd.sys -- (Impcd) DRV - [2010/02/03 19:06:34 | 000,232,960 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\IntcDAud.sys -- (IntcDAud) DRV - [2009/10/09 16:50:48 | 000,020,152 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vpnva.sys -- (vpnva) DRV - [2009/09/18 04:54:14 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI) DRV - [2009/07/14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp) DRV - [2009/07/14 00:02:47 | 000,050,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C) DRV - [1996/04/03 21:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\giveio.sys -- (giveio) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-3410650692-588603448-4288098186-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://medion.msn.com [binary data] IE - HKU\S-1-5-21-3410650692-588603448-4288098186-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKU\S-1-5-21-3410650692-588603448-4288098186-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-21-3410650692-588603448-4288098186-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com IE - HKU\S-1-5-21-3410650692-588603448-4288098186-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com IE - HKU\S-1-5-21-3410650692-588603448-4288098186-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-3410650692-588603448-4288098186-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR IE - HKU\S-1-5-21-3410650692-588603448-4288098186-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\S-1-5-21-3410650692-588603448-4288098186-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3410650692-588603448-4288098186-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> ========== FireFox ========== FF - prefs.js..browser.search.defaulturl: "" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Carina\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Carina\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Carina\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/06/08 14:10:46 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{33044118-6597-4D2F-ABEA-7974BB185379}: C:\Users\Carina\AppData\Roaming\17001.006 [2013/06/11 21:43:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Carina\AppData\Roaming\mozilla\Extensions [2011/03/14 23:19:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Carina\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2013/06/11 21:41:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Carina\AppData\Roaming\mozilla\Firefox\Profiles\gnlkn1dv.default\extensions [2013/06/11 21:43:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2012/11/06 18:11:48 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013/05/24 14:27:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions [2013/05/24 14:27:34 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2012/03/31 12:47:57 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2010/07/12 18:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll ========== Chrome ========== CHR - homepage: hxxp://start.iminent.com/?appId=88DA0528-E556-4B54-8EBF-653911D9816D CHR - Extension: No name found = C:\Users\Carina\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: No name found = C:\Users\Carina\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: No name found = C:\Users\Carina\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2013/06/11 23:07:14 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Microsoft SPFS Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\office15\grooveex.dll (Microsoft Corporation) O3 - HKU\S-1-5-21-3410650692-588603448-4288098186-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe (Wistron) O4 - HKLM..\Run: [LMgrVolOSD] C:\Program Files\Launch Manager\OSD.exe (Wistron Corp.) O4 - HKLM..\Run: [Luxand Blink!] C:\Program Files\Luxand\Blink!\LuxandBlinkTray.exe (Luxand, Inc.) O4 - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Wbutton] C:\Program Files\Launch Manager\Wbutton.exe (Wistron Corp.) O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.) O4 - HKU\S-1-5-21-3410650692-588603448-4288098186-1000..\Run: [Facebook Update] C:\Users\Carina\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) O4 - HKU\S-1-5-21-3410650692-588603448-4288098186-1000..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe (Microsoft Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-3410650692-588603448-4288098186-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-3410650692-588603448-4288098186-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-3410650692-588603448-4288098186-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{010B9879-A692-401A-AE4C-02616152CCA3}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4C303074-C9F1-4EE6-A9FB-97E51046D57B}: DhcpNameServer = 83.169.184.225 83.169.184.161 O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\msosb.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013/06/11 23:28:14 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2013/06/11 23:09:19 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013/06/11 23:09:18 | 000,000,000 | ---D | C] -- C:\Users\Carina\AppData\Local\temp [2013/06/11 21:55:51 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013/06/11 21:55:51 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013/06/11 21:55:51 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013/06/11 21:54:06 | 000,000,000 | ---D | C] -- C:\Qoobox [2013/06/11 21:53:40 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013/06/10 22:29:48 | 000,000,000 | ---D | C] -- C:\Users\Carina\AppData\Roaming\Malwarebytes [2013/06/10 22:29:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013/06/10 22:29:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013/06/10 22:29:29 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2013/06/10 22:29:28 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2013/06/08 14:11:18 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee [2013/06/08 14:09:30 | 000,000,000 | ---D | C] -- C:\Config.Msi [2013/05/22 15:41:56 | 000,000,000 | ---D | C] -- C:\Users\Carina\AppData\Local\{12B5A6C9-392E-4189-8121-18B4EF705BB0} [2013/05/22 15:41:10 | 000,000,000 | ---D | C] -- C:\Users\Carina\Tracing [2013/05/22 15:41:07 | 000,000,000 | ---D | C] -- C:\Users\Carina\Local Settings [2013/05/22 15:41:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip [2013/05/22 15:41:05 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip [2013/05/18 23:42:33 | 000,000,000 | ---D | C] -- C:\Users\Carina\Desktop\Lieder [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013/06/11 23:34:14 | 000,890,839 | ---- | M] () -- C:\Users\Carina\Desktop\SecurityCheck.exe [2013/06/11 23:07:14 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2013/06/11 22:59:07 | 000,009,920 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013/06/11 22:59:07 | 000,009,920 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013/06/11 22:51:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013/06/11 22:50:51 | 2307,862,528 | -HS- | M] () -- C:\hiberfil.sys [2013/06/11 07:59:30 | 000,000,020 | ---- | M] () -- C:\Users\Carina\defogger_reenable [2013/06/11 06:34:24 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3410650692-588603448-4288098186-1000UA.job [2013/06/11 06:34:11 | 000,001,142 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3410650692-588603448-4288098186-1000UA.job [2013/06/11 06:34:11 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013/06/11 06:34:03 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013/06/10 22:29:36 | 000,001,068 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013/06/10 22:01:53 | 000,081,170 | ---- | M] () -- C:\Users\Carina\Desktop\Unbenannt.JPG [2013/06/10 20:29:00 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3410650692-588603448-4288098186-1000Core.job [2013/06/10 17:52:13 | 000,001,072 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3410650692-588603448-4288098186-1000Core.job [2013/06/10 17:48:18 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013/06/08 14:10:47 | 000,001,990 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk [2013/06/08 12:31:49 | 000,046,709 | ---- | M] () -- C:\Users\Carina\Desktop\Anschreiben.pdf [2013/06/08 12:28:55 | 000,047,080 | ---- | M] () -- C:\Users\Carina\Desktop\Lebenslauf aktuell.pdf [2013/05/24 23:43:22 | 000,025,185 | ---- | M] () -- C:\Windows\System32\ieuinit.inf [2013/05/19 12:43:50 | 019,491,452 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013/05/19 12:43:50 | 006,254,796 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013/05/19 12:43:50 | 000,300,186 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013/05/19 12:43:50 | 000,038,050 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013/05/19 10:38:25 | 000,482,288 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013/06/11 23:34:09 | 000,890,839 | ---- | C] () -- C:\Users\Carina\Desktop\SecurityCheck.exe [2013/06/11 21:55:51 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013/06/11 21:55:51 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013/06/11 21:55:51 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013/06/11 21:55:51 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013/06/11 21:55:51 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013/06/11 07:59:01 | 000,000,020 | ---- | C] () -- C:\Users\Carina\defogger_reenable [2013/06/10 22:29:36 | 000,001,068 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013/06/10 22:01:52 | 000,081,170 | ---- | C] () -- C:\Users\Carina\Desktop\Unbenannt.JPG [2013/06/08 14:10:47 | 000,001,990 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk [2013/06/08 14:10:46 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk [2013/06/08 12:31:48 | 000,046,709 | ---- | C] () -- C:\Users\Carina\Desktop\Anschreiben.pdf [2013/05/24 23:43:22 | 000,025,185 | ---- | C] () -- C:\Windows\System32\ieuinit.inf [2013/03/02 17:49:09 | 000,001,493 | ---- | C] () -- C:\Users\Carina\AppData\Local\recently-used.xbel [2013/02/11 14:55:33 | 000,000,306 | RHS- | C] () -- C:\Users\Carina\ntuser.pol [2012/04/17 14:19:34 | 000,044,544 | ---- | C] () -- C:\Windows\System32\Gif89.dll [2012/01/10 16:17:08 | 000,128,204 | ---- | C] () -- C:\Windows\System32\igcompkrng575.bin [2012/01/10 16:17:04 | 000,105,608 | ---- | C] () -- C:\Windows\System32\igfcg575m.bin [2012/01/10 16:17:02 | 000,867,020 | ---- | C] () -- C:\Windows\System32\igkrng575.bin [2012/01/10 15:29:54 | 013,904,384 | ---- | C] () -- C:\Windows\System32\ig4icd32.dll [2012/01/10 15:14:34 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll [2012/01/10 15:12:12 | 000,094,208 | ---- | C] () -- C:\Windows\System32\IccLibDll.dll [2011/09/08 14:08:51 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat [2011/07/29 13:07:37 | 000,000,000 | ---- | C] () -- C:\Users\Carina\AppData\Local\{0EEABC5A-FE6A-4FE2-A456-A99DF4A69A68} [2011/06/14 20:07:19 | 000,000,000 | ---- | C] () -- C:\Users\Carina\AppData\Local\C [2011/03/12 16:13:31 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys ========== ZeroAccess Check ========== [2009/07/14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2010/11/19 21:10:43 | 000,000,000 | ---D | M] -- C:\Users\Carina\AppData\Roaming\Ashampoo [2010/09/22 20:28:45 | 000,000,000 | ---D | M] -- C:\Users\Carina\AppData\Roaming\DAEMON Tools Lite [2010/11/01 15:21:29 | 000,000,000 | ---D | M] -- C:\Users\Carina\AppData\Roaming\digital publishing [2012/01/28 16:48:14 | 000,000,000 | ---D | M] -- C:\Users\Carina\AppData\Roaming\elsterformular [2011/03/23 19:32:10 | 000,000,000 | ---D | M] -- C:\Users\Carina\AppData\Roaming\gtk-2.0 [2013/05/22 15:43:26 | 000,000,000 | ---D | M] -- C:\Users\Carina\AppData\Roaming\ICQ [2011/05/22 15:16:29 | 000,000,000 | ---D | M] -- C:\Users\Carina\AppData\Roaming\Luxand [2011/03/16 19:18:34 | 000,000,000 | ---D | M] -- C:\Users\Carina\AppData\Roaming\OpenOffice.org [2011/03/31 20:15:17 | 000,000,000 | ---D | M] -- C:\Users\Carina\AppData\Roaming\SoftGrid Client [2010/11/10 18:29:29 | 000,000,000 | ---D | M] -- C:\Users\Carina\AppData\Roaming\T-Online [2011/03/14 23:19:26 | 000,000,000 | ---D | M] -- C:\Users\Carina\AppData\Roaming\Thunderbird [2010/09/12 12:11:43 | 000,000,000 | ---D | M] -- C:\Users\Carina\AppData\Roaming\TP [2012/09/29 10:17:42 | 000,000,000 | ---D | M] -- C:\Users\Carina\AppData\Roaming\TuneUp Software [2011/05/22 15:03:59 | 000,000,000 | ---D | M] -- C:\Users\Carina\AppData\Roaming\Windows Live Writer ========== Purity Check ========== < End of report > Das andere 2. Schritt lasse ich bis Morgen durchlaufen, dauert ewig. Dann lade ich es hoch. |
|
11.06.2013, 23:08
| #14 | |
| /// TB-Ausbilder | Trojaner TR/Spy.Banker.YF - Online Banking ProblemeZitat:
__________________ cheers, Leo |
|
12.06.2013, 05:28
| #15 |
| | Trojaner TR/Spy.Banker.YF - Online Banking Probleme ESETSmartInstaller@High as downloader log: all ok # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6920 # api_version=3.0.2 # EOSSerial=8d4c5ea0ec04f74db6f2eaa3d7e6d431 # engine=14051 # end=stopped # remove_checked=false # archives_checked=true # unwanted_checked=false # unsafe_checked=false # antistealth_checked=true # utc_time=2013-06-11 09:56:29 # local_time=2013-06-11 11:56:29 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=1799 16775165 100 97 7525 236411079 6199 0 # compatibility_mode=5893 16776573 100 94 3976 122618980 0 0 # scanned=6094 # found=0 # cleaned=0 # scan_time=1589 ESETSmartInstaller@High as downloader log: all ok # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6920 # api_version=3.0.2 # EOSSerial=8d4c5ea0ec04f74db6f2eaa3d7e6d431 # engine=14051 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=false # unsafe_checked=false # antistealth_checked=true # utc_time=2013-06-12 01:12:42 # local_time=2013-06-12 03:12:42 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=1799 16775165 100 97 19298 236422852 17972 0 # compatibility_mode=5893 16776573 100 94 12866 122630753 0 0 # scanned=204313 # found=2 # cleaned=0 # scan_time=11619 sh=6B26A4D970F18E092529DD83D0BCBB3D6878F50F ft=1 fh=fad9acbae316756b vn="a variant of Win32/Kryptik.BDGS trojan" ac=I fn="C:\Qoobox\Quarantine\C\Users\Carina\AppData\Roaming\videoqhmem.exe.vir" sh=D653FD9C30414429B83C8138CCC8925D52CD7C71 ft=1 fh=c71c0011f81b4d9f vn="a variant of Win32/Injector.AHVN trojan" ac=I fn="C:\Qoobox\Quarantine\C\Users\Carina\AppData\Roaming\Brokxkwet\twdnwypmizl.exe.vir" |
|
| Themen zu Trojaner TR/Spy.Banker.YF - Online Banking Probleme |
| banking, eingebe, handy, handynummer, kleine, malware, malware bytes, neuinstallieren, online banking, probleme, pup.datamngr, pup.installbrain, pup.software.updater, search results toolbar, smart, swvupdater, system, tr/spy.banker.yf, trojan.agent.ed, trojan.banker, trojan.ransom.ed, trojaner, wichtige, wichtige daten |
Linear-Darstellung
