| |
| |||||||
Log-Analyse und Auswertung: Virus - TR/Injector.agfh - durch e-Mail eingefangenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
07.07.2013, 19:58
| #1 |
| |  Virus - TR/Injector.agfh - durch e-Mail eingefangen Hallo liebes Trojaner-Board, uns hat es auch erwischt. Mein Freund hat von einem Inkasso-Unternehmen eine E-Mail mit der Mahnung bekommen und hat versucht die angehängte Zip-Datei über meinen Laptop zu öffnen. Dann ging es los: der Laptop ist immer nach dem Start gleich abgestürzt und mein Freud hat Probleme mit Paypal und online-Banking bekommen. Er musste gestern sein Konto und Account sperren lassen und bei paypal wurde ihm gesagt, dass jemand aus dem Ausland versucht hat auf sein Account zuzugreifen. Zum Glück ist das denen nicht gelungen. Jetzt konnte ich gestern im abgesicherten Modus den PC endlich mal starten und System wiederherstellen. Habe danach gleich Avira-Scanner laufen lassen und der hat das hier gefunden: --> C:\Users\Tatjana\AppData\Local\Temp\vO4cNeHZ.zip.part [2] Archivtyp: ZIP --> 18.06.2013 Forderung fur Friedrich Kittner Inkasso Zooplus Shop GmbH.zip [3] Archivtyp: ZIP --> Mahnung an Friedrich Kittner von Inkasso Zooplus Shop GmbH 18.06.2013.com [FUND] Ist das Trojanische Pferd TR/Injector.agfh [WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden C:\Users\Tatjana\AppData\Local\Temp\vO4cNeHZ.zip.part [FUND] Ist das Trojanische Pferd TR/Injector.agfh Jetzt würde ich gerne wissen welche Schritte ich weiter machen soll um mein PC wieder sauber und sicher zu bekommen. Und hier sind die Logfiles: OTL: Code:
ATTFilter OTL logfile created on: 07.07.2013 21:04:56 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Tatjana\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,99 Gb Total Physical Memory | 1,13 Gb Available Physical Memory | 56,96% Memory free 4,22 Gb Paging File | 2,99 Gb Available in Paging File | 70,81% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 74,52 Gb Total Space | 13,85 Gb Free Space | 18,59% Space Free | Partition Type: NTFS Drive E: | 73,06 Gb Total Space | 9,89 Gb Free Space | 13,54% Space Free | Partition Type: NTFS Computer Name: TATJANA-PC | User Name: Tatjana | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.07.07 21:02:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Tatjana\Desktop\OTL.exe PRC - [2013.07.06 23:39:59 | 000,084,024 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2013.07.06 23:39:52 | 000,076,856 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2013.07.06 23:39:51 | 000,345,144 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2013.07.06 23:39:51 | 000,108,088 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2013.05.10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2013.02.08 15:55:20 | 001,644,680 | ---- | M] (Ask) -- C:\Programme\Ask.com\Updater\Updater.exe PRC - [2013.02.05 17:48:44 | 000,272,248 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee Security Scan\3.0.318\SSScheduler.exe PRC - [2011.08.02 00:14:42 | 000,102,400 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Programme\Samsung\Samsung New PC Studio\NPSAgent.exe PRC - [2010.10.27 19:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe PRC - [2010.05.04 12:07:22 | 000,503,080 | ---- | M] (Nero AG) -- C:\Programme\Nero\Update\NASvc.exe PRC - [2010.04.22 05:21:42 | 000,103,848 | ---- | M] (Citrix Systems, Inc.) -- C:\Programme\Citrix\ICA Client\concentr.exe PRC - [2010.04.22 05:21:00 | 000,550,312 | ---- | M] (Citrix Systems, Inc.) -- C:\Programme\Citrix\ICA Client\wfcrun32.exe PRC - [2010.03.18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe PRC - [2009.04.11 08:28:03 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.04.11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe PRC - [2009.03.31 09:39:36 | 000,233,472 | ---- | M] (Teruten) -- C:\Windows\System32\FsUsbExService.Exe PRC - [2008.01.19 09:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2008.01.19 09:33:39 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe PRC - [2007.09.19 12:01:12 | 000,077,824 | ---- | M] (TOSHIBA Corporation) -- C:\Programme\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe PRC - [2007.09.03 12:39:22 | 004,702,208 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2007.07.20 20:45:16 | 001,372,160 | ---- | M] (TOSHIBA CORPORATION) -- C:\Programme\TOSHIBA\ConfigFree\NDSTray.exe PRC - [2007.06.19 15:28:32 | 000,405,504 | ---- | M] (TOSHIBA CORPORATION) -- C:\Programme\TOSHIBA\ConfigFree\CFSwMgr.exe PRC - [2007.03.30 18:44:20 | 000,262,144 | ---- | M] (SONIX) -- C:\Windows\tsnpstd3.exe PRC - [2007.03.29 10:39:00 | 000,427,576 | ---- | M] (TOSHIBA Corporation) -- C:\Programme\TOSHIBA\Power Saver\TosCoSrv.exe PRC - [2007.02.12 14:38:04 | 000,355,096 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe PRC - [2007.02.12 14:37:58 | 000,174,872 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe PRC - [2006.11.14 20:33:10 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe PRC - [2006.11.13 10:29:40 | 000,413,696 | ---- | M] (TOSHIBA) -- C:\Programme\TOSHIBA\TOSCDSPD\TOSCDSPD.exe PRC - [2006.10.05 06:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe PRC - [2006.09.27 04:00:00 | 000,139,264 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\spool\drivers\w32x86\3\E_FATIBZE.EXE PRC - [2006.09.18 15:12:12 | 000,843,776 | ---- | M] () -- C:\Windows\vsnpstd3.exe PRC - [2006.08.23 16:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe PRC - [2006.05.25 19:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe ========== Modules (No Company Name) ========== MOD - [2012.02.20 21:29:04 | 000,087,912 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2012.02.20 21:28:42 | 001,242,472 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2008.01.12 01:08:22 | 000,094,720 | ---- | M] () -- C:\Programme\FileZilla FTP Client\fzshellext.dll MOD - [2007.09.13 09:11:18 | 000,249,856 | ---- | M] () -- C:\Windows\System32\igfxTMM.dll MOD - [2006.09.18 15:12:12 | 000,843,776 | ---- | M] () -- C:\Windows\vsnpstd3.exe ========== Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service) SRV - [2013.07.07 10:51:14 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.07.06 23:39:59 | 000,084,024 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2013.07.06 23:39:51 | 000,108,088 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2013.05.26 06:21:19 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.05.10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2013.02.05 17:48:00 | 000,235,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Programme\McAfee Security Scan\3.0.318\McCHSvc.exe -- (McComponentHostService) SRV - [2010.05.04 12:07:22 | 000,503,080 | ---- | M] (Nero AG) [Auto | Running] -- C:\Programme\Nero\Update\NASvc.exe -- (NAUpdate) SRV - [2010.03.18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon) SRV - [2009.03.31 09:39:36 | 000,233,472 | ---- | M] (Teruten) [Auto | Running] -- C:\Windows\System32\FsUsbExService.Exe -- (FsUsbExService) SRV - [2008.04.07 09:17:30 | 000,430,592 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2008.01.19 09:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2008.01.19 09:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2007.09.19 12:01:12 | 000,077,824 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Programme\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv) SRV - [2007.03.29 10:39:00 | 000,427,576 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Programme\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv) SRV - [2007.02.12 14:38:04 | 000,355,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) SRV - [2006.11.14 20:33:10 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe -- (CFSvcs) SRV - [2006.10.05 06:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio) SRV - [2006.08.23 16:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper) SRV - [2006.05.25 19:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv) SRV - [2003.07.28 13:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\TpChoice.sys -- (TpChoice) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (Tosrfcom) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive) DRV - [2013.03.30 17:18:11 | 000,135,136 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2013.03.30 17:18:11 | 000,084,744 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2013.03.30 17:18:11 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2013.03.11 22:44:06 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2010.04.22 03:25:26 | 000,065,584 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\ctxusbm.sys -- (ctxusbm) DRV - [2009.12.01 22:17:42 | 000,579,712 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\emBDA.sys -- (USB28xxBGA) DRV - [2009.12.01 22:17:06 | 000,543,744 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\emOEM.sys -- (USB28xxOEM) DRV - [2009.09.28 10:55:38 | 000,052,656 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\OXSDIDRV_x32.sys -- (OXSDIDRV_x32) DRV - [2009.04.22 18:27:12 | 001,129,472 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2009.03.31 09:39:36 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk) DRV - [2009.03.20 10:01:26 | 000,121,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bmdm.sys -- (ss_bmdm) DRV - [2009.03.20 10:01:26 | 000,090,112 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bbus.sys -- (ss_bbus) DRV - [2009.03.20 10:01:26 | 000,014,976 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bmdfl.sys -- (ss_bmdfl) DRV - [2007.09.17 15:53:26 | 000,021,632 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2007.07.26 17:18:04 | 000,285,184 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tos_sps32.sys -- (tos_sps32) DRV - [2007.04.30 07:42:14 | 000,081,408 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) DRV - [2007.04.23 14:44:10 | 001,347,584 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\camdrv41.sys -- (camdrv41) DRV - [2007.04.13 20:24:04 | 010,246,144 | ---- | M] (Sonix Co. Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\snpstd3.sys -- (SNPSTD3) DRV - [2007.03.06 15:01:04 | 000,014,848 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\CplIR.sys -- (CplIR) DRV - [2007.01.18 16:47:18 | 000,211,072 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\KR10N.sys -- (KR10N) DRV - [2007.01.18 16:40:56 | 000,219,392 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\KR10I.sys -- (KR10I) DRV - [2006.11.28 09:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2006.10.23 16:32:20 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\tosrfec.sys -- (tosrfec) DRV - [2006.10.18 12:50:04 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst) DRV - [2006.10.05 22:22:14 | 000,016,768 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ) DRV - [2006.08.30 10:35:58 | 000,140,800 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService) DRV - [2006.07.28 16:25:26 | 000,019,456 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\LPCFilter.sys -- (LPCFilter) DRV - [2006.07.06 14:44:00 | 000,168,448 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tifm21.sys -- (tifm21) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) IE - HKLM\..\URLSearchHook: {c9508125-4747-4733-b048-e4b82dc9716d} - No CLSID value found IE - HKLM\..\SearchScopes,DefaultScope = {C542132D-BB49-42E4-A42D-8C4037B1451A} IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2102572 IE - HKLM\..\SearchScopes\{C542132D-BB49-42E4-A42D-8C4037B1451A}: "URL" = hxxp://www.google.de/search?q={searchTerms}&rls=com.microsoft:*:IE-SearchBox&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7; IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) IE - HKCU\..\URLSearchHook: {c9508125-4747-4733-b048-e4b82dc9716d} - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = {C542132D-BB49-42E4-A42D-8C4037B1451A} IE - HKCU\..\SearchScopes\{2144CC6D-CF6D-4E91-9FC3-8E392DF3ACB0}: "URL" = hxxp://search.yahoo.com/search?ei=utf-8&fr=vmn&type=vendio&p={searchTerms} IE - HKCU\..\SearchScopes\{237FBBDA-CCCF-4DBD-98DC-54240CA101F0}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=3519590D-4F44-434E-93BB-F2BA9F8F8F94&apn_sauid=2F197BFF-10B6-449E-A9C4-3DEDCB7EB212 IE - HKCU\..\SearchScopes\{39509AB5-7B02-46EB-A0DD-376CA8FA72C1}: "URL" = hxxp://www.dealio.com/products.html?kwd={searchTerms} IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2102572 IE - HKCU\..\SearchScopes\{C542132D-BB49-42E4-A42D-8C4037B1451A}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GPEA_de IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Ask.com" FF - prefs.js..browser.search.defaulturl: "hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "Ask.com" FF - prefs.js..browser.startup.homepage: "hxxp://de.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:de:official" FF - prefs.js..extensions.enabledAddons: finder%40meingutscheincode.de:3.0.3 FF - prefs.js..extensions.enabledAddons: ru%40dictionaries.addons.mozilla.org:0.4.4.1 FF - prefs.js..extensions.enabledAddons: %7B79AB5E93-0AE2-4759-891A-3F1B322F9F9A%7D:1.0.0.0 FF - prefs.js..extensions.enabledAddons: %7B239cc760-75a9-4276-b1fc-c0ceb963f373%7D:1.1.8 FF - prefs.js..extensions.enabledAddons: %7B872b5b88-9db5-4310-bdd0-ac189557e5f5%7D:3.18.0.7 FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.15 FF - prefs.js..extensions.enabledAddons: %7B64161300-e22b-11db-8314-0800200c9a66%7D:0.9.6.15 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0 FF - prefs.js..extensions.enabledItems: de-DE@dictionaries.addons.mozilla.org:2.0.2 FF - prefs.js..extensions.enabledItems: {64161300-e22b-11db-8314-0800200c9a66}:0.9.5.8 FF - prefs.js..extensions.enabledItems: {79AB5E93-0AE2-4759-891A-3F1B322F9F9A}:1.0.0.0 FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.2.0 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=ORJ&o=&locale=&apn_uid=3519590D-4F44-434E-93BB-F2BA9F8F8F94&apn_ptnrs=U3&apn_sauid=2F197BFF-10B6-449E-A9C4-3DEDCB7EB212&apn_dtid=OSJ000YYDE&&q=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.0.5.0: C:\Program Files\Kartina.TV\VLC\npvlc.dll (the VideoLAN Team) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{79AB5E93-0AE2-4759-891A-3F1B322F9F9A}: C:\Program Files\Kartina.TV\VLC\npvlc.dll [2010.02.17 17:00:04 | 000,235,184 | ---- | M] (the VideoLAN Team) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.05.26 06:21:20 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.05.26 06:21:06 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.05.26 06:21:20 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.05.26 06:21:06 | 000,000,000 | ---D | M] [2008.09.09 12:58:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tatjana\AppData\Roaming\mozilla\Extensions [2013.06.09 22:06:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tatjana\AppData\Roaming\mozilla\Firefox\Profiles\7l1d02n1.default\extensions [2010.06.17 21:13:46 | 000,000,000 | ---D | M] (VLC Mozilla plugin) -- C:\Users\Tatjana\AppData\Roaming\mozilla\Firefox\Profiles\7l1d02n1.default\extensions\{79AB5E93-0AE2-4759-891A-3F1B322F9F9A} [2013.02.08 21:32:30 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\Tatjana\AppData\Roaming\mozilla\Firefox\Profiles\7l1d02n1.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} [2011.02.22 22:51:37 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Tatjana\AppData\Roaming\mozilla\Firefox\Profiles\7l1d02n1.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2013.06.01 10:19:58 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Tatjana\AppData\Roaming\mozilla\Firefox\Profiles\7l1d02n1.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2012.12.06 01:27:47 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\Tatjana\AppData\Roaming\mozilla\Firefox\Profiles\7l1d02n1.default\extensions\de-DE@dictionaries.addons.mozilla.org [2011.05.11 22:07:05 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Tatjana\AppData\Roaming\mozilla\Firefox\Profiles\7l1d02n1.default\extensions\engine@conduit.com [2012.06.17 15:06:56 | 000,000,000 | ---D | M] (Russian spellchecking dictionary) -- C:\Users\Tatjana\AppData\Roaming\mozilla\Firefox\Profiles\7l1d02n1.default\extensions\ru@dictionaries.addons.mozilla.org [2013.03.11 22:35:52 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Users\Tatjana\AppData\Roaming\mozilla\Firefox\Profiles\7l1d02n1.default\extensions\toolbar@ask.com [2011.09.21 17:10:49 | 000,105,020 | ---- | M] () (No name found) -- C:\Users\Tatjana\AppData\Roaming\mozilla\firefox\profiles\7l1d02n1.default\extensions\finder@meingutscheincode.de.xpi [2012.02.18 12:02:32 | 000,020,591 | ---- | M] () (No name found) -- C:\Users\Tatjana\AppData\Roaming\mozilla\firefox\profiles\7l1d02n1.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi [2012.12.29 01:26:50 | 000,149,831 | ---- | M] () (No name found) -- C:\Users\Tatjana\AppData\Roaming\mozilla\firefox\profiles\7l1d02n1.default\extensions\{239cc760-75a9-4276-b1fc-c0ceb963f373}.xpi [2013.06.09 22:06:55 | 000,281,668 | ---- | M] () (No name found) -- C:\Users\Tatjana\AppData\Roaming\mozilla\firefox\profiles\7l1d02n1.default\extensions\{64161300-e22b-11db-8314-0800200c9a66}.xpi [2012.12.10 20:29:40 | 000,002,333 | ---- | M] () -- C:\Users\Tatjana\AppData\Roaming\mozilla\firefox\profiles\7l1d02n1.default\searchplugins\askcom.xml [2013.05.26 06:21:20 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2013.05.26 06:21:00 | 000,000,000 | ---D | M] (Search Settings Plugin) -- C:\Programme\Mozilla Firefox\extensions\search@searchsettings.com [2013.05.26 06:21:01 | 000,000,000 | ---D | M] (Dealio Toolbar Plugin) -- C:\Programme\Mozilla Firefox\extensions\toolbar@dealio.com [2013.05.26 06:21:20 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\browser\extensions [2013.05.26 06:21:20 | 000,000,000 | ---D | M] (Default) -- C:\Programme\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2013.07.07 19:56:50 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\updated\extensions [2013.07.07 19:56:50 | 000,000,000 | ---D | M] (Search Settings Plugin) -- C:\Programme\Mozilla Firefox\updated\extensions\search@searchsettings.com [2013.07.07 19:56:51 | 000,000,000 | ---D | M] (Dealio Toolbar Plugin) -- C:\Programme\Mozilla Firefox\updated\extensions\toolbar@dealio.com [2013.07.07 19:56:48 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\updated\browser\extensions [2013.07.07 19:57:12 | 000,000,000 | ---D | M] (Default) -- C:\Programme\Mozilla Firefox\updated\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2010.04.22 04:50:28 | 000,124,320 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CCMSDK.dll [2010.04.22 04:53:28 | 000,070,568 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CgpCore.dll [2010.04.22 04:54:14 | 000,091,560 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\confmgr.dll [2010.04.22 04:53:56 | 000,022,440 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\ctxlogging.dll [2010.04.22 05:17:06 | 000,406,944 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npicaN.dll [2010.04.22 04:53:30 | 000,023,976 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\TcpPServ.dll [2009.01.10 20:34:19 | 000,002,194 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml ========== Chrome ========== CHR - Extension: Docs = C:\Users\Tatjana\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\ O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Programme\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.) O2 - BHO: (DealioBHO Class) - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Programme\Dealio\kb125\Dealio.dll (Vendio Services, Inc.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.) O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Programme\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.) O2 - BHO: (no name) - {c9508125-4747-4733-b048-e4b82dc9716d} - No CLSID value found. O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Programme\MSN\Toolbar\3.0.0744.0\msneshellx.dll (Microsoft Corp.) O2 - BHO: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (SearchSettings Class) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Programme\Search Settings\kb125\SearchSettings.dll (Vendio Services, Inc.) O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Programme\MSN\Toolbar\3.0.0744.0\msneshellx.dll (Microsoft Corp.) O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.) O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (no name) - {c9508125-4747-4733-b048-e4b82dc9716d} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (Dealio) - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Programme\Dealio\kb125\Dealio.dll (Vendio Services, Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (Dealio) - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Programme\Dealio\kb125\Dealio.dll (Vendio Services, Inc.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.) O4 - HKLM..\Run: [HSON] C:\Programme\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found O4 - HKLM..\Run: [NPSStartup] File not found O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [snpstd3] C:\Windows\vsnpstd3.exe () O4 - HKLM..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe (TOSHIBA) O4 - HKLM..\Run: [tsnpstd3] C:\Windows\tsnpstd3.exe (SONIX) O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [AutoStartNPSAgent] C:\Programme\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKCU..\Run: [EPSON Stylus D92 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIBZE.EXE (SEIKO EPSON CORPORATION) O4 - HKCU..\Run: [los] los File not found O4 - HKCU..\Run: [TOSCDSPD] C:\Programme\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA) O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28 O8 - Extra context menu item: Compare Prices with &Dealio - C:\Users\Tatjana\AppData\LocalLow\Dealio\kb125\res\DealioSearch.html () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Tatjana\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre7\bin\jp2iexp.dll () O9 - Extra Button: eBay - Der weltweite Online Marktplatz - {76577871-04EC-495E-A12B-91F7C3600AFA} - hxxp://rover.ebay.com/rover/1/707-44556-9400-3/4 File not found O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Amazon.de - {8A918C1D-E123-4E36-B562-5C1519E434CE} - hxxp://www.amazon.de/exec/obidos/redirect-home?tag=Toshibadebholink-21&site=home File not found O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: eBay - {C08CAF1D-C0A3-40D5-9970-06D067EAC017} - hxxp://www.webtip.ch/cgi-bin/toshiba/tracker_url_de.pl?hxxp://www.ebay.de/ File not found O9 - Extra Button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Programme\Dealio\kb125\Dealio.dll (Vendio Services, Inc.) O9 - Extra 'Tools' menuitem : Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Programme\Dealio\kb125\Dealio.dll (Vendio Services, Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: myvoithithdh.com ([www] https in Trusted sites) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{46ED818E-777C-46FA-BCE9-403AD1A52AA6}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D0DACA61-45DF-496A-93A2-362873DBB8BA}: DhcpNameServer = 82.212.62.62 78.42.43.62 O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Programme\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Tatjana\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Tatjana\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2010.12.13 00:55:42 | 000,000,000 | ---D | M] - E:\Auto -- [ NTFS ] O33 - MountPoints2\{09e595cf-5017-11e1-9263-001b38a9bc57}\Shell - "" = AutoRun O33 - MountPoints2\{09e595cf-5017-11e1-9263-001b38a9bc57}\Shell\AutoRun\command - "" = Iomega Encryption Utility.exe O33 - MountPoints2\{5cf4ab39-c653-11de-bffc-001b38a9bc57}\Shell\AutoRun\command - "" = D:\A1\V1\try.exe O33 - MountPoints2\{5cf4ab39-c653-11de-bffc-001b38a9bc57}\Shell\open\command - "" = D:\A1\V1\try.exe O33 - MountPoints2\{975252e9-46e5-11dd-a92a-001b38a9bc57}\Shell\AutoRun\command - "" = D:\ O33 - MountPoints2\{975252e9-46e5-11dd-a92a-001b38a9bc57}\Shell\open\Command - "" = rundll32.exe .\desktop.dll,InstallM O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013.07.07 21:02:06 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Tatjana\Desktop\OTL.exe [2013.07.07 19:31:11 | 000,000,000 | ---D | C] -- C:\Users\Tatjana\AppData\Roaming\Systweak [2013.07.07 19:31:10 | 000,018,776 | ---- | C] (Systweak Inc., (www.systweak.com)) -- C:\Windows\System32\roboot.exe [2013.07.07 19:31:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro [2013.07.07 19:31:06 | 000,000,000 | ---D | C] -- C:\Program Files\RegClean Pro [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.07.07 21:08:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.07.07 21:02:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Tatjana\Desktop\OTL.exe [2013.07.07 21:00:57 | 000,000,000 | ---- | M] () -- C:\Users\Tatjana\defogger_reenable [2013.07.07 20:51:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.07.07 19:44:16 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2013.07.07 19:44:16 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2013.07.07 19:31:26 | 000,000,268 | ---- | M] () -- C:\Windows\tasks\RegClean Pro_DEFAULT.job [2013.07.07 19:31:23 | 000,000,276 | ---- | M] () -- C:\Windows\tasks\RegClean Pro_UPDATES.job [2013.07.07 19:31:08 | 000,000,858 | ---- | M] () -- C:\Users\Public\Desktop\RegClean Pro.lnk [2013.07.07 15:08:00 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.07.07 11:51:51 | 000,628,992 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.07.07 11:51:51 | 000,594,746 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.07.07 11:51:51 | 000,102,820 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.07.07 11:51:50 | 000,126,510 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.07.07 11:44:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.07.07 10:51:14 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2013.07.07 10:51:14 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2013.07.07 10:33:00 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job [2013.07.06 23:25:40 | 000,001,356 | ---- | M] () -- C:\Users\Tatjana\AppData\Local\d3d9caps.dat [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.07.07 21:00:57 | 000,000,000 | ---- | C] () -- C:\Users\Tatjana\defogger_reenable [2013.07.07 19:31:26 | 000,000,268 | ---- | C] () -- C:\Windows\tasks\RegClean Pro_DEFAULT.job [2013.07.07 19:31:23 | 000,000,276 | ---- | C] () -- C:\Windows\tasks\RegClean Pro_UPDATES.job [2013.07.07 19:31:08 | 000,000,858 | ---- | C] () -- C:\Users\Public\Desktop\RegClean Pro.lnk [2013.04.24 23:25:42 | 000,000,137 | -H-- | C] () -- C:\Users\Tatjana\AppData\Roaming\lakerda1967.sys [2013.04.24 23:25:03 | 000,010,584 | ---- | C] () -- C:\Users\Tatjana\AppData\Roaming\docXConverter (3).ini [2012.10.03 14:56:47 | 000,001,356 | ---- | C] () -- C:\Users\Tatjana\AppData\Local\d3d9caps.dat [2012.02.05 22:21:41 | 000,024,880 | ---- | C] () -- C:\Windows\System32\drivers\OXUDIDRV_x32.sys [2011.09.13 00:05:12 | 000,049,511 | ---- | C] () -- C:\Users\Tatjana\AppData\Roaming\mdbu.bin [2011.08.01 22:57:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll [2011.08.01 22:57:38 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys [2011.03.16 23:30:40 | 000,000,016 | -H-- | C] () -- C:\Program Files\mxfilerelatedcache.mxc2 [2011.02.19 12:52:05 | 000,004,096 | -H-- | C] () -- C:\Users\Tatjana\AppData\Local\keyfile3.drm [2010.09.02 23:24:44 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2008.11.08 23:49:15 | 000,000,017 | ---- | C] () -- C:\Users\Tatjana\AppData\Roaming\AVSDVDPlayer.m3u [2008.04.11 23:15:51 | 000,000,032 | ---- | C] () -- C:\ProgramData\ezsid.dat [2008.01.09 23:34:25 | 000,000,016 | -H-- | C] () -- C:\ProgramData\mxfilerelatedcache.mxc2 [2007.12.29 22:36:05 | 000,115,712 | ---- | C] () -- C:\Users\Tatjana\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2007.12.29 20:04:29 | 000,000,016 | -H-- | C] () -- C:\Users\Tatjana\AppData\Local\mxfilerelatedcache.mxc2 [2007.12.29 20:04:28 | 000,000,016 | -H-- | C] () -- C:\Users\Tatjana\AppData\Roaming\mxfilerelatedcache.mxc2 [2007.12.29 20:04:27 | 000,000,016 | -H-- | C] () -- C:\Users\Tatjana\mxfilerelatedcache.mxc2 [2007.12.29 18:28:42 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html ========== ZeroAccess Check ========== [2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 08:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both < End of report > Code:
ATTFilter OTL Extras logfile created on: 07.07.2013 21:04:56 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Tatjana\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,99 Gb Total Physical Memory | 1,13 Gb Available Physical Memory | 56,96% Memory free
4,22 Gb Paging File | 2,99 Gb Available in Paging File | 70,81% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74,52 Gb Total Space | 13,85 Gb Free Space | 18,59% Space Free | Partition Type: NTFS
Drive E: | 73,06 Gb Total Space | 9,89 Gb Free Space | 13,54% Space Free | Partition Type: NTFS
Computer Name: TATJANA-PC | User Name: Tatjana | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [CEWE FOTOSCHAU] -- "C:\Program Files\dm\dm-Fotowelt\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [dm Fotowelt] -- "C:\Program Files\dm\dm Fotowelt\dm Fotowelt.exe" "%1"
Directory [dm-Fotowelt] -- "C:\Program Files\dm\dm-Fotowelt\dm-Fotowelt.exe" "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{227E762E-CE72-4432-866E-CF566CEE4FA3}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{36F0BA77-A2F4-4411-84BF-49FAEB1A7BF7}" = rport=138 | protocol=17 | dir=out | app=system |
"{3C7CB293-3D83-4D07-8D07-645CC0FDCDC4}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{599542C6-5FD9-4652-8248-7934C1AA7894}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{5BE8FDC7-877D-42EC-8E94-A93B22CA1C51}" = rport=139 | protocol=6 | dir=out | app=system |
"{634417E3-D48F-48E4-AF6D-ECF4383CE40E}" = lport=445 | protocol=6 | dir=in | app=system |
"{884FA9D3-4273-446C-9B20-F2839390C7A6}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{B5EF2B91-86C7-497C-BC1A-703DCCC5BA38}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{C05D0378-3B07-4EF9-890C-245C866C56A7}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{C201AE87-CFC4-48E5-B0AA-A4CFCF538DF0}" = lport=137 | protocol=17 | dir=in | app=system |
"{DDD0313A-0208-4270-A654-0068A5C3E88A}" = rport=445 | protocol=6 | dir=out | app=system |
"{E0C31ED3-0E91-47BB-BB51-5A2B1FC8C643}" = rport=137 | protocol=17 | dir=out | app=system |
"{E80ECCC1-866C-4DB8-B8D1-E79C100C1C03}" = lport=139 | protocol=6 | dir=in | app=system |
"{EB169550-876E-4A14-9FCF-61B54BD18688}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F04DCAC7-82B8-464F-A9B8-DB64E482DEA6}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F2DACB7F-46F6-4FFD-8BF6-9F0BDC1602E9}" = lport=138 | protocol=17 | dir=in | app=system |
"{F48F0748-C73D-497E-BEA0-FD4E99F3A517}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{FD0A1DA7-A75A-4A92-8394-683006E1E479}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{10FFB3A5-3058-4659-B413-873382B5331B}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{2A1103EE-1E3D-441E-A820-B4EB420300D2}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{418B21CF-FFB4-4AF4-9A3A-F60A8C4A8551}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe |
"{46D76E2E-B2C5-4325-90E7-82D9A93144F8}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{4A4F36E7-D65A-40FC-968B-5E3E93D58823}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe |
"{7036B2D3-B088-42E6-B2AE-80D7DF1A1686}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{75B3D065-23E5-48CB-A66E-8472D9BC9051}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B0D3D5E3-57C4-4C22-8A60-1102F01EED9B}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{B18404B1-67EB-402A-B7D0-F9EDB0C96033}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe |
"{B8E8751D-829E-44C6-8805-153E1C092E35}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe |
"{BE161041-8E43-4DFE-99EA-3216F69F05FA}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{DBE0C143-0D69-416C-9695-D2CC8C093AEF}" = dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{DE237680-B012-4EFD-9A6D-30E4C1209CFF}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{E94D7FF0-9090-495B-914A-FC9ABF0A68FE}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{F8E47D1D-8835-40B1-9E10-524981D0C649}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{F9BE5998-17DB-4951-B502-95C5CAF742A9}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"TCP Query User{7F568713-B0EF-492D-B045-28B9084E424A}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{C107B37C-EF37-4307-9599-F4A3AB8F3124}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{C4443A93-5079-4598-98D0-811852526B1A}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{CB5CF07A-29B3-422C-9093-FDD372C18E7C}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"TCP Query User{F7816C0F-9C78-4520-A3F9-4E3DCC1E041D}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{45937EAF-1111-4050-8C9C-D2BDF611DD2D}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe |
"UDP Query User{5BDCC5A1-591C-4E87-8BD1-62F2FEE8E04D}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{6F7C85C4-A301-4F2B-B981-1D4F3B8D0DE8}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"UDP Query User{7484FE41-C656-45E1-8523-7F0C16970156}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{ACBAA83E-B3DD-4053-862A-61859DCAD0C3}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{04FCD5DE-1662-4F99-BDA9-C57212113EF2}" = RemoteComms External Disk Access
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{11E568E0-3244-4BCB-875E-F334269DFDCB}" = iTunes
"{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{16E8BF9A-B419-4A44-A020-30F8CFB84B9D}" = Atheros Client Utility
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{2290A680-4083-410A-ADCC-7092C67FC052}" = Toshiba Online Product Information
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{2BC043B6-64A3-480B-8D7A-C6686671786C}" = Citrix Online Plug-in (USB)
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
"{3717C4F2-7412-4793-9BB8-D73D2817B3D6}" = USB Video/Audio Device Driver
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth
"{4937160D-9A3B-429C-A82E-645116A4EB17}" = VLC TV Player
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{585FF640-6605-4934-8F7B-D45133BB23F9}" = Iomega Encryption
"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5F9593C6-27DF-46E3-8CD7-0AA33BAFEDD8}" = Dealio Toolbar 3.2
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"{6353F7CF-B63D-4722-924E-19B2F6A94651}" = Citrix Online Plug-in (DV)
"{63BB6390-3AEB-45FC-9858-7740205B3E05}" = Citrix Online Plug-in (Web)
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{7148F0A8-6813-11D6-A77B-00B0D0142070}" = Java 2 Runtime Environment, SE v1.4.2_07
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{760B29F2-8663-419B-A025-5A55066E130B}" = Ulead Photo Express 6
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78C6A78A-8B03-48C8-A47C-78BA1FCA2307}" = TOSHIBA ConfigFree
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7E84FAC8-C518-40F9-9807-7455301D6D25}" = SamsungConnectivityCableDriver
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{842BEE12-CCCB-43F4-ABAF-CBA6DFE2583D}" = Nero BurnLite 10
"{85309D89-7BE9-4094-BB17-24999C6118FC}" = ArcSoft PhotoStudio 5.5
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8FBC9407-713D-4B8A-98D2-57210DA56049}" = MSN Toolbar
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90529245-9C54-45B5-BBB3-B180CA04F248}" = Search Settings
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel Matrix Storage Manager
"{99A4344A-C723-4661-A507-D9D939480358}" = Cisco LEAP Module
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9BFD5911-93E3-42BB-BFCD-50E4BA5B8D67}" = Cisco EAP-FAST Module
"{9D41D2EF-2D33-4CFD-8A3E-C7E6FCC3303B}" = ArcSoft ShowBiz
"{9F5FD796-86F0-4360-85F8-D54C0F5411EB}" = Steuer-Spar-Erklärung 2011
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A6D4234C-CB02-4048-AC3E-AD09404FA35A}" = Emdedded IR Driver
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB627AF2-9C7E-4DBD-816B-3B2646B81E89}" = Nero BurnLite 10
"{AC599724-5755-48C1-ABE7-ABB857652930}" = PC Connectivity Solution
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.7) - Deutsch
"{AEB61F7A-4BBA-4292-A096-7893E09034A4}" = Steuer-Spar-Erklärung 2013
"{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}" = AAVUpdateManager
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
"{B991B020-2968-11D8-AF23-444553540000}_is1" = FreeMind
"{BC9914AE-D4E7-46EF-830A-F5A8F5AC41EA}" = Citrix Online Plug-in (HDX)
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{CCD2BAD2-0919-40CB-80CC-E9538B0E4C2E}" = Steuer-Spar-Erklärung 2012
"{CD344FA5-6657-47CD-940F-8727EED35595}" = Cisco PEAP Module
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D8E1DFEE-622B-46BA-AEFF-AB7E541C0B21}" = Steuer-Spar-Erklärung 2010
"{E14ADE0E-75F3-4A46-87E5-26692DD626EC}" = Apple Mobile Device Support
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9-Reihe
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{ECD03DA7-5952-406A-8156-5F0C93618D1F}" = USB PC Camera Plus
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F7B05784-334C-4F76-8BAB-30ABEB7FD534}" = TIPCI
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"3A5DEFA413DDE699DBA6EBE0A63534ACA524D30F" = Windows-Treiberpaket - Nokia pccsmcfd (10/12/2007 6.85.4.0)
"7-Zip" = 7-Zip 4.57
"A6BCA7876CD547CFB5821019998F044515D81B74" = Windows-Treiberpaket - Hewlett-Packard Image (04/27/2007 9.0.0.0)
"AD Sound Recorder_is1" = AD Sound Recorder 5.1.2
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Avira AntiVir Desktop" = Avira Free Antivirus
"AVS DVD Player_is1" = AVS DVD Player version 2.4
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.2
"Canon MP510 Benutzerregistrierung" = Canon MP510 Benutzerregistrierung
"CitrixOnlinePluginPackWeb" = Citrix Online Plug-in - Web
"CutePDF Writer Installation" = CutePDF Writer 2.7
"DIVXCodec" = nAVI Vx3 MPEG-4 Codec
"dm Fotowelt" = dm Fotowelt
"dm-Fotowelt" = dm-Fotowelt
"docXConverter3_is1" = docXConverter 3.1.2
"DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"FileZilla Client" = FileZilla Client 3.0.5.2
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.33
"Google Chrome" = Google Chrome
"Google Updater" = Google Updater
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisorkennwort
"InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"InstallShield_{A6D4234C-CB02-4048-AC3E-AD09404FA35A}" = Emdedded IR Driver
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"InstallShield_{F7B05784-334C-4F76-8BAB-30ABEB7FD534}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Lidl-Fotos_is1" = Lidl-Fotos
"MAGIX Xtreme Foto Designer 6 D" = MAGIX Xtreme Foto Designer 6 6.0.19.0 (D)
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 21.0 (x86 de)" = Mozilla Firefox 21.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"OggDS" = Direct Show Ogg Vorbis Filter (remove only)
"PDF4Free_is1" = PDF4Free 2.0
"PHPNukeDE Toolbar" = PHPNukeDE Toolbar
"PICVideo Codecs" = PICVideo Codecs
"RegClean Pro_is1" = RegClean Pro
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile Modem Device" = Samsung Mobile Modem Device Software
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"SAMSUNG USB Mobile Device" = SAMSUNG USB Mobile Device Software
"setup" = setup (Remove only)
"The Best Movie Player_is1" = The Best Movie Player 1.56
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.1.8
"Winamp3" = Winamp3 (remove only)
"Windows Media Encoder 9" = Windows Media Encoder 9-Reihe
"WinRAR archiver" = WinRAR
"XviD" = XviD-1.0-RC1 Video Codec 25012004 (Koepi's developer build)
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater
"CopyTrans Suite" = Nur Entfernen der CopyTrans Suite möglich
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 06.07.2013 17:32:52 | Computer Name = Tatjana-PC | Source = Avira Antivirus | ID = 4110
Description = Während der Initialisierung der Suchengine trat ein unbekannter Fehler
auf! Fehlercode: 0x35
Error - 06.07.2013 17:38:53 | Computer Name = Tatjana-PC | Source = Avira Antivirus | ID = 4110
Description = Während der Initialisierung der Suchengine trat ein unbekannter Fehler
auf! Fehlercode: 0x35
Error - 06.07.2013 17:39:18 | Computer Name = Tatjana-PC | Source = Avira Antivirus | ID = 4110
Description = Während der Initialisierung der Suchengine trat ein unbekannter Fehler
auf! Fehlercode: 0x35
Error - 06.07.2013 17:39:27 | Computer Name = Tatjana-PC | Source = Avira Antivirus | ID = 4110
Description = Während der Initialisierung der Suchengine trat ein unbekannter Fehler
auf! Fehlercode: 0x35
Error - 06.07.2013 17:39:58 | Computer Name = Tatjana-PC | Source = Avira Antivirus | ID = 4110
Description = Während der Initialisierung der Suchengine trat ein unbekannter Fehler
auf! Fehlercode: 0x35
Error - 06.07.2013 17:41:06 | Computer Name = Tatjana-PC | Source = Avira Antivirus | ID = 4110
Description = Während der Initialisierung der Suchengine trat ein unbekannter Fehler
auf! Fehlercode: 0x35
Error - 06.07.2013 17:41:42 | Computer Name = Tatjana-PC | Source = Avira Antivirus | ID = 4110
Description = Während der Initialisierung der Suchengine trat ein unbekannter Fehler
auf! Fehlercode: 0x35
Error - 06.07.2013 17:43:31 | Computer Name = Tatjana-PC | Source = Avira Antivirus | ID = 4118
Description = AUSNAHMEFEHLER beim Aufruf der Funktion IThread(ProtocolSrvConThread)::run()
für die Datei unknown. [ACCESS_VIOLATION Exception!! EIP = 0x73be57ba] Bitte Avira
informieren und die obige Datei übersenden!
Error - 07.07.2013 13:35:43 | Computer Name = Tatjana-PC | Source = VSS | ID = 8194
Description =
Error - 07.07.2013 15:04:38 | Computer Name = Tatjana-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung firefox.exe, Version 21.0.0.4879, Zeitstempel
0x518ec3cc, fehlerhaftes Modul xul.dll, Version 21.0.0.4879, Zeitstempel 0x518ec306,
Ausnahmecode 0xc0000005, Fehleroffset 0x001c9789, Prozess-ID 0x16ec, Anwendungsstartzeit
01ce7b35049d4633.
[ Media Center Events ]
Error - 04.04.2008 16:45:15 | Computer Name = Tatjana-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: Download von Paket MCESpotlight
gescheitert.
Error - 09.04.2008 15:37:05 | Computer Name = Tatjana-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: Download von Paket MCESpotlight
gescheitert.
Error - 25.09.2008 06:46:08 | Computer Name = Tatjana-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: Download von Paket MCESpotlight
gescheitert.
Error encountered while reading event logs.
< End of report >
Geändert von wegta (07.07.2013 um 20:41 Uhr) |
|
07.07.2013, 20:31
| #2 |
| /// the machine /// TB-Ausbilder    |  Virus - TR/Injector.agfh - durch e-Mail eingefangen hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
|
08.07.2013, 06:45
| #3 |
| | Virus - TR/Injector.agfh - durch e-Mail eingefangen Guten Morgen,
__________________vielen Dank für die schnelle Antwort. Hier die gewünschten Logfiles: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 04-07-2013
Ran by Tatjana (administrator) on 08-07-2013 07:28:10
Running from C:\Users\Tatjana\Downloads
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe
(SONIX) C:\Windows\tsnpstd3.exe
() C:\Windows\vsnpstd3.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Agere Systems) C:\Windows\system32\agrsmsvc.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\concentr.exe
(Ask) C:\Program Files\Ask.com\Updater\Updater.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(TOSHIBA) C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\w32x86\3\E_FATIBZE.EXE
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe
(Teruten) C:\Windows\system32\FsUsbExService.Exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
(Nero AG) C:\Program Files\Nero\Update\NASvc.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
(TOSHIBA Corporation) C:\Windows\system32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(Ulead Systems, Inc.) C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\wfcrun32.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apntex.exe
(Microsoft Corporation) C:\Windows\system32\conime.exe
(Microsoft Corporation) C:\Windows\system32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
() C:\Users\Tatjana\Downloads\gmer_2.1.19163.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide [1008184 2008-01-19] (Microsoft Corporation)
HKLM\...\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe -startup [581632 2007-07-10] (TOSHIBA)
HKLM\...\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe [55416 2006-12-07] (TOSHIBA Corporation)
HKLM\...\Run: [NDSTray.exe] NDSTray.exe [x]
HKLM\...\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [174872 2007-02-12] (Intel Corporation)
HKLM\...\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe [180224 2006-09-11] (Alps Electric Co., Ltd.)
HKLM\...\Run: [UCam_Menu] "C:\Program Files\\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\\HomeCinema\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0" [218408 2008-12-03] (CyberLink Corp.)
HKLM\...\Run: [tsnpstd3] C:\Windows\tsnpstd3.exe [262144 2007-03-30] (SONIX)
HKLM\...\Run: [snpstd3] C:\Windows\vsnpstd3.exe [843776 2006-09-18] ()
HKLM\...\Run: [RtHDVCpl] RtHDVCpl.exe [x]
HKLM\...\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM\...\Run: [NPSStartup] [x]
HKLM\...\Run: [ConnectionCenter] "C:\Program Files\Citrix\ICA Client\concentr.exe" /startup [103848 2010-04-22] (Citrix Systems, Inc.)
HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [] [x]
HKLM\...\Run: [ApnUpdater] "C:\Program Files\Ask.com\Updater\Updater.exe" [1644680 2013-02-08] (Ask)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM\...\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min [345144 2013-07-06] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [152392 2013-05-15] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2013-05-01] (Apple Inc.)
HKCU\...\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun [1233920 2009-04-11] (Microsoft Corporation)
HKCU\...\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [413696 2006-11-13] (TOSHIBA)
HKCU\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [125952 2008-01-19] (Microsoft Corporation)
HKCU\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [68856 2008-05-22] (Google Inc.)
HKCU\...\Run: [los] los [x]
HKCU\...\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe [102400 2011-08-02] (Samsung Electronics Co., Ltd.)
HKCU\...\Run: [EPSON Stylus D92 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIBZE.EXE /FU "C:\Windows\TEMP\E_S696D.tmp" /EF "HKCU" [120 2012-09-07] () <===== ATTENTION
HKCU\...\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-19] (Microsoft Corporation)
MountPoints2: {09e595cf-5017-11e1-9263-001b38a9bc57} - Iomega Encryption Utility.exe
MountPoints2: {5cf4ab39-c653-11de-bffc-001b38a9bc57} - D:\A1\V1\try.exe
MountPoints2: {975252e9-46e5-11dd-a92a-001b38a9bc57} - D:\
HKU\Default\...\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [ 2006-11-13] (TOSHIBA)
HKU\Gast\...\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [ 2006-11-13] (TOSHIBA)
HKU\Gast\...\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [ 2008-05-22] (Google Inc.)
Startup: C:\ProgramData\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 2.4.lnk
ShortcutTarget: OpenOffice.org 2.4.lnk -> C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe (No File)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.de
URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
URLSearchHook: (No Name) - {c9508125-4747-4733-b048-e4b82dc9716d} - No File
URLSearchHook: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
HKLM SearchScopes: DefaultScope {C542132D-BB49-42E4-A42D-8C4037B1451A} URL = hxxp://www.google.de/search?q={searchTerms}&rls=com.microsoft:*:IE-SearchBox&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7;
SearchScopes: HKLM - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2102572
SearchScopes: HKLM - {C542132D-BB49-42E4-A42D-8C4037B1451A} URL = hxxp://www.google.de/search?q={searchTerms}&rls=com.microsoft:*:IE-SearchBox&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7;
SearchScopes: HKCU - {2144CC6D-CF6D-4E91-9FC3-8E392DF3ACB0} URL = hxxp://search.yahoo.com/search?ei=utf-8&fr=vmn&type=vendio&p={searchTerms}
SearchScopes: HKCU - {237FBBDA-CCCF-4DBD-98DC-54240CA101F0} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=3519590D-4F44-434E-93BB-F2BA9F8F8F94&apn_sauid=2F197BFF-10B6-449E-A9C4-3DEDCB7EB212
SearchScopes: HKCU - {39509AB5-7B02-46EB-A0DD-376CA8FA72C1} URL = hxxp://www.dealio.com/products.html?kwd={searchTerms}
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2102572
BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Program Files\Dealio\kb125\Dealio.dll (Vendio Services, Inc.)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
BHO: Skype Plug-In - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.)
BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
BHO: No Name - {c9508125-4747-4733-b048-e4b82dc9716d} - No File
BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.0744.0\msneshellx.dll (Microsoft Corp.)
BHO: No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb125\SearchSettings.dll (Vendio Services, Inc.)
Toolbar: HKLM - Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb125\Dealio.dll (Vendio Services, Inc.)
Toolbar: HKLM - MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0744.0\msneshellx.dll (Microsoft Corp.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
Toolbar: HKLM - No Name - {c9508125-4747-4733-b048-e4b82dc9716d} - No File
Toolbar: HKLM - DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
Toolbar: HKLM - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
Toolbar: HKCU -Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb125\Dealio.dll (Vendio Services, Inc.)
Toolbar: HKCU -Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
Toolbar: HKCU -No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
Toolbar: HKCU -No Name - {C9508125-4747-4733-B048-E4B82DC9716D} - No File
Toolbar: HKCU -DVDVideoSoftTB Toolbar - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: msdaipp - No CLSID Value -
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\Skype4COM.dll (Skype Technologies)
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Tatjana\AppData\Roaming\Mozilla\Firefox\Profiles\7l1d02n1.default
FF user.js: detected! => C:\Users\Tatjana\AppData\Roaming\Mozilla\Firefox\Profiles\7l1d02n1.default\user.js
FF SelectedSearchEngine: Ask.com
FF Homepage: hxxp://de.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:de:official
FF Keyword.URL: hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=ORJ&o=&locale=&apn_uid=3519590D-4F44-434E-93BB-F2BA9F8F8F94&apn_ptnrs=U3&apn_sauid=2F197BFF-10B6-449E-A9C4-3DEDCB7EB212&apn_dtid=OSJ000YYDE&&q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.17.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.17.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @pack.google.com/Google Updater;version=14 - C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=1.0.5.0 - C:\Program Files\Kartina.TV\VLC\npvlc.dll (the VideoLAN Team)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Tatjana\AppData\Roaming\Mozilla\Firefox\Profiles\7l1d02n1.default\searchplugins\askcom.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\babylon.xml
FF Extension: No Name - C:\Users\Tatjana\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
FF Extension: Deutsches Wörterbuch - C:\Users\Tatjana\AppData\Roaming\Mozilla\Firefox\Profiles\7l1d02n1.default\Extensions\de-DE@dictionaries.addons.mozilla.org
FF Extension: Conduit Engine - C:\Users\Tatjana\AppData\Roaming\Mozilla\Firefox\Profiles\7l1d02n1.default\Extensions\engine@conduit.com
FF Extension: Russian spellchecking dictionary - C:\Users\Tatjana\AppData\Roaming\Mozilla\Firefox\Profiles\7l1d02n1.default\Extensions\ru@dictionaries.addons.mozilla.org
FF Extension: Ask Toolbar - C:\Users\Tatjana\AppData\Roaming\Mozilla\Firefox\Profiles\7l1d02n1.default\Extensions\toolbar@ask.com
FF Extension: VLC Mozilla plugin - C:\Users\Tatjana\AppData\Roaming\Mozilla\Firefox\Profiles\7l1d02n1.default\Extensions\{79AB5E93-0AE2-4759-891A-3F1B322F9F9A}
FF Extension: DVDVideoSoftTB Community Toolbar - C:\Users\Tatjana\AppData\Roaming\Mozilla\Firefox\Profiles\7l1d02n1.default\Extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
FF Extension: No Name - C:\Users\Tatjana\AppData\Roaming\Mozilla\Firefox\Profiles\7l1d02n1.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
FF Extension: DownloadHelper - C:\Users\Tatjana\AppData\Roaming\Mozilla\Firefox\Profiles\7l1d02n1.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF Extension: finder - C:\Users\Tatjana\AppData\Roaming\Mozilla\Firefox\Profiles\7l1d02n1.default\Extensions\finder@meingutscheincode.de.xpi
FF Extension: No Name - C:\Users\Tatjana\AppData\Roaming\Mozilla\Firefox\Profiles\7l1d02n1.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi
FF Extension: No Name - C:\Users\Tatjana\AppData\Roaming\Mozilla\Firefox\Profiles\7l1d02n1.default\Extensions\{239cc760-75a9-4276-b1fc-c0ceb963f373}.xpi
FF Extension: No Name - C:\Users\Tatjana\AppData\Roaming\Mozilla\Firefox\Profiles\7l1d02n1.default\Extensions\{64161300-e22b-11db-8314-0800200c9a66}.xpi
FF Extension: Search Settings Plugin - C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com
FF Extension: Dealio Toolbar Plugin - C:\Program Files\Mozilla Firefox\extensions\toolbar@dealio.com
FF Extension: Default - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM\...\Firefox\Extensions: [{79AB5E93-0AE2-4759-891A-3F1B322F9F9A}] C:\Program Files\Kartina.TV\VLC\npvlc.dll
FF Extension: No Name - C:\Program Files\Kartina.TV\VLC\npvlc.dll
Chrome:
=======
CHR Extension: (Docs) - C:\Users\Tatjana\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0
========================== Services (Whitelisted) =================
R2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [84024 2013-07-06] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [108088 2013-07-06] (Avira Operations GmbH & Co. KG)
S2 gupdate1c95be91277ba91; C:\Program Files\Google\Update\GoogleUpdate.exe [133104 2009-03-05] (Google Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)
R2 NAUpdate; C:\Program Files\Nero\Update\NASvc.exe [503080 2010-05-04] (Nero AG)
R2 UleadBurningHelper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2006-08-23] (Ulead Systems, Inc.)
S2 TOSHIBA Bluetooth Service; c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [x]
==================== Drivers (Whitelisted) ====================
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [84744 2013-03-30] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135136 2013-03-30] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-03-30] (Avira Operations GmbH & Co. KG)
S3 camdrv41; C:\Windows\System32\DRIVERS\camdrv41.sys [1347584 2007-04-23] ()
S4 CplIR; C:\Windows\system32\DRIVERS\CplIR.SYS [14848 2007-03-06] (COMPAL ELECTRONIC INC.)
R3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [36608 2009-03-31] ()
R0 LPCFilter; C:\Windows\System32\DRIVERS\LPCFilter.sys [19456 2006-07-28] (COMPAL ELECTRONIC INC.)
S3 OXSDIDRV_x32; C:\Windows\System32\DRIVERS\OXSDIDRV_x32.sys [52656 2009-09-28] ()
S3 SNPSTD3; C:\Windows\System32\DRIVERS\snpstd3.sys [10246144 2007-04-13] (Sonix Co. Ltd.)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-03-11] (Avira GmbH)
S3 ss_bbus; C:\Windows\System32\DRIVERS\ss_bbus.sys [90112 2009-03-20] (MCCI)
S3 ss_bmdfl; C:\Windows\System32\DRIVERS\ss_bmdfl.sys [14976 2009-03-20] (MCCI Corporation)
S3 ss_bmdm; C:\Windows\System32\DRIVERS\ss_bmdm.sys [121856 2009-03-20] (MCCI Corporation)
S3 USB28xxBGA; C:\Windows\System32\DRIVERS\emBDA.sys [579712 2009-12-01] (eMPIA Technology, Inc.)
S3 USB28xxOEM; C:\Windows\System32\DRIVERS\emOEM.sys [543744 2009-12-01] (eMPIA Technology, Inc.)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
S3 Tosrfcom; No ImagePath
S3 TpChoice; system32\DRIVERS\TpChoice.sys [x]
U3 kglirfow; \??\C:\Users\Tatjana\AppData\Local\Temp\kglirfow.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-07-08 07:27 - 2013-07-08 07:27 - 00000000 ____D C:\FRST
2013-07-08 07:25 - 2013-07-08 07:26 - 01373373 ____A (Farbar) C:\Users\Tatjana\Downloads\FRST.exe
2013-07-08 07:19 - 2013-07-08 07:19 - 00001501 ____A C:\Users\Tatjana\Desktop\Gmer.txt
2013-07-08 07:18 - 2013-07-08 07:18 - 00001501 ____A C:\Users\Tatjana\Downloads\Gmer.txt
2013-07-07 22:00 - 2013-07-07 22:00 - 00001115 ____A C:\Users\Tatjana\Desktop\anleitung.txt
2013-07-07 21:47 - 2013-07-07 21:47 - 00377856 ____A C:\Users\Tatjana\Downloads\gmer_2.1.19163.exe
2013-07-07 21:19 - 2013-07-07 21:19 - 00049940 ____A C:\Users\Tatjana\Desktop\Extras.Txt
2013-07-07 21:16 - 2013-07-07 21:16 - 00088444 ____A C:\Users\Tatjana\Desktop\OTL.Txt
2013-07-07 21:02 - 2013-07-07 21:02 - 00602112 ____A (OldTimer Tools) C:\Users\Tatjana\Desktop\OTL.exe
2013-07-07 21:00 - 2013-07-07 21:01 - 00000476 ____A C:\Users\Tatjana\Downloads\defogger_disable.log
2013-07-07 21:00 - 2013-07-07 21:00 - 00050477 ____A C:\Users\Tatjana\Downloads\Defogger.exe
2013-07-07 21:00 - 2013-07-07 21:00 - 00000000 ____A C:\Users\Tatjana\defogger_reenable
2013-07-07 19:32 - 2013-07-07 19:32 - 00028328 ____A C:\Users\Tatjana\Desktop\AVSCAN-20130706-235619-EDF1C301.LOG
2013-07-07 19:31 - 2013-07-07 19:31 - 00000858 ____A C:\Users\Public\Desktop\RegClean Pro.lnk
2013-07-07 19:31 - 2013-07-07 19:31 - 00000276 ____A C:\Windows\Tasks\RegClean Pro_UPDATES.job
2013-07-07 19:31 - 2013-07-07 19:31 - 00000268 ____A C:\Windows\Tasks\RegClean Pro_DEFAULT.job
2013-07-07 19:31 - 2013-07-07 19:31 - 00000000 ____D C:\Users\Tatjana\AppData\Roaming\Systweak
2013-07-07 19:31 - 2013-07-07 19:31 - 00000000 ____D C:\Program Files\RegClean Pro
2013-07-07 19:31 - 2013-05-23 18:39 - 00018776 ____A (Systweak Inc., (www.systweak.com)) C:\Windows\System32\roboot.exe
2013-07-07 19:30 - 2013-07-07 19:30 - 03758488 ____A (Systweak Inc ) C:\Users\Tatjana\Downloads\rcpsetup_3335_ggde1.exe
==================== One Month Modified Files and Folders ========
2013-07-08 07:27 - 2013-07-08 07:27 - 00000000 ____D C:\FRST
2013-07-08 07:26 - 2013-07-08 07:25 - 01373373 ____A (Farbar) C:\Users\Tatjana\Downloads\FRST.exe
2013-07-08 07:24 - 2006-11-02 14:47 - 00003568 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-08 07:24 - 2006-11-02 14:47 - 00003568 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-08 07:22 - 2007-12-28 13:57 - 01879958 ____A C:\Windows\WindowsUpdate.log
2013-07-08 07:19 - 2013-07-08 07:19 - 00001501 ____A C:\Users\Tatjana\Desktop\Gmer.txt
2013-07-08 07:18 - 2013-07-08 07:18 - 00001501 ____A C:\Users\Tatjana\Downloads\Gmer.txt
2013-07-08 07:08 - 2009-07-01 10:36 - 00001098 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-08 06:51 - 2012-04-02 22:40 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-07 22:00 - 2013-07-07 22:00 - 00001115 ____A C:\Users\Tatjana\Desktop\anleitung.txt
2013-07-07 21:47 - 2013-07-07 21:47 - 00377856 ____A C:\Users\Tatjana\Downloads\gmer_2.1.19163.exe
2013-07-07 21:21 - 2013-05-26 06:20 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-07-07 21:21 - 2012-05-06 15:38 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-07-07 21:19 - 2013-07-07 21:19 - 00049940 ____A C:\Users\Tatjana\Desktop\Extras.Txt
2013-07-07 21:16 - 2013-07-07 21:16 - 00088444 ____A C:\Users\Tatjana\Desktop\OTL.Txt
2013-07-07 21:02 - 2013-07-07 21:02 - 00602112 ____A (OldTimer Tools) C:\Users\Tatjana\Desktop\OTL.exe
2013-07-07 21:01 - 2013-07-07 21:00 - 00000476 ____A C:\Users\Tatjana\Downloads\defogger_disable.log
2013-07-07 21:00 - 2013-07-07 21:00 - 00050477 ____A C:\Users\Tatjana\Downloads\Defogger.exe
2013-07-07 21:00 - 2013-07-07 21:00 - 00000000 ____A C:\Users\Tatjana\defogger_reenable
2013-07-07 21:00 - 2007-12-28 15:30 - 00000000 ____D C:\users\Tatjana
2013-07-07 19:32 - 2013-07-07 19:32 - 00028328 ____A C:\Users\Tatjana\Desktop\AVSCAN-20130706-235619-EDF1C301.LOG
2013-07-07 19:31 - 2013-07-07 19:31 - 00000858 ____A C:\Users\Public\Desktop\RegClean Pro.lnk
2013-07-07 19:31 - 2013-07-07 19:31 - 00000276 ____A C:\Windows\Tasks\RegClean Pro_UPDATES.job
2013-07-07 19:31 - 2013-07-07 19:31 - 00000268 ____A C:\Windows\Tasks\RegClean Pro_DEFAULT.job
2013-07-07 19:31 - 2013-07-07 19:31 - 00000000 ____D C:\Users\Tatjana\AppData\Roaming\Systweak
2013-07-07 19:31 - 2013-07-07 19:31 - 00000000 ____D C:\Program Files\RegClean Pro
2013-07-07 19:30 - 2013-07-07 19:30 - 03758488 ____A (Systweak Inc ) C:\Users\Tatjana\Downloads\rcpsetup_3335_ggde1.exe
2013-07-07 15:08 - 2009-07-01 10:36 - 00001094 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-07 11:51 - 2006-11-02 12:33 - 01445352 ____A C:\Windows\System32\PerfStringBackup.INI
2013-07-07 11:44 - 2006-11-02 15:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-07-07 10:51 - 2012-04-02 22:40 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-07-07 10:51 - 2011-05-23 22:49 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2013-07-07 10:33 - 2009-02-21 23:53 - 00001052 ____A C:\Windows\Tasks\Google Software Updater.job
2013-07-06 23:50 - 2006-11-02 15:01 - 00032554 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-07-06 23:31 - 2012-09-04 22:29 - 00000000 ____D C:\ProgramData\McAfee Security Scan
2013-07-06 23:31 - 2008-06-26 01:14 - 00000000 ____D C:\users\Gast
2013-07-06 23:31 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\System32\spool
2013-07-06 23:31 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\System32\Msdtc
2013-07-06 23:31 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\registration
2013-07-06 23:31 - 2006-11-02 12:22 - 47972352 ____A C:\Windows\System32\config\components_previous
2013-07-06 23:31 - 2006-11-02 12:22 - 46399488 ____A C:\Windows\System32\config\software_previous
2013-07-06 23:31 - 2006-11-02 12:22 - 35389440 ____A C:\Windows\System32\config\system_previous
2013-07-06 23:31 - 2006-11-02 12:22 - 00786432 ____A C:\Windows\System32\config\default_previous
2013-07-06 23:31 - 2006-11-02 12:22 - 00262144 ____A C:\Windows\System32\config\security_previous
2013-07-06 23:31 - 2006-11-02 12:22 - 00262144 ____A C:\Windows\System32\config\sam_previous
2013-07-06 23:25 - 2012-10-03 14:56 - 00001356 ____A C:\Users\Tatjana\AppData\Local\d3d9caps.dat
2013-06-10 21:49 - 2009-03-05 16:36 - 00000000 ____D C:\Program Files\Microsoft Silverlight
Files to move or delete:
====================
C:\ProgramData\ezsid.dat
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-07-08 00:22
==================== End Of Log ============================
--- --- --- Und Additional Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 04-07-2013
Ran by Tatjana at 2013-07-08 07:29:14
Running from C:\Users\Tatjana\Downloads
Boot Mode: Normal
==========================================================
==================== Installed Programs =======================
7-Zip 4.57
AAVUpdateManager (Version: 18.00.0000)
AD Sound Recorder 5.1.2
Adobe Flash Player 11 ActiveX (Version: 11.7.700.224)
Adobe Flash Player 11 Plugin (Version: 11.7.700.224)
Adobe Photoshop 7.0 (Version: 7.0)
Adobe Reader X (10.1.7) - Deutsch (Version: 10.1.7)
ALPS Touch Pad Driver (Version: 7.0.301.4)
Apple Application Support (Version: 2.3.4)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (Version: 2.1.3.127)
ArcSoft PhotoStudio 5.5
ArcSoft ShowBiz (Version: )
Ask Toolbar (Version: 1.15.15.0)
Ask Toolbar Updater (HKCU Version: 1.2.4.36191)
Atheros Client Utility (Version: 7.7)
Atheros Driver Installation Program (Version: 7.7)
Avira Free Antivirus (Version: 13.0.0.3737)
AVS DVD Player version 2.4
AVS4YOU Software Navigator 1.2
Bluetooth Stack for Windows by Toshiba (Version: v5.10.06(T))
Bonjour (Version: 3.0.0.10)
Canon MP510 Benutzerregistrierung
CD/DVD Drive Acoustic Silencer (Version: 2.00.02)
CDBurnerXP (Version: 4.5.1.4003)
Cisco EAP-FAST Module (Version: 2.2.10)
Cisco LEAP Module (Version: 1.0.16)
Cisco PEAP Module (Version: 1.1.3)
Citrix Online Plug-in - Web (Version: 11.2.38.1)
Citrix Online Plug-in (DV) (Version: 11.2.38.1)
Citrix Online Plug-in (HDX) (Version: 11.2.38.1)
Citrix Online Plug-in (USB) (Version: 11.2.38.1)
Citrix Online Plug-in (Web) (Version: 11.2.38.1)
Compatibility Pack für 2007 Office System (Version: 12.0.6514.5001)
CutePDF Writer 2.7
CyberLink YouCam (Version: 2.0.2604)
Dealio Toolbar 3.2
Direct Show Ogg Vorbis Filter (remove only)
dm Fotowelt
dm-Fotowelt
docXConverter 3.1.2 (Version: 3.1.2)
DVD MovieFactory for TOSHIBA (Version: 5.3)
DVDVideoSoftTB Toolbar (Version: )
Emdedded IR Driver (Version: 0.0.0.6C)
EPSON-Drucker-Software
FileZilla Client 3.0.5.2 (Version: 3.0.5.2)
Free Audio CD Burner version 1.4.7
Free YouTube to MP3 Converter version 3.9.33
FreeMind (Version: 0.7.1)
Google Chrome (Version: 27.0.1453.116)
Google Earth (Version: 7.0.3.8542)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Update Helper (Version: 1.3.21.145)
Google Updater (Version: 2.4.2432.1652)
Intel Matrix Storage Manager
Intel(R) Graphics Media Accelerator Driver
Iomega Encryption (Version: 1.00.0009)
iTunes (Version: 11.0.3.42)
Java 2 Runtime Environment, SE v1.4.2_07 (Version: 1.4.2_07)
Java 7 Update 17 (Version: 7.0.170)
Java Auto Updater (Version: 2.1.9.0)
Java(TM) SE Runtime Environment 6 (Version: 1.6.0.0)
JavaFX 2.1.1 (Version: 2.1.1)
Lidl-Fotos
MAGIX Xtreme Foto Designer 6 6.0.19.0 (D) (Version: 6.0.19.0)
McAfee Security Scan Plus (Version: 3.0.318.3)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft Office Professional Edition 2003 (Version: 11.0.5614.0)
Microsoft Silverlight (Version: 5.1.20125.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft XML Parser (Version: 8.0.7820.0)
Microsoft XML Parser (Version: 8.20.8730.4)
Mozilla Firefox 22.0 (x86 de) (Version: 22.0)
Mozilla Maintenance Service (Version: 22.0)
MSN Toolbar (Version: 3.0.744.0)
MSXML 4.0 SP2 (KB927978) (Version: 4.20.9841.0)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB941833) (Version: 4.20.9849.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
nAVI Vx3 MPEG-4 Codec
Nero BurnLite 10 (Version: 10.0.10500.5.100)
Nero BurnLite 10 (Version: 10.0.10600)
Nero Control Center 10 (Version: 10.0.13100.3.1)
Nero ControlCenter 10 Help (CHM) (Version: 1.0.10700)
Nero Core Components 10 (Version: 2.0.15100.0.1)
Nero Update (Version: 1.0.0018)
neroxml (Version: 1.0.0)
Nur Entfernen der CopyTrans Suite möglich (HKCU Version: 2.37)
PC Connectivity Solution (Version: 8.15.0.0)
PDF4Free 2.0
PHPNukeDE Toolbar (Version: )
PICVideo Codecs
QuickTime (Version: 7.74.80.86)
Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista (Version: 1.00.0000)
Realtek High Definition Audio Driver (Version: 6.0.1.5477)
RegClean Pro (Version: 6.21)
RemoteComms External Disk Access (Version: 1.25.0003)
SAMSUNG Mobile Composite Device Software
Samsung Mobile Modem Device Software
SAMSUNG Mobile Modem Driver Set
Samsung Mobile phone USB driver Software
SAMSUNG Mobile USB Modem 1.0 Software
SAMSUNG Mobile USB Modem Software
Samsung New PC Studio (Version: 1.00.0000)
SAMSUNG USB Mobile Device Software
SamsungConnectivityCableDriver (Version: 6.83.6.2.1)
Search Settings
setup (Remove only)
Skype Toolbars (Version: 5.0.4126)
Skype™ 5.0 (Version: 5.0.152)
Steuer-Spar-Erklärung 2010 (Version: 15.14)
Steuer-Spar-Erklärung 2011 (Version: 16.16)
Steuer-Spar-Erklärung 2012 (Version: 17.11)
Steuer-Spar-Erklärung 2013 (Version: 18.09)
Texas Instruments PCIxx21/x515/xx12 drivers. (Version: 1.23.0000)
The Best Movie Player 1.56
TIPCI (Version: 1.23.0000)
TOSHIBA Assist (Version: 2.01.02)
TOSHIBA ConfigFree (Version: 7.00.32)
TOSHIBA Disc Creator (Version: 2.0.0.8)
TOSHIBA DVD PLAYER (Version: 1.10.13)
TOSHIBA Extended Tiles for Windows Mobility Center (Version: 1.01.00)
TOSHIBA Flash Cards Support Utility (Version: 1.48.0.3C)
TOSHIBA Hardware Setup (Version: 1.48.0.11C)
Toshiba Online Product Information (Version: 1.00.0012)
TOSHIBA SD Memory Utilities (Version: 1.8.1.1)
TOSHIBA Software Modem (Version: 2.1.77 (SM2177ALD04))
TOSHIBA Supervisor Password (Version: 1.48.0.8C)
TOSHIBA Supervisorkennwort (Version: 1.48.0.8C)
TOSHIBA Value Added Package (Version: 1.0.28)
Ulead Photo Express 6
Uninstall 1.0.0.1
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
USB PC Camera Plus (Version: 5.21.1.000)
USB Video/Audio Device Driver (Version: 1.00.0000)
Utility Common Driver (Version: 0.0.1.1C)
VLC media player 1.1.8 (Version: 1.1.8)
VLC TV Player (Version: 1.0.5.0)
Winamp3 (remove only)
Windows Media Encoder 9-Reihe
Windows Media Encoder 9-Reihe (Version: 9.00.3374)
Windows Media Player Firefox Plugin (Version: 1.0.0.8)
Windows-Treiberpaket - Hewlett-Packard Image (04/27/2007 9.0.0.0) (Version: 04/27/2007 9.0.0.0)
Windows-Treiberpaket - Nokia pccsmcfd (10/12/2007 6.85.4.0) (Version: 10/12/2007 6.85.4.0)
WinRAR
XviD-1.0-RC1 Video Codec 25012004 (Koepi's developer build)
==================== Restore Points =========================
07-07-2013 11:19:52 Geplanter Prüfpunkt
07-07-2013 17:35:44 RegClean Pro So, Jul 07, 13 19:35
==================== Hosts content: ==========================
2006-11-02 12:23 - 2006-09-18 23:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost
==================== Scheduled Tasks (whitelisted) =============
Task: {0C1B0322-0AF9-4D1C-B4F4-2FB8DEBA2A81} - System32\Tasks\{C00BC9E2-68BE-4863-85C6-BEB651090619} => C:\Program Files\Skype\Phone\Skype.exe [2010-10-11] (Skype Technologies S.A.)
Task: {0F2E7EA0-2917-476A-83AA-986A2DECABC4} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-07] (Adobe Systems Incorporated)
Task: {1A1627A1-9597-4AB9-9586-D3BDAF2C0476} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2009-03-05] (Google Inc.)
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {1D1414A2-781D-4413-B43D-A7D54F2C3986} - System32\Tasks\Microsoft\Windows\Defrag\ManualDefrag => C:\Windows\system32\defrag.exe [2008-01-19] (Microsoft Corp.)
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {3C5268C2-1056-4664-A889-4ED04FFBA0D2} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Tatjana => C:\Program Files\Windows Calendar\WinCal.exe [2009-04-11] (Microsoft Corporation)
Task: {4135B5EC-B7B1-4988-82B8-79387DB31623} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-12] (Microsoft Corporation)
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-19] (Microsoft Corporation)
Task: {44A1ED32-70D4-4948-B35B-6817ED38DE66} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Signature Update => c:\program files\windows defender\MpCmdRun.exe [2008-01-19] (Microsoft Corporation)
Task: {47426A7D-1F81-4BEE-A9B3-5F52BB4149FF} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {53764138-972B-4E8F-BE59-3E3D1B3C2AE1} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\schtasks.exe [2008-01-19] (Microsoft Corporation)
Task: {56BECC93-877B-460D-9FC2-28964418937F} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe [2008-01-19] (Microsoft Corporation)
Task: {5B157DEB-9C16-43B0-9897-560365AFB9E6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2009-03-05] (Google Inc.)
Task: {7ECE0A5F-C021-4B56-BFC8-9FF141327C24} - System32\Tasks\RegClean Pro_UPDATES => C:\Program Files\RegClean Pro\RegCleanPro.exe [2013-05-23] (Systweak Inc)
Task: {8570BA4D-6619-47B6-8CBB-DCA94A3D1177} - System32\Tasks\RegClean Pro_DEFAULT => C:\Program Files\RegClean Pro\RegCleanPro.exe [2013-05-23] (Systweak Inc)
Task: {9216D997-716E-4B62-B210-4EE5EB05F8F3} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files\Ask.com\UpdateTask.exe [2013-02-08] ()
Task: {A61555D3-7840-45C1-A5A9-0D49851DE37A} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\OptinNotification => C:\Windows\System32\wsqmcons.exe [2008-01-19] (Microsoft Corporation)
Task: {C4D9501B-D82F-49EB-B295-5989BE53EFA2} - System32\Tasks\Google Software Updater => C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-09-14] (Google)
Task: {CC7904EC-79BD-4A44-8708-C4F661387677} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {D7D62815-2414-4E57-B7DD-6089A8244332} - System32\Tasks\RegClean Pro => C:\Program Files\RegClean Pro\RegCleanPro.exe [2013-05-23] (Systweak Inc)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-05] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Google Software Updater.job => C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\RegClean Pro_DEFAULT.job => C:\Program Files\RegClean Pro\RegCleanPro.exe
Task: C:\Windows\Tasks\RegClean Pro_UPDATES.job => C:\Program Files\RegClean Pro\RegCleanPro.exe
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (07/07/2013 10:08:53 PM) (Source: Perflib) (User: )
Description: EmdCacheC:\Windows\system32\emdmgmt.dll4
Error: (07/07/2013 09:04:38 PM) (Source: Application Error) (User: )
Description: Fehlerhafte Anwendung firefox.exe, Version 21.0.0.4879, Zeitstempel 0x518ec3cc, fehlerhaftes Modul xul.dll, Version 21.0.0.4879, Zeitstempel 0x518ec306, Ausnahmecode 0xc0000005, Fehleroffset 0x001c9789,
Prozess-ID 0x16ec, Anwendungsstartzeit firefox.exe0.
Error: (07/07/2013 07:35:43 PM) (Source: VSS) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.
Vorgang:
Generatordaten werden gesammelt
Kontext:
Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
Generatorname: System Writer
Generatorinstanz-ID: {09c0801b-0645-47ee-b82d-fdb7c9f0a9ac}
Error: (07/06/2013 11:43:31 PM) (Source: Avira Antivirus) (User: NT-AUTORITÄT)
Description: AUSNAHMEFEHLER beim Aufruf der Funktion IThread(ProtocolSrvConThread)::run() für die Datei
unknown.
[ACCESS_VIOLATION Exception!! EIP = 0x73be57ba]
Bitte Avira informieren und die obige Datei übersenden!
Error: (07/06/2013 11:41:42 PM) (Source: Avira Antivirus) (User: NT-AUTORITÄT)
Description: Während der Initialisierung der Suchengine trat ein unbekannter Fehler auf!
Fehlercode: 0x35
Error: (07/06/2013 11:41:06 PM) (Source: Avira Antivirus) (User: NT-AUTORITÄT)
Description: Während der Initialisierung der Suchengine trat ein unbekannter Fehler auf!
Fehlercode: 0x35
Error: (07/06/2013 11:39:58 PM) (Source: Avira Antivirus) (User: NT-AUTORITÄT)
Description: Während der Initialisierung der Suchengine trat ein unbekannter Fehler auf!
Fehlercode: 0x35
Error: (07/06/2013 11:39:27 PM) (Source: Avira Antivirus) (User: NT-AUTORITÄT)
Description: Während der Initialisierung der Suchengine trat ein unbekannter Fehler auf!
Fehlercode: 0x35
Error: (07/06/2013 11:39:18 PM) (Source: Avira Antivirus) (User: NT-AUTORITÄT)
Description: Während der Initialisierung der Suchengine trat ein unbekannter Fehler auf!
Fehlercode: 0x35
Error: (07/06/2013 11:38:53 PM) (Source: Avira Antivirus) (User: NT-AUTORITÄT)
Description: Während der Initialisierung der Suchengine trat ein unbekannter Fehler auf!
Fehlercode: 0x35
System errors:
=============
Microsoft Office Sessions:
=========================
Error: (07/07/2013 10:08:53 PM) (Source: Perflib)(User: )
Description: EmdCacheC:\Windows\system32\emdmgmt.dll4
Error: (07/07/2013 09:04:38 PM) (Source: Application Error)(User: )
Description: firefox.exe21.0.0.4879518ec3ccxul.dll21.0.0.4879518ec306c0000005001c978916ec01ce7b35049d4633
Error: (07/07/2013 07:35:43 PM) (Source: VSS)(User: )
Description: 0x80070005
Vorgang:
Generatordaten werden gesammelt
Kontext:
Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
Generatorname: System Writer
Generatorinstanz-ID: {09c0801b-0645-47ee-b82d-fdb7c9f0a9ac}
Error: (07/06/2013 11:43:31 PM) (Source: Avira Antivirus)(User: NT-AUTORITÄT)
Description: unknownACCESS_VIOLATION0x73be57baIThread(ProtocolSrvConThread)::run()
Error: (07/06/2013 11:41:42 PM) (Source: Avira Antivirus)(User: NT-AUTORITÄT)
Description: 0x35
Error: (07/06/2013 11:41:06 PM) (Source: Avira Antivirus)(User: NT-AUTORITÄT)
Description: 0x35
Error: (07/06/2013 11:39:58 PM) (Source: Avira Antivirus)(User: NT-AUTORITÄT)
Description: 0x35
Error: (07/06/2013 11:39:27 PM) (Source: Avira Antivirus)(User: NT-AUTORITÄT)
Description: 0x35
Error: (07/06/2013 11:39:18 PM) (Source: Avira Antivirus)(User: NT-AUTORITÄT)
Description: 0x35
Error: (07/06/2013 11:38:53 PM) (Source: Avira Antivirus)(User: NT-AUTORITÄT)
Description: 0x35
==================== Memory info ===========================
Percentage of memory in use: 69%
Total physical RAM: 2037.69 MB
Available physical RAM: 618.16 MB
Total Pagefile: 4318.62 MB
Available Pagefile: 2490.27 MB
Total Virtual: 2047.88 MB
Available Virtual: 1897.18 MB
==================== Drives ================================
Drive c: (Vista) (Fixed) (Total:74.52 GB) (Free:13.62 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive e: (Data) (Fixed) (Total:73.06 GB) (Free:9.89 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 149 GB) (Disk ID: 9A18B4B6)
Partition 1: (Not Active) - (Size=1 GB) - (Type=27)
Partition 2: (Active) - (Size=75 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=73 GB) - (Type=07 NTFS)
==================== End Of Log ============================
|
|
08.07.2013, 08:16
| #4 | |
| /// the machine /// TB-Ausbilder | Virus - TR/Injector.agfh - durch e-Mail eingefangenCombofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!Downloade dir bitte Combofix vom folgenden Downloadspiegel Link 1 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
08.07.2013, 19:57
| #5 |
| | Virus - TR/Injector.agfh - durch e-Mail eingefangen Hallo schrauber, anbei die nächste Logdatei: Code:
ATTFilter ComboFix 13-07-08.03 - Tatjana 08.07.2013 20:27:14.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.2038.972 [GMT 2:00]
ausgeführt von:: c:\users\Tatjana\Downloads\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Search Settings
c:\program files\Search Settings\kb125\res\ErrorPageTemplate.css
c:\program files\Search Settings\kb125\res\help.gif
c:\program files\Search Settings\kb125\res\pixel.gif
c:\program files\Search Settings\kb125\res\tab_icon.png
c:\program files\Search Settings\kb125\res\tabdata.js
c:\program files\Search Settings\kb125\res\tablib.js
c:\program files\Search Settings\kb125\res\tabwelcome_en.html
c:\program files\Search Settings\kb125\res\toolbar_background.gif
c:\program files\Search Settings\kb125\res\vista_directions.png
c:\program files\Search Settings\kb125\res\xp_directions.png
c:\program files\Search Settings\kb125\res\yahoo_search.gif
c:\program files\Search Settings\kb125\SearchSettings.dll
c:\program files\Search Settings\SearchSettings.exe
c:\users\Tatjana\AppData\Local\Microsoft\Windows\Temporary Internet Files\mxfilerelatedcache.mxc2
c:\users\Tatjana\AppData\Roaming\Microsoft\Windows\Recent\mxfilerelatedcache.mxc2
c:\users\Tatjana\Favorites\mxfilerelatedcache.mxc2
c:\windows\IsUn0407.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-06-08 bis 2013-07-08 ))))))))))))))))))))))))))))))
.
.
2013-07-08 05:27 . 2013-07-08 05:27 -------- d-----w- C:\FRST
2013-07-07 17:31 . 2013-07-07 17:31 -------- d-----w- c:\users\Tatjana\AppData\Roaming\Systweak
2013-07-07 17:31 . 2013-05-23 16:39 18776 ----a-w- c:\windows\system32\roboot.exe
2013-07-07 17:31 . 2013-07-07 17:31 -------- d-----w- c:\program files\RegClean Pro
2013-07-06 22:59 . 2013-07-06 22:59 60872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0ECECF73-24C2-4234-9C8B-9FDB5189E595}\offreg.dll
2013-07-06 22:20 . 2013-06-17 00:10 7068072 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0ECECF73-24C2-4234-9C8B-9FDB5189E595}\mpengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-07 08:51 . 2012-04-02 20:40 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-07-07 08:51 . 2011-05-23 20:49 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-02 00:06 . 2009-10-02 18:32 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-05-01 01:59 . 2013-05-01 01:59 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2013-05-01 01:59 . 2013-05-01 01:59 69632 ----a-w- c:\windows\system32\QuickTime.qts
2013-04-24 21:31 . 2013-04-24 21:25 137 ---ha-w- c:\users\Tatjana\AppData\Roaming\lakerda1967.sys
2010-04-22 02:50 . 2013-05-26 04:21 124320 ----a-w- c:\program files\mozilla firefox\plugins\CCMSDK.dll
2010-04-22 02:55 . 2013-05-26 04:21 13216 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
2010-04-22 02:53 . 2013-05-26 04:21 70568 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
2010-04-22 02:54 . 2013-05-26 04:21 91560 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll
2010-04-22 02:53 . 2013-05-26 04:21 22440 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll
2010-04-22 02:51 . 2013-05-26 04:21 255392 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
2010-04-22 02:54 . 2013-05-26 04:21 31144 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll
2010-04-22 02:55 . 2013-05-26 04:21 40360 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
2010-04-22 01:25 . 2013-05-26 04:21 652640 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2010-04-22 02:53 . 2013-05-26 04:21 23976 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2013-02-08 1520776]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\tbDVDV.dll" [2010-04-27 2393184]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
2010-04-27 09:08 2393184 ----a-w- c:\program files\DVDVideoSoftTB\tbDVDV.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\tbDVDV.dll" [2010-04-27 2393184]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{872B5B88-9DB5-4310-BDD0-AC189557E5F5}"= "c:\program files\DVDVideoSoftTB\tbDVDV.dll" [2010-04-27 2393184]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"los"="los" [X]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2006-11-13 413696]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-22 68856]
"AutoStartNPSAgent"="c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe" [2011-08-01 102400]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"topi"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2007-07-10 581632]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-09-20 154136]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2006-12-07 55416]
"NDSTray.exe"="NDSTray.exe" [BU]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-02-12 174872]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2006-09-11 180224]
"UCam_Menu"="c:\program files\\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]
"tsnpstd3"="c:\windows\tsnpstd3.exe" [2007-03-30 262144]
"snpstd3"="c:\windows\vsnpstd3.exe" [2006-09-18 843776]
"RtHDVCpl"="RtHDVCpl.exe" [2007-09-03 4702208]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2010-04-22 103848]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2013-02-08 1644680]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2013-07-06 345144]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-05-15 152392]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2013-05-01 421888]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.0.318\SSScheduler.exe [2013-2-5 272248]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-07-06 21:36 1165776 ----a-w- c:\program files\Google\Chrome\Application\27.0.1453.116\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-07-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 08:51]
.
2013-07-07 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-04-11 20:50]
.
2013-07-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-12-11 13:09]
.
2013-07-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-12-11 13:09]
.
2013-07-08 c:\windows\Tasks\RegClean Pro_DEFAULT.job
- c:\program files\RegClean Pro\RegCleanPro.exe [2013-07-07 16:39]
.
2013-07-08 c:\windows\Tasks\RegClean Pro_UPDATES.job
- c:\program files\RegClean Pro\RegCleanPro.exe [2013-07-07 16:39]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
uInternet Settings,ProxyOverride = *.local
IE: Compare Prices with &Dealio - c:\users\Tatjana\AppData\LocalLow\Dealio\kb125\res\DealioSearch.html
IE: Free YouTube to MP3 Converter - c:\users\Tatjana\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: myvoithithdh.com\www
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Tatjana\AppData\Roaming\Mozilla\Firefox\Profiles\7l1d02n1.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://de.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:de:official
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=ORJ&o=&locale=&apn_uid=3519590D-4F44-434E-93BB-F2BA9F8F8F94&apn_ptnrs=U3&apn_sauid=2F197BFF-10B6-449E-A9C4-3DEDCB7EB212&apn_dtid=OSJ000YYDE&&q=
FF - ExtSQL: !HIDDEN! 2009-09-07 14:46; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - user.js: yahoo.homepage.dontask - true
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{c9508125-4747-4733-b048-e4b82dc9716d} - (no file)
BHO-{c9508125-4747-4733-b048-e4b82dc9716d} - (no file)
Toolbar-{c9508125-4747-4733-b048-e4b82dc9716d} - (no file)
WebBrowser-{C9508125-4747-4733-B048-E4B82DC9716D} - (no file)
HKLM-Run-NPSStartup - (no file)
c:\users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 2.4.lnk - c:\program files\OpenOffice.org 2.4\program\quickstart.exe
SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-Adobe Photoshop 7.0 - c:\windows\ISUN0407.EXE
AddRemove-DIVXCodec - c:\windows\rundll.exe
AddRemove-dm Fotowelt - c:\program files\dm\dm Fotowelt\uninstall.exe
AddRemove-setup - c:\windows\rundll32.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2013-07-08 20:37
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
TOSCDSPD = c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe?/i????????F????8???`????????????
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-3774781745-2175987653-290612643-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*m*p*3*cÛl4\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2013-07-08 20:40:04
ComboFix-quarantined-files.txt 2013-07-08 18:40
.
Vor Suchlauf: 8 Verzeichnis(se), 18.341.896.192 Bytes frei
Nach Suchlauf: 12 Verzeichnis(se), 18.928.508.928 Bytes frei
.
- - End Of File - - 13221F506AD246F39D6A84E203C515A7
5C616939100B85E558DA92B899A0FC36
Danke und Gruß wegta |
|
08.07.2013, 21:23
| #6 |
| /// the machine /// TB-Ausbilder | Virus - TR/Injector.agfh - durch e-Mail eingefangen Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST Log bitte.
__________________ --> Virus - TR/Injector.agfh - durch e-Mail eingefangen |
|
08.07.2013, 21:50
| #7 |
| | Virus - TR/Injector.agfh - durch e-Mail eingefangen hier schon mal logfile von AdwCleaner Code:
ATTFilter # AdwCleaner v2.304 - Datei am 08/07/2013 um 22:42:12 erstellt
# Aktualisiert am 03/07/2013 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzer : Tatjana - TATJANA-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Tatjana\Downloads\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\Program Files\Mozilla Firefox\Extensions\search@searchsettings.com
Datei Gelöscht : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
Datei Gelöscht : C:\Users\Tatjana\AppData\Roaming\Mozilla\Firefox\Profiles\7l1d02n1.default\searchplugins\Askcom.xml
Datei Gelöscht : C:\Windows\system32\roboot.exe
Datei Gelöscht : C:\Windows\Tasks\RegClean Pro_DEFAULT.job
Datei Gelöscht : C:\Windows\Tasks\RegClean Pro_UPDATES.job
Ordner Gelöscht : C:\Program Files\Ask.com
Ordner Gelöscht : C:\Program Files\Common Files\DVDVideoSoft\TB
Ordner Gelöscht : C:\Program Files\Conduit
Ordner Gelöscht : C:\Program Files\Dealio
Ordner Gelöscht : C:\Program Files\DVDVideoSoftTB
Ordner Gelöscht : C:\Program Files\PHPNukeDE
Ordner Gelöscht : C:\Program Files\RegClean Pro
Ordner Gelöscht : C:\ProgramData\Ask
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dealio
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro
Ordner Gelöscht : C:\Users\Gast\AppData\Local\Babylon
Ordner Gelöscht : C:\Users\Gast\AppData\LocalLow\Dealio
Ordner Gelöscht : C:\Users\Gast\AppData\LocalLow\Search Settings
Ordner Gelöscht : C:\Users\Gast\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\Tatjana\AppData\Local\APN
Ordner Gelöscht : C:\Users\Tatjana\AppData\LocalLow\AskToolbar
Ordner Gelöscht : C:\Users\Tatjana\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\Tatjana\AppData\LocalLow\Dealio
Ordner Gelöscht : C:\Users\Tatjana\AppData\LocalLow\DVDVideoSoftTB
Ordner Gelöscht : C:\Users\Tatjana\AppData\LocalLow\PHPNukeDE
Ordner Gelöscht : C:\Users\Tatjana\AppData\LocalLow\PriceGong
Ordner Gelöscht : C:\Users\Tatjana\AppData\LocalLow\Search Settings
Ordner Gelöscht : C:\Users\Tatjana\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gelöscht : C:\Users\Tatjana\AppData\Roaming\Mozilla\Firefox\Profiles\7l1d02n1.default\Conduit
Ordner Gelöscht : C:\Users\Tatjana\AppData\Roaming\Mozilla\Firefox\Profiles\7l1d02n1.default\ConduitEngine
Ordner Gelöscht : C:\Users\Tatjana\AppData\Roaming\Mozilla\Firefox\Profiles\7l1d02n1.default\CT2269050
Ordner Gelöscht : C:\Users\Tatjana\AppData\Roaming\Mozilla\Firefox\Profiles\7l1d02n1.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
Ordner Gelöscht : C:\Users\Tatjana\AppData\Roaming\Mozilla\Firefox\Profiles\7l1d02n1.default\extensions\{ACAA314B-EEBA-48E4-AD47-84E31C44796C}
Ordner Gelöscht : C:\Users\Tatjana\AppData\Roaming\Mozilla\Firefox\Profiles\7l1d02n1.default\extensions\engine@conduit.com
Ordner Gelöscht : C:\Users\Tatjana\AppData\Roaming\Mozilla\Firefox\Profiles\7l1d02n1.default\extensions\toolbar@ask.com
Ordner Gelöscht : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\APN
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\AskToolbar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\DVDVideoSoftTB
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\PHPNukeDE
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\PriceGong
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Toolbar
Schlüssel Gelöscht : HKCU\Software\Ask.com
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\Dealio
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\Search Settings
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\MenuExt\compare prices with &dealio
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DVDVideoSoftTB Toolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\PHPNukeDE Toolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{164CCE7E-A495-4CC8-B133-155CAE7253A8}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4F0D88DE-F699-4FB8-8D1D-EA4D1B52B15C}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6A87B991-A31F-4130-AE72-6D0C294BF082}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5699601A-A38F-4D45-B510-A34273A7459B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6A87B991-A31F-4130-AE72-6D0C294BF082}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E908B145-C847-4E85-B315-07E2E70DECF8}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gelöscht : HKCU\Software\Search Settings
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKLM\Software\APN
Schlüssel Gelöscht : HKLM\Software\AskToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{164CCE7E-A495-4CC8-B133-155CAE7253A8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{4F0D88DE-F699-4FB8-8D1D-EA4D1B52B15C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5699601A-A38F-4D45-B510-A34273A7459B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5C00A371-2011-4AF3-97C8-6CE66AA744CB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6A87B991-A31F-4130-AE72-6D0C294BF082}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{9F038672-0425-4792-BC9C-36DE3308E8AA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Dealio.DealioBHO
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Dealio.DealioBHO.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Dealio.DealioSearch
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Dealio.DealioSearch.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Dealio.DealioToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Dealio.DealioToolbar.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Dealio.DealioToolbarHelper
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Dealio.DealioToolbarHelper.1
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{03C390E8-B836-4B82-8D56-1BFDDC06AE8A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2C4470A2-E099-4B9E-ABFE-BBA56D046AFD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{391769AE-D8EC-45EC-967D-F5120456E514}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{39AEF150-C270-4690-AE7D-955E51BC8960}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3EDDA953-1C3B-4823-8F25-D075FBB2D2B5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B67A4CBA-520A-43DB-B03F-414E539F90EC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{CD73B1AB-3403-4E47-B196-517C57BE76A2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D5A1EF9A-7948-435D-8B87-D6A598317288}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2269050
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4C1E5902-FE99-4591-8582-2A2605462857}
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\Software\Dealio
Schlüssel Gelöscht : HKLM\Software\DVDVideoSoftTB
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{E908B145-C847-4E85-B315-07E2E70DECF8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6A87B991-A31F-4130-AE72-6D0C294BF082}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5699601A-A38F-4D45-B510-A34273A7459B}
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\120DFADEB50841F408F04D2A278F9509
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2BDF3E992C0908741B7C11F4B4E0F775
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6B3BC4CF5ECE1F54BBA174C13A1AB907
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B5BAE2ED018083A4C8DA86D6E3F4B024
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BEABAA33A5E68374DBF197F2A00CD011
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CB61AF52AD64B6B45930BE969F316720
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DVDVideoSoftTB Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PHPNukeDE Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RegClean Pro_is1
Schlüssel Gelöscht : HKLM\Software\PHPNukeDE
Schlüssel Gelöscht : HKLM\Software\Search Settings
Schlüssel Gelöscht : HKLM\SOFTWARE\Software
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{C9508125-4747-4733-B048-E4B82DC9716D}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
Wert Gelöscht : HKLM\SOFTWARE\Policies\Google\Chrome\ExtensionInstallForcelist [1]
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16457
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v22.0 (de)
Datei : C:\Users\Tatjana\AppData\Roaming\Mozilla\Firefox\Profiles\7l1d02n1.default\prefs.js
C:\Users\Tatjana\AppData\Roaming\Mozilla\Firefox\Profiles\7l1d02n1.default\user.js ... Gelöscht !
Gelöscht : user_pref("CT1460988.CTID", "CT1668860");
Gelöscht : user_pref("CT2269050..clientLogIsEnabled", false);
Gelöscht : user_pref("CT2269050..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Gelöscht : user_pref("CT2269050..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Gelöscht : user_pref("CT2269050.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Gelöscht : user_pref("CT2269050.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Gelöscht : user_pref("CT2269050.BrowserCompStateIsOpen_129681780741097243", true);
Gelöscht : user_pref("CT2269050.BrowserCompStateIsOpen_129853623028165512", true);
Gelöscht : user_pref("CT2269050.BrowserCompStateIsOpen_129881141106886992", true);
Gelöscht : user_pref("CT2269050.BrowserCompStateIsOpen_129977890572899945", true);
Gelöscht : user_pref("CT2269050.BrowserCompStateIsOpen_130100683276316706", true);
Gelöscht : user_pref("CT2269050.BrowserCompStateIsOpen_1359634297000", true);
Gelöscht : user_pref("CT2269050.CTID", "CT2269050");
Gelöscht : user_pref("CT2269050.CurrentServerDate", "8-7-2013");
Gelöscht : user_pref("CT2269050.DialogsAlignMode", "LTR");
Gelöscht : user_pref("CT2269050.DialogsGetterLastCheckTime", "Sat Jul 06 2013 23:46:07 GMT+0200");
Gelöscht : user_pref("CT2269050.DownloadReferralCookieData", "");
Gelöscht : user_pref("CT2269050.EMailNotifierPollDate", "Wed Feb 23 2011 22:09:40 GMT+0100");
Gelöscht : user_pref("CT2269050.FirstServerDate", "24-2-2011");
Gelöscht : user_pref("CT2269050.FirstTime", true);
Gelöscht : user_pref("CT2269050.FirstTimeFF3", true);
Gelöscht : user_pref("CT2269050.FirstTimeSettingsDone", true);
Gelöscht : user_pref("CT2269050.FixPageNotFoundErrors", true);
Gelöscht : user_pref("CT2269050.GroupingServerCheckInterval", 1440);
Gelöscht : user_pref("CT2269050.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Gelöscht : user_pref("CT2269050.HasUserGlobalKeys", true);
Gelöscht : user_pref("CT2269050.Initialize", true);
Gelöscht : user_pref("CT2269050.InitializeCommonPrefs", true);
Gelöscht : user_pref("CT2269050.InstallationAndCookieDataSentCount", 3);
Gelöscht : user_pref("CT2269050.InstallationType", "UnknownIntegration");
Gelöscht : user_pref("CT2269050.InstalledDate", "Wed Feb 23 2011 22:09:40 GMT+0100");
Gelöscht : user_pref("CT2269050.InvalidateCache", false);
Gelöscht : user_pref("CT2269050.IsGrouping", false);
Gelöscht : user_pref("CT2269050.IsMulticommunity", false);
Gelöscht : user_pref("CT2269050.IsOpenThankYouPage", false);
Gelöscht : user_pref("CT2269050.IsOpenUninstallPage", false);
Gelöscht : user_pref("CT2269050.LanguagePackLastCheckTime", "Mon Jul 08 2013 07:22:15 GMT+0200");
Gelöscht : user_pref("CT2269050.LanguagePackReloadIntervalMM", 1440);
Gelöscht : user_pref("CT2269050.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Gelöscht : user_pref("CT2269050.LastLogin_2.7.2.0", "Wed Feb 23 2011 22:09:50 GMT+0100");
Gelöscht : user_pref("CT2269050.LastLogin_3.12.0.7", "Fri May 04 2012 04:48:34 GMT+0200");
Gelöscht : user_pref("CT2269050.LastLogin_3.12.2.3", "Wed May 30 2012 22:34:23 GMT+0200");
Gelöscht : user_pref("CT2269050.LastLogin_3.13.0.6", "Sun Jul 01 2012 20:56:02 GMT+0200");
Gelöscht : user_pref("CT2269050.LastLogin_3.14.1.0", "Sat Aug 25 2012 18:31:16 GMT+0200");
Gelöscht : user_pref("CT2269050.LastLogin_3.15.1.0", "Sat Dec 15 2012 22:04:23 GMT+0100");
Gelöscht : user_pref("CT2269050.LastLogin_3.16.0.100", "Fri Feb 08 2013 17:11:41 GMT+0100");
Gelöscht : user_pref("CT2269050.LastLogin_3.16.0.3", "Sun Dec 30 2012 22:56:11 GMT+0100");
Gelöscht : user_pref("CT2269050.LastLogin_3.18.0.7", "Mon Jul 08 2013 20:19:54 GMT+0200");
Gelöscht : user_pref("CT2269050.LatestVersion", "3.18.0.7");
Gelöscht : user_pref("CT2269050.Locale", "en");
Gelöscht : user_pref("CT2269050.LoginCache", 4);
Gelöscht : user_pref("CT2269050.MCDetectTooltipHeight", "83");
Gelöscht : user_pref("CT2269050.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Gelöscht : user_pref("CT2269050.MCDetectTooltipWidth", "295");
Gelöscht : user_pref("CT2269050.MyStuffEnabledAtInstallation", true);
Gelöscht : user_pref("CT2269050.RadioIsPodcast", false);
Gelöscht : user_pref("CT2269050.RadioLastCheckTime", "Wed Feb 23 2011 22:09:42 GMT+0100");
Gelöscht : user_pref("CT2269050.RadioLastUpdateIPServer", "3");
Gelöscht : user_pref("CT2269050.RadioLastUpdateServer", "129132338014870000");
Gelöscht : user_pref("CT2269050.RadioMediaID", "12473383");
Gelöscht : user_pref("CT2269050.RadioMediaType", "Media Player");
Gelöscht : user_pref("CT2269050.RadioMenuSelectedID", "EBRadioMenu_CT226905012473383");
Gelöscht : user_pref("CT2269050.RadioStationName", "Hotmix%20108");
Gelöscht : user_pref("CT2269050.RadioStationURL", "hxxp://67.202.67.18:8082");
Gelöscht : user_pref("CT2269050.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...]
Gelöscht : user_pref("CT2269050.SearchFromAddressBarIsInit", true);
Gelöscht : user_pref("CT2269050.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT226[...]
Gelöscht : user_pref("CT2269050.SearchInNewTabEnabled", true);
Gelöscht : user_pref("CT2269050.SearchInNewTabIntervalMM", 1440);
Gelöscht : user_pref("CT2269050.SearchInNewTabLastCheckTime", "Mon Jul 08 2013 07:22:13 GMT+0200");
Gelöscht : user_pref("CT2269050.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Gelöscht : user_pref("CT2269050.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Gelöscht : user_pref("CT2269050.ServiceMapLastCheckTime", "Mon Jul 08 2013 07:22:15 GMT+0200");
Gelöscht : user_pref("CT2269050.SettingsCheckIntervalMin", 120);
Gelöscht : user_pref("CT2269050.SettingsLastCheckTime", "Mon Jul 08 2013 20:19:51 GMT+0200");
Gelöscht : user_pref("CT2269050.SettingsLastUpdate", "1373274061");
Gelöscht : user_pref("CT2269050.ThirdPartyComponentsInterval", 504);
Gelöscht : user_pref("CT2269050.ThirdPartyComponentsLastCheck", "Wed Feb 23 2011 22:09:35 GMT+0100");
Gelöscht : user_pref("CT2269050.ThirdPartyComponentsLastUpdate", "1246790578");
Gelöscht : user_pref("CT2269050.ToolbarShrinkedFromSetup", false);
Gelöscht : user_pref("CT2269050.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2269050");
Gelöscht : user_pref("CT2269050.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Gelöscht : user_pref("CT2269050.UserID", "UN82933339169339759");
Gelöscht : user_pref("CT2269050.ValidationData_Toolbar", 1);
Gelöscht : user_pref("CT2269050.WeatherNetwork", "");
Gelöscht : user_pref("CT2269050.WeatherPollDate", "Wed Feb 23 2011 22:09:44 GMT+0100");
Gelöscht : user_pref("CT2269050.WeatherUnit", "C");
Gelöscht : user_pref("CT2269050.alertChannelId", "666138");
Gelöscht : user_pref("CT2269050.backendstorage.ct2269050ads1", "25374225323261647325323225334125354225374225323[...]
Gelöscht : user_pref("CT2269050.backendstorage.ct2269050current_term", "");
Gelöscht : user_pref("CT2269050.backendstorage.ct2269050isadsdisabled", "66616C7365");
Gelöscht : user_pref("CT2269050.backendstorage.ct2269050sdate", "2D31");
Gelöscht : user_pref("CT2269050.clientLogIsEnabled", false);
Gelöscht : user_pref("CT2269050.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...]
Gelöscht : user_pref("CT2269050.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Gelöscht : user_pref("CT2269050.homepageProtectorEnableByLogin", true);
Gelöscht : user_pref("CT2269050.initDone", true);
Gelöscht : user_pref("CT2269050.myStuffEnabled", true);
Gelöscht : user_pref("CT2269050.myStuffPublihserMinWidth", 400);
Gelöscht : user_pref("CT2269050.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Gelöscht : user_pref("CT2269050.myStuffServiceIntervalMM", 1440);
Gelöscht : user_pref("CT2269050.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Gelöscht : user_pref("CT2269050.revertSettingsEnabled", true);
Gelöscht : user_pref("CT2269050.searchProtectorDialogDelayInSec", 10);
Gelöscht : user_pref("CT2269050.searchProtectorEnableByLogin", true);
Gelöscht : user_pref("CT2269050.testingCtid", "");
Gelöscht : user_pref("CT2269050.toolbarAppMetaDataLastCheckTime", "Mon Jul 08 2013 07:22:15 GMT+0200");
Gelöscht : user_pref("CT2269050.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...]
Gelöscht : user_pref("CT2269050.usagesFlag", 2);
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2269050/CT2269050[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/DE", "\"0\"")[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2269050", [...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.15[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.16[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.16[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.18[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2269050",[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=3/13/20[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"944[...]
Gelöscht : user_pref("CommunityToolbar.EngineHiddenByUser", true);
Gelöscht : user_pref("CommunityToolbar.EngineOwner", "ConduitEngine");
Gelöscht : user_pref("CommunityToolbar.EngineOwnerGuid", "engine@conduit.com");
Gelöscht : user_pref("CommunityToolbar.EngineOwnerToolbarId", "conduitengine");
Gelöscht : user_pref("CommunityToolbar.IsEngineShown", true);
Gelöscht : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Gelöscht : user_pref("CommunityToolbar.OriginalEngineOwner", "ConduitEngine");
Gelöscht : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "engine@conduit.com");
Gelöscht : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "conduitengine");
Gelöscht : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.pr[...]
Gelöscht : user_pref("CommunityToolbar.ToolbarsList", "CT2269050,ConduitEngine");
Gelöscht : user_pref("CommunityToolbar.ToolbarsList2", "CT2269050");
Gelöscht : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Wed May 11 2011 22:08:20 GMT+02[...]
Gelöscht : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
Gelöscht : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Sun Jul 24 2011 20:16:17 GMT+0200");
Gelöscht : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Gelöscht : user_pref("CommunityToolbar.alert.locale", "en");
Gelöscht : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Gelöscht : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Mon Jul 25 2011 21:08:12 GMT+0200");
Gelöscht : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1305622559");
Gelöscht : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Gelöscht : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Gelöscht : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Gelöscht : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Gelöscht : user_pref("CommunityToolbar.alert.userId", "dee0b63d-bbed-43d4-9465-fa2a358313ec");
Gelöscht : user_pref("CommunityToolbar.globalUserId", "0d70cbab-82cb-4ac4-b3ba-3e4b69832986");
Gelöscht : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Gelöscht : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Gelöscht : user_pref("ConduitEngine.AppTrackingLastCheckTime", "Fri Jun 17 2011 22:16:56 GMT+0200");
Gelöscht : user_pref("ConduitEngine.CTID", "ConduitEngine");
Gelöscht : user_pref("ConduitEngine.DialogsGetterLastCheckTime", "Sun Jul 24 2011 20:16:11 GMT+0200");
Gelöscht : user_pref("ConduitEngine.FirstServerDate", "05/11/2011 23");
Gelöscht : user_pref("ConduitEngine.FirstTime", true);
Gelöscht : user_pref("ConduitEngine.FirstTimeFF3", true);
Gelöscht : user_pref("ConduitEngine.HasUserGlobalKeys", true);
Gelöscht : user_pref("ConduitEngine.Initialize", true);
Gelöscht : user_pref("ConduitEngine.InitializeCommonPrefs", true);
Gelöscht : user_pref("ConduitEngine.InstalledDate", "Wed May 11 2011 22:08:26 GMT+0200");
Gelöscht : user_pref("ConduitEngine.IsMulticommunity", false);
Gelöscht : user_pref("ConduitEngine.IsOpenThankYouPage", false);
Gelöscht : user_pref("ConduitEngine.IsOpenUninstallPage", true);
Gelöscht : user_pref("ConduitEngine.LanguagePackLastCheckTime", "Mon Jul 25 2011 21:08:15 GMT+0200");
Gelöscht : user_pref("ConduitEngine.LastLogin_3.3.3.2", "Mon Jul 25 2011 21:08:13 GMT+0200");
Gelöscht : user_pref("ConduitEngine.SearchFromAddressBarIsInit", true);
Gelöscht : user_pref("ConduitEngine.SettingsLastCheckTime", "Mon Jul 25 2011 21:08:15 GMT+0200");
Gelöscht : user_pref("ConduitEngine.UserID", "UN61243109880384779");
Gelöscht : user_pref("ConduitEngine.componentAlertEnabled", false);
Gelöscht : user_pref("ConduitEngine.engineLocale", "de");
Gelöscht : user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Mon Jul 25 2011 21:08:15 GMT+0200");
Gelöscht : user_pref("ConduitEngine.globalFirstTimeInfoLastCheckTime", "Mon Jul 25 2011 21:08:15 GMT+0200");
Gelöscht : user_pref("ConduitEngine.initDone", true);
Gelöscht : user_pref("ConduitEngine.isAppTrackingManagerOn", true);
Gelöscht : user_pref("browser.search.defaultengine", "Ask.com");
Gelöscht : user_pref("browser.search.defaultenginename", "Ask.com");
Gelöscht : user_pref("browser.search.defaulturl", "hxxp://search.babylon.com/web/{searchTerms}?babsrc=browserse[...]
Gelöscht : user_pref("browser.search.order.1", "Ask.com");
Gelöscht : user_pref("browser.search.selectedEngine", "Ask.com");
Gelöscht : user_pref("extensions.asktb.ff-original-keyword-url", "");
Gelöscht : user_pref("keyword.URL", "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=ORJ&o=&locale=&apn_u[...]
Datei : C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\5hbuwwa1.default\prefs.js
[OK] Die Datei ist sauber.
-\\ Google Chrome v27.0.1453.116
Datei : C:\Users\Tatjana\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
*************************
AdwCleaner[S1].txt - [32143 octets] - [08/07/2013 22:42:13]
########## EOF - C:\AdwCleaner[S1].txt - [32204 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.7 (07.08.2013:2)
OS: Windows Vista (TM) Home Premium x86
Ran by Tatjana on 08.07.2013 at 22:53:09,12
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\systweak
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\systweak
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{237FBBDA-CCCF-4DBD-98DC-54240CA101F0}
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\Users\Tatjana\AppData\Roaming\systweak"
~~~ FireFox
Successfully deleted: [Folder] "C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com"
Successfully deleted the following from C:\Users\Tatjana\AppData\Roaming\mozilla\firefox\profiles\7l1d02n1.default\prefs.js
user_pref("extensions.speeddial.thumbnail-5-icon", "data:image/x-icon;base64,AAABAAIAEBAAAAEACABoBQAAJgAAABAQAAABACAAaAQAAI4FAAAoAAAAEAAAACAAAAABAAgAAAAAAEABAAAAAAAAAAAAAAABAA
user_pref("extensions.speeddial.thumbnail-9-icon", "data:image/vnd.microsoft.icon;base64,AAABAAEAICAAAAEAGACoDAAAFgAAACgAAAAgAAAAQAAAAAEAGAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADlxb
Emptied folder: C:\Users\Tatjana\AppData\Roaming\mozilla\firefox\profiles\7l1d02n1.default\minidumps [45 files]
~~~ Chrome
Successfully deleted: [Registry Key] hkey_local_machine\software\policies\google\chrome\extensioninstallforcelist
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 08.07.2013 at 22:55:42,69
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 04-07-2013
Ran by Tatjana (administrator) on 08-07-2013 23:01:09
Running from C:\Users\Tatjana\Downloads
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(SONIX) C:\Windows\tsnpstd3.exe
() C:\Windows\vsnpstd3.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\concentr.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(TOSHIBA) C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Agere Systems) C:\Windows\system32\agrsmsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
(Teruten) C:\Windows\system32\FsUsbExService.Exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
(Nero AG) C:\Program Files\Nero\Update\NASvc.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
(TOSHIBA Corporation) C:\Windows\system32\TODDSrv.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(Ulead Systems, Inc.) C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\wfcrun32.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Microsoft Corporation) C:\Windows\system32\wbem\unsecapp.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apntex.exe
(Microsoft Corporation) C:\Windows\system32\conime.exe
(Microsoft Corporation) C:\Windows\system32\wbem\unsecapp.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe -startup [581632 2007-07-10] (TOSHIBA)
HKLM\...\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe [55416 2006-12-07] (TOSHIBA Corporation)
HKLM\...\Run: [NDSTray.exe] NDSTray.exe [x]
HKLM\...\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [174872 2007-02-12] (Intel Corporation)
HKLM\...\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe [180224 2006-09-11] (Alps Electric Co., Ltd.)
HKLM\...\Run: [UCam_Menu] "C:\Program Files\\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\\HomeCinema\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0" [218408 2008-12-03] (CyberLink Corp.)
HKLM\...\Run: [tsnpstd3] C:\Windows\tsnpstd3.exe [262144 2007-03-30] (SONIX)
HKLM\...\Run: [snpstd3] C:\Windows\vsnpstd3.exe [843776 2006-09-18] ()
HKLM\...\Run: [RtHDVCpl] RtHDVCpl.exe [x]
HKLM\...\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM\...\Run: [ConnectionCenter] "C:\Program Files\Citrix\ICA Client\concentr.exe" /startup [103848 2010-04-22] (Citrix Systems, Inc.)
HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM\...\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min [345144 2013-07-06] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [152392 2013-05-15] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2013-05-01] (Apple Inc.)
HKCU\...\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun [1233920 2009-04-11] (Microsoft Corporation)
HKCU\...\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [413696 2006-11-13] (TOSHIBA)
HKCU\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [125952 2008-01-19] (Microsoft Corporation)
HKCU\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [68856 2008-05-22] (Google Inc.)
HKCU\...\Run: [los] los [x]
HKCU\...\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe [102400 2011-08-02] (Samsung Electronics Co., Ltd.)
HKCU\...\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-19] (Microsoft Corporation)
HKCU\...\Policies\system: [DisableRegistryTools] 0
HKCU\...\Policies\system: [DisableTaskMgr] 0
HKU\Default\...\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [ 2006-11-13] (TOSHIBA)
HKU\Gast\...\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [ 2006-11-13] (TOSHIBA)
HKU\Gast\...\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [ 2008-05-22] (Google Inc.)
Startup: C:\ProgramData\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM - {C542132D-BB49-42E4-A42D-8C4037B1451A} URL = hxxp://www.google.de/search?q={searchTerms}&rls=com.microsoft:*:IE-SearchBox&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7;
SearchScopes: HKCU - {2144CC6D-CF6D-4E91-9FC3-8E392DF3ACB0} URL = hxxp://search.yahoo.com/search?ei=utf-8&fr=vmn&type=vendio&p={searchTerms}
SearchScopes: HKCU - {39509AB5-7B02-46EB-A0DD-376CA8FA72C1} URL = hxxp://www.dealio.com/products.html?kwd={searchTerms}
BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
BHO: Skype Plug-In - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.)
BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.0744.0\msneshellx.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0744.0\msneshellx.dll (Microsoft Corp.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
Toolbar: HKCU -Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: msdaipp - No CLSID Value -
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\Skype4COM.dll (Skype Technologies)
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Tatjana\AppData\Roaming\Mozilla\Firefox\Profiles\7l1d02n1.default
FF Homepage: hxxp://de.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:de:official
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.17.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.17.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @pack.google.com/Google Updater;version=14 - C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=1.0.5.0 - C:\Program Files\Kartina.TV\VLC\npvlc.dll (the VideoLAN Team)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: No Name - C:\Users\Tatjana\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
FF Extension: Deutsches Wörterbuch - C:\Users\Tatjana\AppData\Roaming\Mozilla\Firefox\Profiles\7l1d02n1.default\Extensions\de-DE@dictionaries.addons.mozilla.org
FF Extension: Russian spellchecking dictionary - C:\Users\Tatjana\AppData\Roaming\Mozilla\Firefox\Profiles\7l1d02n1.default\Extensions\ru@dictionaries.addons.mozilla.org
FF Extension: VLC Mozilla plugin - C:\Users\Tatjana\AppData\Roaming\Mozilla\Firefox\Profiles\7l1d02n1.default\Extensions\{79AB5E93-0AE2-4759-891A-3F1B322F9F9A}
FF Extension: DownloadHelper - C:\Users\Tatjana\AppData\Roaming\Mozilla\Firefox\Profiles\7l1d02n1.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF Extension: finder - C:\Users\Tatjana\AppData\Roaming\Mozilla\Firefox\Profiles\7l1d02n1.default\Extensions\finder@meingutscheincode.de.xpi
FF Extension: No Name - C:\Users\Tatjana\AppData\Roaming\Mozilla\Firefox\Profiles\7l1d02n1.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi
FF Extension: No Name - C:\Users\Tatjana\AppData\Roaming\Mozilla\Firefox\Profiles\7l1d02n1.default\Extensions\{239cc760-75a9-4276-b1fc-c0ceb963f373}.xpi
FF Extension: No Name - C:\Users\Tatjana\AppData\Roaming\Mozilla\Firefox\Profiles\7l1d02n1.default\Extensions\{64161300-e22b-11db-8314-0800200c9a66}.xpi
FF Extension: Dealio Toolbar Plugin - C:\Program Files\Mozilla Firefox\extensions\toolbar@dealio.com
FF Extension: Default - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM\...\Firefox\Extensions: [{79AB5E93-0AE2-4759-891A-3F1B322F9F9A}] C:\Program Files\Kartina.TV\VLC\npvlc.dll
FF Extension: No Name - C:\Program Files\Kartina.TV\VLC\npvlc.dll
Chrome:
=======
CHR Extension: (Docs) - C:\Users\Tatjana\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0
========================== Services (Whitelisted) =================
R2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [84024 2013-07-06] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [108088 2013-07-06] (Avira Operations GmbH & Co. KG)
S2 gupdate1c95be91277ba91; C:\Program Files\Google\Update\GoogleUpdate.exe [133104 2009-03-05] (Google Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)
R2 NAUpdate; C:\Program Files\Nero\Update\NASvc.exe [503080 2010-05-04] (Nero AG)
R2 UleadBurningHelper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2006-08-23] (Ulead Systems, Inc.)
S2 TOSHIBA Bluetooth Service; c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [x]
==================== Drivers (Whitelisted) ====================
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [84744 2013-03-30] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135136 2013-03-30] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-03-30] (Avira Operations GmbH & Co. KG)
S3 camdrv41; C:\Windows\System32\DRIVERS\camdrv41.sys [1347584 2007-04-23] ()
S4 CplIR; C:\Windows\system32\DRIVERS\CplIR.SYS [14848 2007-03-06] (COMPAL ELECTRONIC INC.)
R3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [36608 2009-03-31] ()
R0 LPCFilter; C:\Windows\System32\DRIVERS\LPCFilter.sys [19456 2006-07-28] (COMPAL ELECTRONIC INC.)
S3 OXSDIDRV_x32; C:\Windows\System32\DRIVERS\OXSDIDRV_x32.sys [52656 2009-09-28] ()
S3 SNPSTD3; C:\Windows\System32\DRIVERS\snpstd3.sys [10246144 2007-04-13] (Sonix Co. Ltd.)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-03-11] (Avira GmbH)
S3 ss_bbus; C:\Windows\System32\DRIVERS\ss_bbus.sys [90112 2009-03-20] (MCCI)
S3 ss_bmdfl; C:\Windows\System32\DRIVERS\ss_bmdfl.sys [14976 2009-03-20] (MCCI Corporation)
S3 ss_bmdm; C:\Windows\System32\DRIVERS\ss_bmdm.sys [121856 2009-03-20] (MCCI Corporation)
S3 USB28xxBGA; C:\Windows\System32\DRIVERS\emBDA.sys [579712 2009-12-01] (eMPIA Technology, Inc.)
S3 USB28xxOEM; C:\Windows\System32\DRIVERS\emOEM.sys [543744 2009-12-01] (eMPIA Technology, Inc.)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [x]
S3 catchme; \??\C:\Users\Tatjana\AppData\Local\Temp\catchme.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
S3 Tosrfcom; No ImagePath
S3 TpChoice; system32\DRIVERS\TpChoice.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-07-08 22:55 - 2013-07-08 22:55 - 00001994 ____A C:\Users\Tatjana\Desktop\JRT.txt
2013-07-08 22:52 - 2013-07-08 22:52 - 00000000 ____D C:\Windows\ERUNT
2013-07-08 22:52 - 2013-07-08 22:52 - 00000000 ____D C:\JRT
2013-07-08 22:42 - 2013-07-08 22:42 - 00032274 ____A C:\AdwCleaner[S1].txt
2013-07-08 22:40 - 2013-07-08 22:40 - 00650027 ____A C:\Users\Tatjana\Downloads\adwcleaner.exe
2013-07-08 22:40 - 2013-07-08 22:40 - 00547139 ____A (Oleg N. Scherbakov) C:\Users\Tatjana\Downloads\JRT.exe
2013-07-08 20:40 - 2013-07-08 20:40 - 00013602 ____A C:\Users\Tatjana\Desktop\Combofix.txt
2013-07-08 20:40 - 2013-07-08 20:40 - 00013602 ____A C:\ComboFix.txt
2013-07-08 20:25 - 2011-06-26 08:45 - 00256000 ____A C:\Windows\PEV.exe
2013-07-08 20:25 - 2010-11-07 19:20 - 00208896 ____A C:\Windows\MBR.exe
2013-07-08 20:25 - 2009-04-20 06:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2013-07-08 20:25 - 2000-08-31 02:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2013-07-08 20:25 - 2000-08-31 02:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2013-07-08 20:25 - 2000-08-31 02:00 - 00098816 ____A C:\Windows\sed.exe
2013-07-08 20:25 - 2000-08-31 02:00 - 00080412 ____A C:\Windows\grep.exe
2013-07-08 20:25 - 2000-08-31 02:00 - 00068096 ____A C:\Windows\zip.exe
2013-07-08 20:24 - 2013-07-08 20:40 - 00000000 ____D C:\Qoobox
2013-07-08 20:24 - 2013-07-08 20:40 - 00000000 ____D C:\ComboFix
2013-07-08 20:24 - 2013-07-08 20:38 - 00000000 ____D C:\Windows\erdnt
2013-07-08 20:21 - 2013-07-08 20:20 - 05086946 ____A (Swearware) C:\Users\Tatjana\Desktop\ComboFix.exe
2013-07-08 20:20 - 2013-07-08 20:20 - 05086946 ____R (Swearware) C:\Users\Tatjana\Downloads\ComboFix.exe
2013-07-08 07:29 - 2013-07-08 07:29 - 00029588 ____A C:\Users\Tatjana\Desktop\FRST.txt
2013-07-08 07:29 - 2013-07-08 07:29 - 00017309 ____A C:\Users\Tatjana\Desktop\Addition.txt
2013-07-08 07:27 - 2013-07-08 07:27 - 00000000 ____D C:\FRST
2013-07-08 07:25 - 2013-07-08 07:26 - 01373373 ____A (Farbar) C:\Users\Tatjana\Downloads\FRST.exe
2013-07-08 07:19 - 2013-07-08 07:19 - 00001501 ____A C:\Users\Tatjana\Desktop\Gmer.txt
2013-07-08 07:18 - 2013-07-08 07:18 - 00001501 ____A C:\Users\Tatjana\Downloads\Gmer.txt
2013-07-07 22:00 - 2013-07-08 22:41 - 00001093 ____A C:\Users\Tatjana\Desktop\anleitung.txt
2013-07-07 21:47 - 2013-07-07 21:47 - 00377856 ____A C:\Users\Tatjana\Downloads\gmer_2.1.19163.exe
2013-07-07 21:19 - 2013-07-07 21:19 - 00049940 ____A C:\Users\Tatjana\Desktop\Extras.Txt
2013-07-07 21:16 - 2013-07-07 21:16 - 00088444 ____A C:\Users\Tatjana\Desktop\OTL.Txt
2013-07-07 21:02 - 2013-07-07 21:02 - 00602112 ____A (OldTimer Tools) C:\Users\Tatjana\Desktop\OTL.exe
2013-07-07 21:00 - 2013-07-07 21:01 - 00000476 ____A C:\Users\Tatjana\Downloads\defogger_disable.log
2013-07-07 21:00 - 2013-07-07 21:00 - 00050477 ____A C:\Users\Tatjana\Downloads\Defogger.exe
2013-07-07 21:00 - 2013-07-07 21:00 - 00000000 ____A C:\Users\Tatjana\defogger_reenable
2013-07-07 19:32 - 2013-07-07 19:32 - 00028328 ____A C:\Users\Tatjana\Desktop\AVSCAN-20130706-235619-EDF1C301.LOG
2013-07-07 19:31 - 2013-07-07 19:31 - 00000858 ____A C:\Users\Public\Desktop\RegClean Pro.lnk
2013-07-07 19:30 - 2013-07-07 19:30 - 03758488 ____A (Systweak Inc ) C:\Users\Tatjana\Downloads\rcpsetup_3335_ggde1.exe
==================== One Month Modified Files and Folders ========
2013-07-08 22:55 - 2013-07-08 22:55 - 00001994 ____A C:\Users\Tatjana\Desktop\JRT.txt
2013-07-08 22:53 - 2007-12-28 13:57 - 01952127 ____A C:\Windows\WindowsUpdate.log
2013-07-08 22:52 - 2013-07-08 22:52 - 00000000 ____D C:\Windows\ERUNT
2013-07-08 22:52 - 2013-07-08 22:52 - 00000000 ____D C:\JRT
2013-07-08 22:51 - 2012-04-02 22:40 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-08 22:51 - 2006-11-02 12:33 - 01445352 ____A C:\Windows\System32\PerfStringBackup.INI
2013-07-08 22:46 - 2009-07-01 10:36 - 00001094 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-08 22:46 - 2006-11-02 15:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-07-08 22:46 - 2006-11-02 14:47 - 00003568 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-08 22:46 - 2006-11-02 14:47 - 00003568 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-08 22:45 - 2006-11-02 15:01 - 00032554 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-07-08 22:42 - 2013-07-08 22:42 - 00032274 ____A C:\AdwCleaner[S1].txt
2013-07-08 22:42 - 2011-02-22 22:50 - 00000000 ____D C:\Program Files\Common Files\DVDVideoSoft
2013-07-08 22:41 - 2013-07-07 22:00 - 00001093 ____A C:\Users\Tatjana\Desktop\anleitung.txt
2013-07-08 22:40 - 2013-07-08 22:40 - 00650027 ____A C:\Users\Tatjana\Downloads\adwcleaner.exe
2013-07-08 22:40 - 2013-07-08 22:40 - 00547139 ____A (Oleg N. Scherbakov) C:\Users\Tatjana\Downloads\JRT.exe
2013-07-08 22:08 - 2009-07-01 10:36 - 00001098 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-08 20:46 - 2009-03-01 13:29 - 00166386 ____A C:\Windows\PFRO.log
2013-07-08 20:40 - 2013-07-08 20:40 - 00013602 ____A C:\Users\Tatjana\Desktop\Combofix.txt
2013-07-08 20:40 - 2013-07-08 20:40 - 00013602 ____A C:\ComboFix.txt
2013-07-08 20:40 - 2013-07-08 20:24 - 00000000 ____D C:\Qoobox
2013-07-08 20:40 - 2013-07-08 20:24 - 00000000 ____D C:\ComboFix
2013-07-08 20:40 - 2006-11-02 13:18 - 00000000 __RHD C:\users\Default
2013-07-08 20:40 - 2006-11-02 13:18 - 00000000 ___RD C:\users\Public
2013-07-08 20:38 - 2013-07-08 20:24 - 00000000 ____D C:\Windows\erdnt
2013-07-08 20:37 - 2006-11-02 12:23 - 00000215 ____A C:\Windows\system.ini
2013-07-08 20:20 - 2013-07-08 20:21 - 05086946 ____A (Swearware) C:\Users\Tatjana\Desktop\ComboFix.exe
2013-07-08 20:20 - 2013-07-08 20:20 - 05086946 ____R (Swearware) C:\Users\Tatjana\Downloads\ComboFix.exe
2013-07-08 20:03 - 2012-05-06 15:38 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-07-08 07:29 - 2013-07-08 07:29 - 00029588 ____A C:\Users\Tatjana\Desktop\FRST.txt
2013-07-08 07:29 - 2013-07-08 07:29 - 00017309 ____A C:\Users\Tatjana\Desktop\Addition.txt
2013-07-08 07:27 - 2013-07-08 07:27 - 00000000 ____D C:\FRST
2013-07-08 07:26 - 2013-07-08 07:25 - 01373373 ____A (Farbar) C:\Users\Tatjana\Downloads\FRST.exe
2013-07-08 07:19 - 2013-07-08 07:19 - 00001501 ____A C:\Users\Tatjana\Desktop\Gmer.txt
2013-07-08 07:18 - 2013-07-08 07:18 - 00001501 ____A C:\Users\Tatjana\Downloads\Gmer.txt
2013-07-07 21:47 - 2013-07-07 21:47 - 00377856 ____A C:\Users\Tatjana\Downloads\gmer_2.1.19163.exe
2013-07-07 21:21 - 2013-05-26 06:20 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-07-07 21:19 - 2013-07-07 21:19 - 00049940 ____A C:\Users\Tatjana\Desktop\Extras.Txt
2013-07-07 21:16 - 2013-07-07 21:16 - 00088444 ____A C:\Users\Tatjana\Desktop\OTL.Txt
2013-07-07 21:02 - 2013-07-07 21:02 - 00602112 ____A (OldTimer Tools) C:\Users\Tatjana\Desktop\OTL.exe
2013-07-07 21:01 - 2013-07-07 21:00 - 00000476 ____A C:\Users\Tatjana\Downloads\defogger_disable.log
2013-07-07 21:00 - 2013-07-07 21:00 - 00050477 ____A C:\Users\Tatjana\Downloads\Defogger.exe
2013-07-07 21:00 - 2013-07-07 21:00 - 00000000 ____A C:\Users\Tatjana\defogger_reenable
2013-07-07 21:00 - 2007-12-28 15:30 - 00000000 ____D C:\users\Tatjana
2013-07-07 19:32 - 2013-07-07 19:32 - 00028328 ____A C:\Users\Tatjana\Desktop\AVSCAN-20130706-235619-EDF1C301.LOG
2013-07-07 19:31 - 2013-07-07 19:31 - 00000858 ____A C:\Users\Public\Desktop\RegClean Pro.lnk
2013-07-07 19:30 - 2013-07-07 19:30 - 03758488 ____A (Systweak Inc ) C:\Users\Tatjana\Downloads\rcpsetup_3335_ggde1.exe
2013-07-07 10:51 - 2012-04-02 22:40 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-07-07 10:51 - 2011-05-23 22:49 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2013-07-07 10:33 - 2009-02-21 23:53 - 00001052 ____A C:\Windows\Tasks\Google Software Updater.job
2013-07-06 23:31 - 2012-09-04 22:29 - 00000000 ____D C:\ProgramData\McAfee Security Scan
2013-07-06 23:31 - 2008-06-26 01:14 - 00000000 ____D C:\users\Gast
2013-07-06 23:31 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\System32\spool
2013-07-06 23:31 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\System32\Msdtc
2013-07-06 23:31 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\registration
2013-07-06 23:31 - 2006-11-02 12:22 - 47972352 ____A C:\Windows\System32\config\components_previous
2013-07-06 23:31 - 2006-11-02 12:22 - 46399488 ____A C:\Windows\System32\config\software_previous
2013-07-06 23:31 - 2006-11-02 12:22 - 35389440 ____A C:\Windows\System32\config\system_previous
2013-07-06 23:31 - 2006-11-02 12:22 - 00786432 ____A C:\Windows\System32\config\default_previous
2013-07-06 23:31 - 2006-11-02 12:22 - 00262144 ____A C:\Windows\System32\config\security_previous
2013-07-06 23:31 - 2006-11-02 12:22 - 00262144 ____A C:\Windows\System32\config\sam_previous
2013-07-06 23:25 - 2012-10-03 14:56 - 00001356 ____A C:\Users\Tatjana\AppData\Local\d3d9caps.dat
2013-06-10 21:49 - 2009-03-05 16:36 - 00000000 ____D C:\Program Files\Microsoft Silverlight
Files to move or delete:
====================
C:\ProgramData\ezsid.dat
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-07-08 22:55
==================== End Of Log ============================
--- --- --- --- --- --- DANKE!!! |
|
09.07.2013, 07:08
| #8 |
| /// the machine /// TB-Ausbilder | Virus - TR/Injector.agfh - durch e-Mail eingefangen Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter HKCU\...\Run: [los] los [x]
SearchScopes: HKCU - {39509AB5-7B02-46EB-A0DD-376CA8FA72C1} URL = hxxp://www.dealio.com/products.html?kwd={searchTerms}
C:\ProgramData\ezsid.dat
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
ESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
09.07.2013, 19:59
| #9 |
| | Virus - TR/Injector.agfh - durch e-Mail eingefangen Hallo schrauber, ich mache weiter  Fixlog: Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 04-07-2013
Ran by Tatjana at 2013-07-09 20:55:27 Run:1
Running from C:\Users\Tatjana\Downloads
Boot Mode: Normal
==============================================
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\los => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{39509AB5-7B02-46EB-A0DD-376CA8FA72C1} => Key deleted successfully.
HKCR\CLSID\{39509AB5-7B02-46EB-A0DD-376CA8FA72C1} => Key not found.
C:\ProgramData\ezsid.dat => Moved successfully.
==== End of Fixlog ====
Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=548ad9f6d83f294fa6ae6358833cd198
# engine=14334
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-07-09 09:37:38
# local_time=2013-07-09 11:37:38 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1799 16775165 100 97 9871 144077163 2609 0
# compatibility_mode=5892 16776574 100 100 254277 210938586 0 0
# scanned=289584
# found=0
# cleaned=0
# scan_time=9032
Code:
ATTFilter Results of screen317's Security Check version 0.99.68
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Avira Desktop
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
JavaFX 2.1.1
Java 7 Update 17
Java(TM) SE Runtime Environment 6
Java 2 Runtime Environment, SE v1.4.2_07
Java version out of Date!
Adobe Flash Player 11.7.700.224
Adobe Reader 10.1.7 Adobe Reader out of Date!
Mozilla Firefox (22.0)
Google Chrome 27.0.1453.116
Google Chrome 28.0.1500.71
````````Process Check: objlist.exe by Laurent````````
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
system32 FirewallControlPanel.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 04-07-2013 (ATTENTION: FRST version is 6 days old)
Ran by Tatjana (administrator) on 10-07-2013 00:10:38
Running from C:\Users\Tatjana\Downloads
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe
(SONIX) C:\Windows\tsnpstd3.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
() C:\Windows\vsnpstd3.exe
(Agere Systems) C:\Windows\system32\agrsmsvc.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\concentr.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(TOSHIBA) C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\wfcrun32.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
(Teruten) C:\Windows\system32\FsUsbExService.Exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
(Nero AG) C:\Program Files\Nero\Update\NASvc.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
(TOSHIBA Corporation) C:\Windows\system32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(Ulead Systems, Inc.) C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Microsoft Corporation) C:\Windows\system32\wbem\unsecapp.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apntex.exe
(Microsoft Corporation) C:\Windows\system32\conime.exe
() C:\Users\Tatjana\Downloads\SecurityCheck.exe
(Microsoft Corporation) C:\Windows\system32\cmd.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe -startup [581632 2007-07-10] (TOSHIBA)
HKLM\...\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe [55416 2006-12-07] (TOSHIBA Corporation)
HKLM\...\Run: [NDSTray.exe] NDSTray.exe [x]
HKLM\...\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [174872 2007-02-12] (Intel Corporation)
HKLM\...\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe [180224 2006-09-11] (Alps Electric Co., Ltd.)
HKLM\...\Run: [UCam_Menu] "C:\Program Files\\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\\HomeCinema\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0" [218408 2008-12-03] (CyberLink Corp.)
HKLM\...\Run: [tsnpstd3] C:\Windows\tsnpstd3.exe [262144 2007-03-30] (SONIX)
HKLM\...\Run: [snpstd3] C:\Windows\vsnpstd3.exe [843776 2006-09-18] ()
HKLM\...\Run: [RtHDVCpl] RtHDVCpl.exe [x]
HKLM\...\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM\...\Run: [ConnectionCenter] "C:\Program Files\Citrix\ICA Client\concentr.exe" /startup [103848 2010-04-22] (Citrix Systems, Inc.)
HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM\...\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min [345144 2013-07-06] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [152392 2013-05-15] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2013-05-01] (Apple Inc.)
HKCU\...\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun [1233920 2009-04-11] (Microsoft Corporation)
HKCU\...\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [413696 2006-11-13] (TOSHIBA)
HKCU\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [125952 2008-01-19] (Microsoft Corporation)
HKCU\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [68856 2008-05-22] (Google Inc.)
HKCU\...\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe [102400 2011-08-02] (Samsung Electronics Co., Ltd.)
HKCU\...\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-19] (Microsoft Corporation)
HKCU\...\Policies\system: [DisableRegistryTools] 0
HKCU\...\Policies\system: [DisableTaskMgr] 0
HKU\Default\...\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [ 2006-11-13] (TOSHIBA)
HKU\Gast\...\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [ 2006-11-13] (TOSHIBA)
HKU\Gast\...\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [ 2008-05-22] (Google Inc.)
Startup: C:\ProgramData\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM - {C542132D-BB49-42E4-A42D-8C4037B1451A} URL = hxxp://www.google.de/search?q={searchTerms}&rls=com.microsoft:*:IE-SearchBox&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7;
SearchScopes: HKCU - {2144CC6D-CF6D-4E91-9FC3-8E392DF3ACB0} URL = hxxp://search.yahoo.com/search?ei=utf-8&fr=vmn&type=vendio&p={searchTerms}
BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
BHO: Skype Plug-In - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.)
BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.0744.0\msneshellx.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0744.0\msneshellx.dll (Microsoft Corp.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
Toolbar: HKCU -Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: msdaipp - No CLSID Value -
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\Skype4COM.dll (Skype Technologies)
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Tatjana\AppData\Roaming\Mozilla\Firefox\Profiles\7l1d02n1.default
FF Homepage: hxxp://de.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:de:official
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.17.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.17.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @pack.google.com/Google Updater;version=14 - C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=1.0.5.0 - C:\Program Files\Kartina.TV\VLC\npvlc.dll (the VideoLAN Team)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: No Name - C:\Users\Tatjana\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
FF Extension: Deutsches Wörterbuch - C:\Users\Tatjana\AppData\Roaming\Mozilla\Firefox\Profiles\7l1d02n1.default\Extensions\de-DE@dictionaries.addons.mozilla.org
FF Extension: Russian spellchecking dictionary - C:\Users\Tatjana\AppData\Roaming\Mozilla\Firefox\Profiles\7l1d02n1.default\Extensions\ru@dictionaries.addons.mozilla.org
FF Extension: VLC Mozilla plugin - C:\Users\Tatjana\AppData\Roaming\Mozilla\Firefox\Profiles\7l1d02n1.default\Extensions\{79AB5E93-0AE2-4759-891A-3F1B322F9F9A}
FF Extension: DownloadHelper - C:\Users\Tatjana\AppData\Roaming\Mozilla\Firefox\Profiles\7l1d02n1.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF Extension: finder - C:\Users\Tatjana\AppData\Roaming\Mozilla\Firefox\Profiles\7l1d02n1.default\Extensions\finder@meingutscheincode.de.xpi
FF Extension: No Name - C:\Users\Tatjana\AppData\Roaming\Mozilla\Firefox\Profiles\7l1d02n1.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi
FF Extension: No Name - C:\Users\Tatjana\AppData\Roaming\Mozilla\Firefox\Profiles\7l1d02n1.default\Extensions\{239cc760-75a9-4276-b1fc-c0ceb963f373}.xpi
FF Extension: No Name - C:\Users\Tatjana\AppData\Roaming\Mozilla\Firefox\Profiles\7l1d02n1.default\Extensions\{64161300-e22b-11db-8314-0800200c9a66}.xpi
FF Extension: Dealio Toolbar Plugin - C:\Program Files\Mozilla Firefox\extensions\toolbar@dealio.com
FF Extension: Default - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM\...\Firefox\Extensions: [{79AB5E93-0AE2-4759-891A-3F1B322F9F9A}] C:\Program Files\Kartina.TV\VLC\npvlc.dll
FF Extension: No Name - C:\Program Files\Kartina.TV\VLC\npvlc.dll
Chrome:
=======
CHR Extension: (Docs) - C:\Users\Tatjana\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0
========================== Services (Whitelisted) =================
R2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [84024 2013-07-06] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [108088 2013-07-06] (Avira Operations GmbH & Co. KG)
S2 gupdate1c95be91277ba91; C:\Program Files\Google\Update\GoogleUpdate.exe [133104 2009-03-05] (Google Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)
R2 NAUpdate; C:\Program Files\Nero\Update\NASvc.exe [503080 2010-05-04] (Nero AG)
R2 UleadBurningHelper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2006-08-23] (Ulead Systems, Inc.)
S2 TOSHIBA Bluetooth Service; c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [x]
==================== Drivers (Whitelisted) ====================
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [84744 2013-03-30] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135136 2013-03-30] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-03-30] (Avira Operations GmbH & Co. KG)
S3 camdrv41; C:\Windows\System32\DRIVERS\camdrv41.sys [1347584 2007-04-23] ()
S4 CplIR; C:\Windows\system32\DRIVERS\CplIR.SYS [14848 2007-03-06] (COMPAL ELECTRONIC INC.)
R3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [36608 2009-03-31] ()
R0 LPCFilter; C:\Windows\System32\DRIVERS\LPCFilter.sys [19456 2006-07-28] (COMPAL ELECTRONIC INC.)
S3 OXSDIDRV_x32; C:\Windows\System32\DRIVERS\OXSDIDRV_x32.sys [52656 2009-09-28] ()
S3 SNPSTD3; C:\Windows\System32\DRIVERS\snpstd3.sys [10246144 2007-04-13] (Sonix Co. Ltd.)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-03-11] (Avira GmbH)
S3 ss_bbus; C:\Windows\System32\DRIVERS\ss_bbus.sys [90112 2009-03-20] (MCCI)
S3 ss_bmdfl; C:\Windows\System32\DRIVERS\ss_bmdfl.sys [14976 2009-03-20] (MCCI Corporation)
S3 ss_bmdm; C:\Windows\System32\DRIVERS\ss_bmdm.sys [121856 2009-03-20] (MCCI Corporation)
S3 USB28xxBGA; C:\Windows\System32\DRIVERS\emBDA.sys [579712 2009-12-01] (eMPIA Technology, Inc.)
S3 USB28xxOEM; C:\Windows\System32\DRIVERS\emOEM.sys [543744 2009-12-01] (eMPIA Technology, Inc.)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [x]
S3 catchme; \??\C:\Users\Tatjana\AppData\Local\Temp\catchme.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
S3 Tosrfcom; No ImagePath
S3 TpChoice; system32\DRIVERS\TpChoice.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-07-09 21:01 - 2013-07-09 21:01 - 00890988 ____A C:\Users\Tatjana\Downloads\SecurityCheck.exe
2013-07-08 23:59 - 2013-05-17 01:08 - 12329984 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-07-08 23:59 - 2013-05-17 00:49 - 09738752 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-07-08 23:59 - 2013-05-17 00:39 - 01800704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-07-08 23:59 - 2013-05-17 00:28 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-07-08 23:59 - 2013-05-17 00:28 - 01104384 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-07-08 23:59 - 2013-05-17 00:27 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-07-08 23:59 - 2013-05-17 00:26 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-07-08 23:59 - 2013-05-17 00:23 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-07-08 23:59 - 2013-05-17 00:21 - 00717824 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-07-08 23:59 - 2013-05-17 00:21 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-07-08 23:59 - 2013-05-17 00:20 - 00420864 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-07-08 23:59 - 2013-05-17 00:19 - 00607744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-07-08 23:59 - 2013-05-17 00:17 - 01796096 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-07-08 23:59 - 2013-05-17 00:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-07-08 23:59 - 2013-05-17 00:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-07-08 23:59 - 2013-05-17 00:12 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-07-08 22:55 - 2013-07-08 22:55 - 00001994 ____A C:\Users\Tatjana\Desktop\JRT.txt
2013-07-08 22:52 - 2013-07-08 22:52 - 00000000 ____D C:\Windows\ERUNT
2013-07-08 22:52 - 2013-07-08 22:52 - 00000000 ____D C:\JRT
2013-07-08 22:42 - 2013-07-08 22:42 - 00032274 ____A C:\AdwCleaner[S1].txt
2013-07-08 22:40 - 2013-07-08 22:40 - 00650027 ____A C:\Users\Tatjana\Downloads\adwcleaner.exe
2013-07-08 22:40 - 2013-07-08 22:40 - 00547139 ____A (Oleg N. Scherbakov) C:\Users\Tatjana\Downloads\JRT.exe
2013-07-08 20:40 - 2013-07-08 20:40 - 00013602 ____A C:\Users\Tatjana\Desktop\Combofix.txt
2013-07-08 20:40 - 2013-07-08 20:40 - 00013602 ____A C:\ComboFix.txt
2013-07-08 20:25 - 2011-06-26 08:45 - 00256000 ____A C:\Windows\PEV.exe
2013-07-08 20:25 - 2010-11-07 19:20 - 00208896 ____A C:\Windows\MBR.exe
2013-07-08 20:25 - 2009-04-20 06:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2013-07-08 20:25 - 2000-08-31 02:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2013-07-08 20:25 - 2000-08-31 02:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2013-07-08 20:25 - 2000-08-31 02:00 - 00098816 ____A C:\Windows\sed.exe
2013-07-08 20:25 - 2000-08-31 02:00 - 00080412 ____A C:\Windows\grep.exe
2013-07-08 20:25 - 2000-08-31 02:00 - 00068096 ____A C:\Windows\zip.exe
2013-07-08 20:24 - 2013-07-08 20:40 - 00000000 ____D C:\Qoobox
2013-07-08 20:24 - 2013-07-08 20:40 - 00000000 ____D C:\ComboFix
2013-07-08 20:24 - 2013-07-08 20:38 - 00000000 ____D C:\Windows\erdnt
2013-07-08 20:21 - 2013-07-08 20:20 - 05086946 ____A (Swearware) C:\Users\Tatjana\Desktop\ComboFix.exe
2013-07-08 20:20 - 2013-07-08 20:20 - 05086946 ____R (Swearware) C:\Users\Tatjana\Downloads\ComboFix.exe
2013-07-08 07:29 - 2013-07-08 07:29 - 00029588 ____A C:\Users\Tatjana\Desktop\FRST.txt
2013-07-08 07:29 - 2013-07-08 07:29 - 00017309 ____A C:\Users\Tatjana\Desktop\Addition.txt
2013-07-08 07:27 - 2013-07-08 07:27 - 00000000 ____D C:\FRST
2013-07-08 07:25 - 2013-07-08 07:26 - 01373373 ____A (Farbar) C:\Users\Tatjana\Downloads\FRST.exe
2013-07-08 07:19 - 2013-07-08 07:19 - 00001501 ____A C:\Users\Tatjana\Desktop\Gmer.txt
2013-07-08 07:18 - 2013-07-08 07:18 - 00001501 ____A C:\Users\Tatjana\Downloads\Gmer.txt
2013-07-07 22:00 - 2013-07-09 21:00 - 00001387 ____A C:\Users\Tatjana\Desktop\anleitung.txt
2013-07-07 21:47 - 2013-07-07 21:47 - 00377856 ____A C:\Users\Tatjana\Downloads\gmer_2.1.19163.exe
2013-07-07 21:19 - 2013-07-07 21:19 - 00049940 ____A C:\Users\Tatjana\Desktop\Extras.Txt
2013-07-07 21:16 - 2013-07-07 21:16 - 00088444 ____A C:\Users\Tatjana\Desktop\OTL.Txt
2013-07-07 21:02 - 2013-07-07 21:02 - 00602112 ____A (OldTimer Tools) C:\Users\Tatjana\Desktop\OTL.exe
2013-07-07 21:00 - 2013-07-07 21:01 - 00000476 ____A C:\Users\Tatjana\Downloads\defogger_disable.log
2013-07-07 21:00 - 2013-07-07 21:00 - 00050477 ____A C:\Users\Tatjana\Downloads\Defogger.exe
2013-07-07 21:00 - 2013-07-07 21:00 - 00000000 ____A C:\Users\Tatjana\defogger_reenable
2013-07-07 19:32 - 2013-07-07 19:32 - 00028328 ____A C:\Users\Tatjana\Desktop\AVSCAN-20130706-235619-EDF1C301.LOG
2013-07-07 19:31 - 2013-07-07 19:31 - 00000858 ____A C:\Users\Public\Desktop\RegClean Pro.lnk
2013-07-07 19:30 - 2013-07-07 19:30 - 03758488 ____A (Systweak Inc ) C:\Users\Tatjana\Downloads\rcpsetup_3335_ggde1.exe
2013-07-07 00:18 - 2013-05-08 06:37 - 00905576 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-07-07 00:17 - 2013-05-03 00:03 - 03603832 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
2013-07-07 00:17 - 2013-05-03 00:03 - 03551096 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-07-07 00:17 - 2013-05-02 06:04 - 00443904 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-07-07 00:17 - 2013-05-02 06:03 - 00037376 ____A (Microsoft Corporation) C:\Windows\System32\printcom.dll
2013-07-07 00:17 - 2013-04-24 06:00 - 00985600 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-07-07 00:17 - 2013-04-24 06:00 - 00133120 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-07-07 00:17 - 2013-04-24 06:00 - 00098304 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-07-07 00:17 - 2013-04-24 06:00 - 00041984 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-07-07 00:17 - 2013-04-24 03:46 - 00812544 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-07-07 00:17 - 2013-04-15 16:20 - 00638328 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2013-07-07 00:17 - 2013-04-13 12:56 - 00037376 ____A (Microsoft Corporation) C:\Windows\System32\cdd.dll
2013-07-07 00:17 - 2013-03-09 05:45 - 00049152 ____A (Microsoft Corporation) C:\Windows\System32\csrsrv.dll
2013-07-07 00:17 - 2013-03-09 03:28 - 00064000 ____A (Microsoft Corporation) C:\Windows\System32\smss.exe
2013-07-07 00:17 - 2013-03-03 21:07 - 01082232 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
2013-07-07 00:17 - 2012-11-08 05:48 - 01314816 ____A (Microsoft Corporation) C:\Windows\System32\quartz.dll
2013-07-07 00:16 - 2013-04-17 14:30 - 00024576 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll
2013-07-07 00:16 - 2013-04-09 03:36 - 02049024 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-07-07 00:16 - 2013-03-08 05:53 - 00376320 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2013-07-07 00:16 - 2013-03-08 05:52 - 02067968 ____A (Microsoft Corporation) C:\Windows\System32\mstscax.dll
2013-07-07 00:16 - 2013-02-12 03:57 - 00015872 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usb8023.sys
==================== One Month Modified Files and Folders ========
2013-07-10 00:08 - 2009-07-01 10:36 - 00001098 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-09 23:51 - 2012-04-02 22:40 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-09 23:37 - 2007-12-28 13:57 - 01423299 ____A C:\Windows\WindowsUpdate.log
2013-07-09 22:45 - 2006-11-02 14:47 - 00003568 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-09 22:45 - 2006-11-02 14:47 - 00003568 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-09 21:28 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\Microsoft.NET
2013-07-09 21:04 - 2006-11-02 12:33 - 01445352 ____A C:\Windows\System32\PerfStringBackup.INI
2013-07-09 21:02 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\rescache
2013-07-09 21:01 - 2013-07-09 21:01 - 00890988 ____A C:\Users\Tatjana\Downloads\SecurityCheck.exe
2013-07-09 21:00 - 2013-07-07 22:00 - 00001387 ____A C:\Users\Tatjana\Desktop\anleitung.txt
2013-07-09 20:45 - 2009-07-01 10:36 - 00001094 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-09 20:45 - 2006-11-02 15:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-07-09 06:48 - 2006-11-02 15:01 - 00032554 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-07-09 06:37 - 2006-11-02 14:47 - 00285752 ____A C:\Windows\System32\FNTCACHE.DAT
2013-07-09 06:33 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\System32\de-DE
2013-07-08 22:55 - 2013-07-08 22:55 - 00001994 ____A C:\Users\Tatjana\Desktop\JRT.txt
2013-07-08 22:52 - 2013-07-08 22:52 - 00000000 ____D C:\Windows\ERUNT
2013-07-08 22:52 - 2013-07-08 22:52 - 00000000 ____D C:\JRT
2013-07-08 22:42 - 2013-07-08 22:42 - 00032274 ____A C:\AdwCleaner[S1].txt
2013-07-08 22:42 - 2011-02-22 22:50 - 00000000 ____D C:\Program Files\Common Files\DVDVideoSoft
2013-07-08 22:40 - 2013-07-08 22:40 - 00650027 ____A C:\Users\Tatjana\Downloads\adwcleaner.exe
2013-07-08 22:40 - 2013-07-08 22:40 - 00547139 ____A (Oleg N. Scherbakov) C:\Users\Tatjana\Downloads\JRT.exe
2013-07-08 20:46 - 2009-03-01 13:29 - 00166386 ____A C:\Windows\PFRO.log
2013-07-08 20:40 - 2013-07-08 20:40 - 00013602 ____A C:\Users\Tatjana\Desktop\Combofix.txt
2013-07-08 20:40 - 2013-07-08 20:40 - 00013602 ____A C:\ComboFix.txt
2013-07-08 20:40 - 2013-07-08 20:24 - 00000000 ____D C:\Qoobox
2013-07-08 20:40 - 2013-07-08 20:24 - 00000000 ____D C:\ComboFix
2013-07-08 20:40 - 2006-11-02 13:18 - 00000000 __RHD C:\users\Default
2013-07-08 20:40 - 2006-11-02 13:18 - 00000000 ___RD C:\users\Public
2013-07-08 20:38 - 2013-07-08 20:24 - 00000000 ____D C:\Windows\erdnt
2013-07-08 20:37 - 2006-11-02 12:23 - 00000215 ____A C:\Windows\system.ini
2013-07-08 20:20 - 2013-07-08 20:21 - 05086946 ____A (Swearware) C:\Users\Tatjana\Desktop\ComboFix.exe
2013-07-08 20:20 - 2013-07-08 20:20 - 05086946 ____R (Swearware) C:\Users\Tatjana\Downloads\ComboFix.exe
2013-07-08 20:03 - 2012-05-06 15:38 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-07-08 07:29 - 2013-07-08 07:29 - 00029588 ____A C:\Users\Tatjana\Desktop\FRST.txt
2013-07-08 07:29 - 2013-07-08 07:29 - 00017309 ____A C:\Users\Tatjana\Desktop\Addition.txt
2013-07-08 07:27 - 2013-07-08 07:27 - 00000000 ____D C:\FRST
2013-07-08 07:26 - 2013-07-08 07:25 - 01373373 ____A (Farbar) C:\Users\Tatjana\Downloads\FRST.exe
2013-07-08 07:19 - 2013-07-08 07:19 - 00001501 ____A C:\Users\Tatjana\Desktop\Gmer.txt
2013-07-08 07:18 - 2013-07-08 07:18 - 00001501 ____A C:\Users\Tatjana\Downloads\Gmer.txt
2013-07-07 21:47 - 2013-07-07 21:47 - 00377856 ____A C:\Users\Tatjana\Downloads\gmer_2.1.19163.exe
2013-07-07 21:21 - 2013-05-26 06:20 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-07-07 21:19 - 2013-07-07 21:19 - 00049940 ____A C:\Users\Tatjana\Desktop\Extras.Txt
2013-07-07 21:16 - 2013-07-07 21:16 - 00088444 ____A C:\Users\Tatjana\Desktop\OTL.Txt
2013-07-07 21:02 - 2013-07-07 21:02 - 00602112 ____A (OldTimer Tools) C:\Users\Tatjana\Desktop\OTL.exe
2013-07-07 21:01 - 2013-07-07 21:00 - 00000476 ____A C:\Users\Tatjana\Downloads\defogger_disable.log
2013-07-07 21:00 - 2013-07-07 21:00 - 00050477 ____A C:\Users\Tatjana\Downloads\Defogger.exe
2013-07-07 21:00 - 2013-07-07 21:00 - 00000000 ____A C:\Users\Tatjana\defogger_reenable
2013-07-07 21:00 - 2007-12-28 15:30 - 00000000 ____D C:\users\Tatjana
2013-07-07 19:32 - 2013-07-07 19:32 - 00028328 ____A C:\Users\Tatjana\Desktop\AVSCAN-20130706-235619-EDF1C301.LOG
2013-07-07 19:31 - 2013-07-07 19:31 - 00000858 ____A C:\Users\Public\Desktop\RegClean Pro.lnk
2013-07-07 19:30 - 2013-07-07 19:30 - 03758488 ____A (Systweak Inc ) C:\Users\Tatjana\Downloads\rcpsetup_3335_ggde1.exe
2013-07-07 10:51 - 2012-04-02 22:40 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-07-07 10:51 - 2011-05-23 22:49 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2013-07-07 10:33 - 2009-02-21 23:53 - 00001052 ____A C:\Windows\Tasks\Google Software Updater.job
2013-07-06 23:31 - 2012-09-04 22:29 - 00000000 ____D C:\ProgramData\McAfee Security Scan
2013-07-06 23:31 - 2008-06-26 01:14 - 00000000 ____D C:\users\Gast
2013-07-06 23:31 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\System32\spool
2013-07-06 23:31 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\System32\Msdtc
2013-07-06 23:31 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\registration
2013-07-06 23:31 - 2006-11-02 12:22 - 47972352 ____A C:\Windows\System32\config\components_previous
2013-07-06 23:31 - 2006-11-02 12:22 - 46399488 ____A C:\Windows\System32\config\software_previous
2013-07-06 23:31 - 2006-11-02 12:22 - 35389440 ____A C:\Windows\System32\config\system_previous
2013-07-06 23:31 - 2006-11-02 12:22 - 00786432 ____A C:\Windows\System32\config\default_previous
2013-07-06 23:31 - 2006-11-02 12:22 - 00262144 ____A C:\Windows\System32\config\security_previous
2013-07-06 23:31 - 2006-11-02 12:22 - 00262144 ____A C:\Windows\System32\config\sam_previous
2013-07-06 23:25 - 2012-10-03 14:56 - 00001356 ____A C:\Users\Tatjana\AppData\Local\d3d9caps.dat
2013-06-10 21:49 - 2009-03-05 16:36 - 00000000 ____D C:\Program Files\Microsoft Silverlight
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-07-09 20:51
==================== End Of Log ============================
--- --- --- Hoffentlich geschafft? Wie schlimm war es denn? Danke dir für deine Hilfe!
__________________ Gruß und  wegta |
|
10.07.2013, 08:10
| #10 |
| /// the machine /// TB-Ausbilder | Virus - TR/Injector.agfh - durch e-Mail eingefangen Java und Adobe bitte updaten. War en haufen Adware KRam drauf. Fertig  Die Reihenfolge ist hier entscheidend.
Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
11.07.2013, 22:21
| #11 |
| | Virus - TR/Injector.agfh - durch e-Mail eingefangen Hallo schrauber, bin jetzt mit allem durch und alles upgedatet. Jetzt muss mein PC wieder sicher sein :-) Vielen lieben Dank für deine Hilfe! War echt toll! 
__________________ Gruß und wegta |
|
12.07.2013, 10:48
| #12 |
| /// the machine /// TB-Ausbilder | Virus - TR/Injector.agfh - durch e-Mail eingefangen Gern Geschehen
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Virus - TR/Injector.agfh - durch e-Mail eingefangen |
| 7-zip, abgesicherten, appdata, archiv, archive, canon, dateien, e-banking, e-mail, eingefangen, freund, gen, infizierte, install.exe, konto, laptop, modus, online-banking, paypal, pferd, plug-in, probleme, regclean, start, starten, system, temp, tr/injector.agfh, trojanische, trojanische pferd, virus, warnung |
Linear-Darstellung
