| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Postbank Banking Trojaner + LogfilesWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
17.10.2013, 14:31
| #1 |
| |  Postbank Banking Trojaner + Logfiles Guten Tag, ich habe seit ein paar Tagen diese Meldung, wenn ich mich bei der Postbank einloggen möchte. ( egal mit welchem Browser )  Nach Rücksprache mit dem Support der Postbank handelt es sich um einen Trojaner. Eine Boot CD von AntiVir ist schon durchgelaufen und hat auch zwei Dateien als verdächtig erkannt und diese gelöscht. Mehr Infos habe ich leider nicht mehr. In der Anlage findet Ihr die Log Files und hoffe das Ihr mir weiterhelfen könnt! Anhang 61206 Anhang 61207 Anhang 61208 Vielen Dank! Gruß steffen |
|
17.10.2013, 14:47
| #2 |
| /// TB-Ausbilder   |  Postbank Banking Trojaner + Logfiles Hallo Steffen,
__________________mach bitte einen FRST-Scan: Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
|
17.10.2013, 15:23
| #3 |
| | Postbank Banking Trojaner + Logfiles Addition.txt
__________________Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 03-10-2013
Ran by USER at 2013-10-17 16:11:10
Running from C:\Users\USER\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Microsoft Security Essentials (Enabled - Up to date) {3F839487-C7A2-C958-E30C-E2825BA31FB5}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {84E27563-E198-C6D6-D9BC-D9F020245508}
==================== Installed Programs ======================
32 Bit HP CIO Components Installer (Version: 7.1.8)
8500A909_eDocs (Version: 1.00.0000)
8500A909_Help (Version: 1.00.0000)
8500A909g (Version: 50.0.165.000)
Acronis*True*Image*Home 2011 (Version: 14.0.5105)
Adobe Flash Player 11 ActiveX (Version: 11.9.900.117)
Adobe Flash Player 11 Plugin (Version: 11.9.900.117)
Adobe Reader X (10.1.8) - Deutsch (Version: 10.1.8)
ALLMESS Datenschieber V2.0
AMD Drag and Drop Transcoding (Version: 2.00.0000)
Application Profiles (Version: 2.0.3904.33816)
ATI AVIVO Codecs (Version: 11.6.0.50825)
ATI Catalyst Install Manager (Version: 3.0.790.0)
Attachmate EXTRA! X-treme 8 (Version: 8.0.0.0000)
BPD_DSWizards (Version: 1.00.0000)
bpd_scan (Version: 3.00.0000)
BPDSoftware (Version: 50.0.165.000)
BPDSoftware_Ini (Version: 1.00.0000)
BufferChm (Version: 130.0.331.000)
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center Graphics Previews Common (Version: 2010.0825.2146.37182)
Catalyst Control Center Graphics Previews Vista (Version: 2010.0825.2146.37182)
Catalyst Control Center InstallProxy (Version: 2010.0825.2146.37182)
Catalyst Control Center Localization All (Version: 2010.0825.2146.37182)
CCC Help Chinese Standard (Version: 2010.0825.2145.37182)
CCC Help Chinese Traditional (Version: 2010.0825.2145.37182)
CCC Help Czech (Version: 2010.0825.2145.37182)
CCC Help Danish (Version: 2010.0825.2145.37182)
CCC Help Dutch (Version: 2010.0825.2145.37182)
CCC Help English (Version: 2010.0825.2145.37182)
CCC Help Finnish (Version: 2010.0825.2145.37182)
CCC Help French (Version: 2010.0825.2145.37182)
CCC Help German (Version: 2010.0825.2145.37182)
CCC Help Greek (Version: 2010.0825.2145.37182)
CCC Help Hungarian (Version: 2010.0825.2145.37182)
CCC Help Italian (Version: 2010.0825.2145.37182)
CCC Help Japanese (Version: 2010.0825.2145.37182)
CCC Help Korean (Version: 2010.0825.2145.37182)
CCC Help Norwegian (Version: 2010.0825.2145.37182)
CCC Help Polish (Version: 2010.0825.2145.37182)
CCC Help Portuguese (Version: 2010.0825.2145.37182)
CCC Help Russian (Version: 2010.0825.2145.37182)
CCC Help Spanish (Version: 2010.0825.2145.37182)
CCC Help Swedish (Version: 2010.0825.2145.37182)
CCC Help Thai (Version: 2010.0825.2145.37182)
CCC Help Turkish (Version: 2010.0825.2145.37182)
ccc-core-static (Version: 2010.0825.2146.37182)
ccc-utility (Version: 2010.0825.2146.37182)
Cisco Systems VPN Client 5.0.00.0340 (Version: 5.0.0)
d.velop d3client
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Destinations (Version: 130.0.0.0)
DeviceDiscovery (Version: 130.0.465.000)
DocMgr (Version: 130.0.000.000)
DocProc (Version: 13.0.0.0)
ElsterFormular (Version: 12.4.0.7094u)
ElsterFormular (Version: 13.0.0.8086u)
Fax (Version: 130.0.418.000)
FoxTab PDF Creator
Google Chrome (HKCU Version: 30.0.1599.101)
Google Earth (Version: 6.0.1.2032)
GPBaseService2 (Version: 130.0.371.000)
GPL Ghostscript 9.01
HP Customer Participation Program 13.0 (Version: 13.0)
HP Document Manager 2.0 (Version: 2.0)
HP Imaging Device Functions 13.0 (Version: 13.0)
HP Officejet Pro 8500 A910 - Grundlegende Software für das Gerät (Version: 22.50.231.0)
HP Officejet Pro 8500 A910 Hilfe (Version: 140.0.2.2)
HP Smart Web Printing 4.51 (Version: 4.51)
HP Solution Center 13.0 (Version: 13.0)
HP Update (Version: 5.003.001.001)
HPDiagnosticAlert (Version: 1.00.0000)
HPDiagnosticCoreDll (Version: 1.0.3.0)
HPProductAssistant (Version: 130.0.371.000)
HPSSupply (Version: 130.0.371.000)
HydraVision (Version: 4.2.180.0)
I.R.I.S. OCR (Version: 12.3.4.0)
Intel(R) Management Engine Components (Version: 6.0.0.1179)
IrfanView (remove only) (Version: 4.28)
Java Auto Updater (Version: 2.0.7.1)
Java(TM) 6 Update 31 (Version: 6.0.310)
K-Lite Codec Pack 6.9.0 (Full) (Version: 6.9.0)
MarketResearch (Version: 130.0.374.000)
Marketsplash Schnellzugriffe (Version: 1.0.1.7)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft Antimalware Service DE-DE Language Pack (Version: 3.0.8402.2)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft IntelliPoint 8.0 (Version: 8.01.249.0)
Microsoft IntelliType Pro 8.0 (Version: 8.0.225.0)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Excel MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Home and Business 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Italian) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Single Image 2010 (Version: 14.0.6029.1000)
Microsoft Office Word MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Security Client (Version: 4.3.0219.0)
Microsoft Security Client DE-DE Language Pack (Version: 2.1.1116.0)
Microsoft Security Essentials (Version: 4.3.219.0)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (Version: 10.0.30319)
Mozilla Firefox 24.0 (x86 de) (Version: 24.0)
Mozilla Maintenance Service (Version: 24.0)
MPM (Version: 1.00.0000)
MSVC80_x86_v2 (Version: 1.0.3.0)
MSVC90_x86 (Version: 1.0.1.2)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Network (Version: 130.0.579.000)
Nokia Connectivity Cable Driver (Version: 7.1.41.0)
Nokia Ovi Suite (Version: 3.1.0.91)
Nokia Ovi Suite Software Updater (Version: 02.07.004.45780)
Nokia PC Suite (Version: 7.1.60.0)
OCR Software by I.R.I.S. 13.0 (Version: 13.0)
Officejet Pro 8500 A909 Series (Version: 13.0)
Ovi Desktop Sync Engine (Version: 1.5.257.0)
OviMPlatform (Version: 2.7.66.0)
PandaPDFConverter
PC Connectivity Solution (Version: 11.4.16.0)
PDF Architect (Version: 1.1.83.9982)
PDFCreator (Version: 1.7.1)
ProductContext (Version: 50.0.165.000)
Realtek 8136 8168 8169 Ethernet Driver (Version: 1.00.0005)
Realtek High Definition Audio Driver (Version: 6.0.1.6037)
RedMon - Redirection Port Monitor
SAMSUNG USB Driver for Mobile Phones (Version: 1.2.1050.0)
Scan (Version: 13.0.0.0)
Shop for HP Supplies (Version: 13.0)
SmartWebPrinting (Version: 130.0.457.000)
SolutionCenter (Version: 130.0.373.000)
Status (Version: 130.0.469.000)
Studie zur Verbesserung von HP Officejet Pro 8500 A910 Produkten (Version: 22.50.231.0)
TeamViewer 6 (Version: 6.0.10194)
Toolbox (Version: 130.0.648.000)
TrayApp (Version: 130.0.422.000)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (Version: 3)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition
Update for Microsoft Word 2010 (KB2827323) 32-Bit Edition
Updater Service (Version: 14,1,1,3)
VideoPerformer
VLC media player 1.1.7 (Version: 1.1.7)
wc3270 3.3.9ga12
WebReg (Version: 130.0.132.017)
Windows Mobile Device Updater Component (Version: 04.08.2345.00)
Windows Phone Intro Video (DEU) (Version: 04.07.0975.00)
Windows-Treiberpaket - Nokia Modem (06/09/2010 7.01.0.8) (Version: 06/09/2010 7.01.0.8)
Windows-Treiberpaket - Nokia Modem (10/07/2010 4.6) (Version: 10/07/2010 4.6)
Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0) (Version: 08/22/2008 7.0.0.0)
WinRAR
Zune (Version: 04.08.2345.00)
Zune Language Pack (CHS) (Version: 04.08.2345.00)
Zune Language Pack (CHT) (Version: 04.08.2345.00)
Zune Language Pack (CSY) (Version: 04.08.2345.00)
Zune Language Pack (DAN) (Version: 04.08.2345.00)
Zune Language Pack (DEU) (Version: 04.08.2345.00)
Zune Language Pack (ELL) (Version: 04.08.2345.00)
Zune Language Pack (ESP) (Version: 04.08.2345.00)
Zune Language Pack (FIN) (Version: 04.08.2345.00)
Zune Language Pack (FRA) (Version: 04.08.2345.00)
Zune Language Pack (HUN) (Version: 04.08.2345.00)
Zune Language Pack (IND) (Version: 04.08.2345.00)
Zune Language Pack (ITA) (Version: 04.08.2345.00)
Zune Language Pack (JPN) (Version: 04.08.2345.00)
Zune Language Pack (KOR) (Version: 04.08.2345.00)
Zune Language Pack (MSL) (Version: 04.08.2345.00)
Zune Language Pack (NLD) (Version: 04.08.2345.00)
Zune Language Pack (NOR) (Version: 04.08.2345.00)
Zune Language Pack (PLK) (Version: 04.08.2345.00)
Zune Language Pack (PTB) (Version: 04.08.2345.00)
Zune Language Pack (PTG) (Version: 04.08.2345.00)
Zune Language Pack (RUS) (Version: 04.08.2345.00)
Zune Language Pack (SVE) (Version: 04.08.2345.00)
==================== Restore Points =========================
26-09-2013 10:02:29 Windows Update
30-09-2013 05:35:12 Windows Update
04-10-2013 05:57:57 Windows Update
07-10-2013 06:09:10 Windows Update
09-10-2013 08:46:23 Removed Iminent Toolbar For Internet Explorer
09-10-2013 08:49:20 TuneUp Utilities 2013 wird entfernt
09-10-2013 08:50:07 TuneUp Utilities Language Pack (de-DE) wird entfernt
09-10-2013 08:51:18 Removed Update Manager for SweetPacks 1.1
09-10-2013 08:51:38 Removed Internet Explorer Toolbar 4.6 by SweetPacks
10-10-2013 07:08:31 Windows Update
10-10-2013 11:27:48 Windows Update
14-10-2013 05:32:05 Windows Update
==================== Hosts content: ==========================
2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {2CDB7326-A693-4F5B-A25A-EBA5C4878D95} - System32\Tasks\{255ECFDD-36B4-41D6-A9DB-E6AF83605435} => C:\Program Files\Cisco Systems\VPN Client\ipsecdialer.exe [2007-04-03] (Cisco Systems, Inc.)
Task: {34AA2591-82D8-4E05-A880-CD97100A3C69} - System32\Tasks\Microsoft_Hardware_Launch_IType_exe => C:\Program Files\Microsoft IntelliType Pro\IType.exe [2010-07-21] (Microsoft Corporation)
Task: {424D2EC8-99E3-494C-A0B9-5AD1B04F5F29} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-145834025-3833221412-4044396105-1000Core => C:\Users\USER\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-28] (Google Inc.)
Task: {45094B04-6B55-48B7-B6A6-9C693D34E107} - System32\Tasks\HP-Online-Aktualisierungsprogramm => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2011-05-10] (Hewlett-Packard)
Task: {58F8EC73-E379-4C76-96CD-C3D2D47665CE} - System32\Tasks\{46CBB05C-4E3F-4C12-9C1C-16707AC72524} => C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE [2013-07-18] (Microsoft Corporation)
Task: {62526F9F-D75B-4A5C-9602-997904D96A13} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04] (Adobe Systems Incorporated)
Task: {73DE71E4-B8D5-4F63-9840-78E85AF79B59} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {81A9AFD5-1B32-444D-801F-112326D6F9BA} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-145834025-3833221412-4044396105-1000UA => C:\Users\USER\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-28] (Google Inc.)
Task: {C9F82DAB-C68B-4AB0-96D7-DF1598C31744} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-09] (Adobe Systems Incorporated)
Task: {CA48C66E-0697-4BAB-9860-6A391C4C9CA3} - System32\Tasks\HPCustParticipation HP Officejet Pro 8500 A910 => C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\HPCustPartic.exe [2010-11-16] (Hewlett-Packard Co.)
Task: {DA02DDF5-E11D-4DAD-9A54-26C4FAA39DCE} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-11] (Microsoft Corporation)
Task: {F40433A8-1D75-46FB-BF27-CAE579905536} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => C:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-01-07] (Microsoft Corporation)
Task: {FA37B234-C174-4397-A326-1F45B747350C} - System32\Tasks\Google Updater and Installer => C:\Users\USER\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-28] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-145834025-3833221412-4044396105-1000Core.job => C:\Users\USER\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-145834025-3833221412-4044396105-1000UA.job => C:\Users\USER\AppData\Local\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2011-02-28 14:15 - 2010-03-15 12:28 - 00141824 _____ () C:\Program Files\WinRAR\rarext.dll
2010-08-04 16:58 - 2010-08-04 16:58 - 00016384 ____R () C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll
2010-08-25 22:44 - 2010-08-25 22:44 - 00270336 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2007-08-08 11:37 - 2007-08-08 11:37 - 00056320 _____ () C:\Program Files\d.velop\d3client\isock32.dll
2011-05-20 16:54 - 2011-05-20 16:54 - 08166912 _____ () C:\Program Files\Nokia\Nokia Ovi Suite\QtGui4.dll
2011-05-20 16:54 - 2011-05-20 16:54 - 02282496 _____ () C:\Program Files\Nokia\Nokia Ovi Suite\QtCore4.dll
2011-05-20 16:54 - 2011-05-20 16:54 - 00913920 _____ () C:\Program Files\Nokia\Nokia Ovi Suite\QtNetwork4.dll
2011-05-20 16:54 - 2011-05-20 16:54 - 00026624 _____ () C:\Program Files\Nokia\Nokia Ovi Suite\imageformats\qgif4.dll
2011-05-20 16:54 - 2011-05-20 16:54 - 00196608 _____ () C:\Program Files\Nokia\Nokia Ovi Suite\imageformats\qjpeg4.dll
2011-05-20 16:54 - 2011-05-20 16:54 - 00340480 _____ () C:\Program Files\Nokia\Nokia Ovi Suite\QtXml4.dll
2011-05-20 16:54 - 2011-05-20 16:54 - 02246656 _____ () C:\Program Files\Nokia\Nokia Ovi Suite\QtDeclarative4.dll
2011-05-20 16:54 - 2011-05-20 16:54 - 01288192 _____ () C:\Program Files\Nokia\Nokia Ovi Suite\QtScript4.dll
2011-05-20 16:54 - 2011-05-20 16:54 - 00190464 _____ () C:\Program Files\Nokia\Nokia Ovi Suite\QtSql4.dll
2011-05-20 16:54 - 2011-05-20 16:54 - 02551296 _____ () C:\Program Files\Nokia\Nokia Ovi Suite\QtXmlPatterns4.dll
2011-05-20 16:29 - 2011-05-20 16:29 - 00924672 _____ () C:\Program Files\Nokia\Nokia Ovi Suite\Maps Service API.dll
2005-07-20 11:48 - 2005-07-20 11:48 - 00059904 _____ () C:\Program Files\Nokia\Nokia Ovi Suite\zlib1.dll
2011-05-20 16:29 - 2011-05-20 16:29 - 00422800 _____ () C:\Program Files\Nokia\Nokia Ovi Suite\ssoengine.dll
2011-05-20 16:29 - 2011-05-20 16:29 - 00060816 _____ () C:\Program Files\Nokia\Nokia Ovi Suite\securestorage.dll
2011-05-20 16:29 - 2011-05-20 16:29 - 00387976 _____ () C:\Program Files\Nokia\Nokia Ovi Suite\OviShareLib.dll
2011-05-20 16:54 - 2011-05-20 16:54 - 00266752 _____ () C:\Program Files\Nokia\Nokia Ovi Suite\phonon4.dll
2011-05-20 16:30 - 2011-05-20 16:30 - 00508416 _____ () C:\Program Files\Nokia\Nokia Ovi Suite\QtMultimediaKit1.dll
2011-05-20 16:54 - 2011-05-20 16:54 - 00676864 _____ () C:\Program Files\Nokia\Nokia Ovi Suite\QtOpenGL4.dll
2011-05-20 16:28 - 2011-05-20 16:28 - 00687616 _____ () C:\Program Files\Nokia\Nokia Ovi Suite\CommonUpdateChecker.dll
2011-05-20 16:54 - 2011-05-20 16:54 - 10837504 _____ () C:\Program Files\Nokia\Nokia Ovi Suite\QtWebKit4.dll
2011-05-20 16:30 - 2011-05-20 16:30 - 00109568 _____ () C:\Program Files\Nokia\Nokia Ovi Suite\mediaservice\dsengine.dll
2011-02-28 17:22 - 1996-12-03 00:00 - 03661072 _____ () C:\Windows\system32\mso97rt.dll
2011-03-03 12:00 - 2013-10-09 16:45 - 09489408 _____ () C:\Users\USER\AppData\Local\Adobe\Acrobat\10.0\Cache\RdLang_rdlang32.deu
2013-09-03 15:53 - 2013-09-03 15:53 - 00305520 _____ () C:\Program Files\Adobe\Reader 10.0\Reader\sqlite.dll
2012-07-27 22:51 - 2012-07-27 22:51 - 06549432 _____ () C:\Program Files\Adobe\Reader 10.0\Reader\authplay.dll
2011-03-03 14:16 - 2013-10-09 16:45 - 03065856 _____ () C:\Users\USER\AppData\Local\Adobe\Acrobat\10.0\Cache\RdLang_Annots.DEU
2011-04-20 06:55 - 2013-10-09 16:45 - 00023040 _____ () C:\Users\USER\AppData\Local\Adobe\Acrobat\10.0\Cache\RdLang_SendMail.DEU
2011-03-17 00:11 - 2011-03-17 00:11 - 04297568 _____ () C:\Program Files\Common Files\Microsoft Shared\office14\Cultures\office.odf
2011-03-03 14:51 - 2013-10-09 17:32 - 00014336 _____ () C:\Users\USER\AppData\Local\Adobe\Acrobat\10.0\Cache\RdLang_Updater.DEU
2010-12-21 02:15 - 2010-12-21 02:15 - 01041248 _____ () C:\Program Files\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\ProgramData\TEMP:B801D4E2
==================== Safe Mode (whitelisted) ===================
==================== Faulty Device Manager Devices =============
Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Cisco Systems VPN Adapter
Description: Cisco Systems VPN Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: CVirtA
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: OCT Inc. USB Serial Converter
Description: OCT Inc. USB Serial Converter
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (10/17/2013 02:50:33 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: aswMBR.exe, Version: 0.9.9.1771, Zeitstempel: 0x5147644e
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521ea91c
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00052d37
ID des fehlerhaften Prozesses: 0x1cc0
Startzeit der fehlerhaften Anwendung: 0xaswMBR.exe0
Pfad der fehlerhaften Anwendung: aswMBR.exe1
Pfad des fehlerhaften Moduls: aswMBR.exe2
Berichtskennung: aswMBR.exe3
Error: (10/17/2013 02:46:12 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: aswMBR.exe, Version: 0.9.9.1771, Zeitstempel: 0x5147644e
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521ea91c
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00052d94
ID des fehlerhaften Prozesses: 0x1ed8
Startzeit der fehlerhaften Anwendung: 0xaswMBR.exe0
Pfad der fehlerhaften Anwendung: aswMBR.exe1
Pfad des fehlerhaften Moduls: aswMBR.exe2
Berichtskennung: aswMBR.exe3
Error: (10/17/2013 08:10:57 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: MSACCESS.EXE, Version: 8.0.0.3512, Zeitstempel: 0x328951b3
Name des fehlerhaften Moduls: MSACCESS.EXE, Version: 8.0.0.3512, Zeitstempel: 0x328951b3
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00023293
ID des fehlerhaften Prozesses: 0xc10
Startzeit der fehlerhaften Anwendung: 0xMSACCESS.EXE0
Pfad der fehlerhaften Anwendung: MSACCESS.EXE1
Pfad des fehlerhaften Moduls: MSACCESS.EXE2
Berichtskennung: MSACCESS.EXE3
Error: (10/17/2013 07:50:23 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: firefox.exe, Version: 24.0.0.5001, Zeitstempel: 0x518e80fd
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521ea91c
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0005d032
ID des fehlerhaften Prozesses: 0x1074
Startzeit der fehlerhaften Anwendung: 0xfirefox.exe0
Pfad der fehlerhaften Anwendung: firefox.exe1
Pfad des fehlerhaften Moduls: firefox.exe2
Berichtskennung: firefox.exe3
Error: (10/16/2013 04:17:46 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: MSACCESS.EXE, Version: 8.0.0.3512, Zeitstempel: 0x328951b3
Name des fehlerhaften Moduls: MSACCESS.EXE, Version: 8.0.0.3512, Zeitstempel: 0x328951b3
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00023293
ID des fehlerhaften Prozesses: 0x11dc
Startzeit der fehlerhaften Anwendung: 0xMSACCESS.EXE0
Pfad der fehlerhaften Anwendung: MSACCESS.EXE1
Pfad des fehlerhaften Moduls: MSACCESS.EXE2
Berichtskennung: MSACCESS.EXE3
Error: (10/16/2013 03:28:07 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: firefox.exe, Version: 24.0.0.5001, Zeitstempel: 0x518e80fd
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521ea91c
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0005d032
ID des fehlerhaften Prozesses: 0xf6c
Startzeit der fehlerhaften Anwendung: 0xfirefox.exe0
Pfad der fehlerhaften Anwendung: firefox.exe1
Pfad des fehlerhaften Moduls: firefox.exe2
Berichtskennung: firefox.exe3
Error: (10/15/2013 06:10:32 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: MSACCESS.EXE, Version: 8.0.0.3512, Zeitstempel: 0x328951b3
Name des fehlerhaften Moduls: MSACCESS.EXE, Version: 8.0.0.3512, Zeitstempel: 0x328951b3
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00023293
ID des fehlerhaften Prozesses: 0x13b8
Startzeit der fehlerhaften Anwendung: 0xMSACCESS.EXE0
Pfad der fehlerhaften Anwendung: MSACCESS.EXE1
Pfad des fehlerhaften Moduls: MSACCESS.EXE2
Berichtskennung: MSACCESS.EXE3
Error: (10/15/2013 03:39:58 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (10/15/2013 03:39:58 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (10/15/2013 03:39:57 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
System errors:
=============
Error: (10/16/2013 03:28:40 PM) (Source: WMPNetworkSvc) (User: )
Description: WMPNetworkSvc0x80004005
Error: (10/15/2013 06:54:15 AM) (Source: DCOM) (User: )
Description: {3EB3C877-1F16-487C-9050-104DBCD66683}
Error: (10/14/2013 04:18:50 PM) (Source: DCOM) (User: )
Description: {3EB3C877-1F16-487C-9050-104DBCD66683}
Error: (10/14/2013 09:23:09 AM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR3 gefunden.
Error: (10/10/2013 08:07:33 AM) (Source: Microsoft Antimalware) (User: )
Description: Beim Aktualisieren der Signaturen wurde von %NT-AUTORITÄT60 ein Fehler festgestellt.
Neue Signaturversion:
Vorherige Signaturversion: 1.159.1589.0
Aktualisierungsquelle: %NT-AUTORITÄT59
Aktualisierungsphase: 4.2.0223.00
Quellpfad: 4.2.0223.01
Signaturtyp: %NT-AUTORITÄT602
Aktualisierungstyp: %NT-AUTORITÄT604
Benutzer: NT-AUTORITÄT\SYSTEM
Aktuelle Modulversion: %NT-AUTORITÄT605
Vorherige Modulversion: %NT-AUTORITÄT606
Fehlercode: %NT-AUTORITÄT607
Fehlerbeschreibung: %NT-AUTORITÄT608
Error: (10/09/2013 05:42:26 PM) (Source: DCOM) (User: )
Description: {3EB3C877-1F16-487C-9050-104DBCD66683}
Error: (10/09/2013 04:52:15 PM) (Source: Microsoft Antimalware) (User: )
Description: Beim Aktualisieren der Signaturen wurde von %NT-AUTORITÄT60 ein Fehler festgestellt.
Neue Signaturversion:
Vorherige Signaturversion: 1.159.1589.0
Aktualisierungsquelle: %NT-AUTORITÄT59
Aktualisierungsphase: 4.2.0223.00
Quellpfad: 4.2.0223.01
Signaturtyp: %NT-AUTORITÄT602
Aktualisierungstyp: %NT-AUTORITÄT604
Benutzer: NT-AUTORITÄT\SYSTEM
Aktuelle Modulversion: %NT-AUTORITÄT605
Vorherige Modulversion: %NT-AUTORITÄT606
Fehlercode: %NT-AUTORITÄT607
Fehlerbeschreibung: %NT-AUTORITÄT608
Error: (10/09/2013 00:22:08 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Server" wurde mit folgendem Fehler beendet:
%%13
Error: (10/09/2013 00:22:08 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet:
%%1115
Error: (10/09/2013 00:20:42 PM) (Source: DCOM) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}
Microsoft Office Sessions:
=========================
Error: (10/17/2013 02:50:33 PM) (Source: Application Error)(User: )
Description: aswMBR.exe0.9.9.17715147644entdll.dll6.1.7601.18247521ea91cc000000500052d371cc001cecb36ec3fb1c9C:\Users\USER\Desktop\aswMBR.exeC:\Windows\SYSTEM32\ntdll.dllb5a7b139-372a-11e3-967c-20cf30e64d7a
Error: (10/17/2013 02:46:12 PM) (Source: Application Error)(User: )
Description: aswMBR.exe0.9.9.17715147644entdll.dll6.1.7601.18247521ea91cc000000500052d941ed801cecb353727573cC:\Users\USER\Desktop\aswMBR.exeC:\Windows\SYSTEM32\ntdll.dll19ba668e-372a-11e3-967c-20cf30e64d7a
Error: (10/17/2013 08:10:57 AM) (Source: Application Error)(User: )
Description: MSACCESS.EXE8.0.0.3512328951b3MSACCESS.EXE8.0.0.3512328951b3c000000500023293c1001cecafd15ec4217C:\RKES\OFFICE\MSACCESS.EXEC:\RKES\OFFICE\MSACCESS.EXEe2e3aa64-36f2-11e3-967c-20cf30e64d7a
Error: (10/17/2013 07:50:23 AM) (Source: Application Error)(User: )
Description: firefox.exe24.0.0.5001518e80fdntdll.dll6.1.7601.18247521ea91cc00000050005d032107401cecafcc43b4c52C:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\SYSTEM32\ntdll.dll030f01d4-36f0-11e3-967c-20cf30e64d7a
Error: (10/16/2013 04:17:46 PM) (Source: Application Error)(User: )
Description: MSACCESS.EXE8.0.0.3512328951b3MSACCESS.EXE8.0.0.3512328951b3c00000050002329311dc01ceca74c82c5406C:\RKES\OFFICE\MSACCESS.EXEC:\RKES\OFFICE\MSACCESS.EXEba071a37-366d-11e3-9c3b-20cf30e64d7a
Error: (10/16/2013 03:28:07 PM) (Source: Application Error)(User: )
Description: firefox.exe24.0.0.5001518e80fdntdll.dll6.1.7601.18247521ea91cc00000050005d032f6c01ceca738327511fC:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\SYSTEM32\ntdll.dllca55e271-3666-11e3-9c3b-20cf30e64d7a
Error: (10/15/2013 06:10:32 PM) (Source: Application Error)(User: )
Description: MSACCESS.EXE8.0.0.3512328951b3MSACCESS.EXE8.0.0.3512328951b3c00000050002329313b801cec9a731a69150C:\RKES\OFFICE\MSACCESS.EXEC:\RKES\OFFICE\MSACCESS.EXE50ec3f19-35b4-11e3-961a-20cf30e64d7a
Error: (10/15/2013 03:39:58 PM) (Source: SideBySide)(User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\ati technologies\hydravision\HydraMD64.exe
Error: (10/15/2013 03:39:58 PM) (Source: SideBySide)(User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\ati technologies\hydravision\HydraDM64.exe
Error: (10/15/2013 03:39:57 PM) (Source: SideBySide)(User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\ati technologies\hydravision\Grid64.exe
==================== Memory info ===========================
Percentage of memory in use: 48%
Total physical RAM: 3550.05 MB
Available physical RAM: 1812.86 MB
Total Pagefile: 7098.4 MB
Available Pagefile: 5199.9 MB
Total Virtual: 2047.88 MB
Available Virtual: 1884.32 MB
==================== Drives ================================
Drive c: (system) (Fixed) (Total:195.21 GB) (Free:89.72 GB) NTFS
Drive d: (Archiv & Sicherungen) (Fixed) (Total:195.31 GB) (Free:194.92 GB) NTFS
Drive f: (Daten) (Fixed) (Total:540.89 GB) (Free:539.91 GB) NTFS
Drive i: (HDDRIVE2GO) (Fixed) (Total:335.27 GB) (Free:248.21 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 2635F9C6)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=195 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=195 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=541 GB) - (Type=OF Extended)
========================================================
Disk: 1 (Size: 335 GB) (Disk ID: BC1B019C)
Partition 1: (Not Active) - (Size=335 GB) - (Type=0C)
==================== End Of Log ============================
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-10-2013
Ran by USER (administrator) on USER-PC on 17-10-2013 16:06:48
Running from C:\Users\USER\Desktop
Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Acronis) C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
(Acronis) C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
(Cisco Systems, Inc.) C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
() C:\ProgramData\IBUpdaterService\ibsvc.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(pdfforge GmbH) C:\Program Files\PDF Architect\HelperService.exe
(pdfforge GmbH) C:\Program Files\PDF Architect\ConversionService.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\itype.exe
(Acronis) C:\Program Files\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Acronis) C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
(Acronis) C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
(Nokia) C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
(Microsoft Corporation) C:\Program Files\Zune\ZuneLauncher.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(d.velop) C:\Program Files\d.velop\d3client\d3login.exe
(Nokia) C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
(Nokia) C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
(Nokia) C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
(Nokia) C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
(Nokia) C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Zune\ZuneNss.exe
(Microsoft Corporation) C:\RKES\OFFICE\MSACCESS.EXE
(Adobe Systems Incorporated) C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe
(d.velop) C:\Program Files\d.velop\d3client\dwatch.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
(TeamViewer GmbH) C:\Users\USER\AppData\Local\Temp\TeamViewer\Version7\TeamViewer.exe
(TeamViewer GmbH) C:\Users\USER\AppData\Local\Temp\TeamViewer\Version7\tv_w32.exe
(TeamViewer GmbH) c:\users\user\appdata\local\temp\teamviewer\version7\TeamViewer_Desktop.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [8493600 2010-01-29] (Realtek Semiconductor)
HKLM\...\Run: [StartCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-08-25] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [itype] - C:\Program Files\Microsoft IntelliType Pro\itype.exe [1778064 2010-07-21] (Microsoft Corporation)
HKLM\...\Run: [SAOB Monitor] - C:\Program Files\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe [2536752 2010-08-20] (Acronis)
HKLM\...\Run: [TrueImageMonitor.exe] - C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe [5459136 2010-08-21] (Acronis)
HKLM\...\Run: [Acronis Scheduler2 Service] - C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe [390712 2010-08-21] (Acronis)
HKLM\...\Run: [NokiaMServer] - C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
HKLM\...\Run: [Zune Launcher] - C:\Program Files\Zune\ZuneLauncher.exe [159456 2011-08-05] (Microsoft Corporation)
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [995176 2013-08-12] (Microsoft Corporation)
HKLM\...\Run: [logonf] - C:\Program Files\Windows NT\logonf.lnk [650 2013-10-01] ()
HKLM\...\Run: [packvusrv] - C:\Program Files\Windows NT\packvusrv.lnk [664 2013-10-07] ()
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Policies\Explorer\Run: [20845] - c:\progra~2\dxmjpgk.exe No File
HKCU\...\Run: [D3LOGIN] - C:\Program Files\d.velop\d3client\d3login.exe [351744 2007-08-08] (d.velop)
HKCU\...\Run: [NokiaOviSuite2] - C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe [724536 2011-05-20] (Nokia)
HKCU\...\Run: [] - [x]
HKCU\...\Run: [Google Update] - C:\Users\USER\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-02-28] (Google Inc.)
HKCU\...\Run: [{1B07821F-E2B1-CA33-4DA2-9104C64BD5CE}] - C:\Users\USER\AppData\Roaming\Keas\mahesy.exe [181973 2011-12-18] ()
HKCU\...\Policies\Explorer: [HideSCAHealth] 1
MountPoints2: {f755a338-b53b-11e1-9234-20cf30e64d7a} - H:\LaunchU3.exe -a
AppInit_DLLs: [ ] ()
Startup: C:\Users\USER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Outlook 2010.lnk
ShortcutTarget: Microsoft Outlook 2010.lnk -> C:\Windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\outicon.exe ()
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x3E44D156D8FDCB01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2426} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=331128&systemid=426&sr=0&q={searchTerms}
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://www.searchqu.com/web?src=ieb&appid=175&systemid=406&sr=0&q={searchTerms}
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2426} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=331128&systemid=426&sr=0&q={searchTerms}
SearchScopes: HKCU - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2426} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=331128&systemid=426&sr=0&q={searchTerms}
SearchScopes: HKCU - {0D7562AE-8EF6-416d-A838-AB665251703A} URL = hxxp://start.facemoods.com/?a=gppc&s={searchTerms}&f=4
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://search.babylon.com/?q={searchTerms}&AF=100482&babsrc=SP_ss&mntrId=5a60516d00000000000020cf30e64d7a
SearchScopes: HKCU - {6D127035-96CD-4429-A754-10E49E69E54D} URL = hxxp://search.softonic.com/MON00016/tb_v1?q={searchTerms}&SearchSource=4&cc=
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://www.searchqu.com/web?src=ieb&appid=175&systemid=406&sr=0&q={searchTerms}
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2426} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=331128&systemid=426&sr=0&q={searchTerms}
SearchScopes: HKCU - {BC91B570-6A28-40AD-9D58-39713D19E700} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=827316&p={searchTerms}
SearchScopes: HKCU - {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} URL = hxxp://mystart.incredimail.com/mb68/?search={searchTerms}&loc=search_box&u=92541545952027901
BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files\PDF Architect\PDFIEHelper.dll (pdfforge GmbH)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - No Name - !{8dcb7100-df86-4384-8842-8fa844297b3f} - No File
Toolbar: HKLM - No Name - !{95B7759C-8C7F-4BF1-B163-73684A933233} - No File
Toolbar: HKCU - No Name - {EEE6C35B-6118-11DC-9C72-001320C79847} - No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\86zrn2w3.default
FF Homepage: hxxp://www.msn.com/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Google.com/GoogleEarthPlugin - C:\Users\USER\AppData\Local\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\USER\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\USER\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\babylon.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\fcmdSrch.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\SearchResults.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: No Name - C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\86zrn2w3.default\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi
FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKLM\...\Firefox\Extensions: [bkmrksync@nokia.com] - C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\
FF Extension: PC Sync 2 Synchronisation Extension - C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\
FF HKLM\...\Firefox\Extensions: [{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}] - C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\
FF Extension: Firefox Synchronisation Extension - C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\
FF HKLM\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files\PDF Architect\FFPDFArchitectExt
FF HKLM\...\Thunderbird\Extensions: [{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}] - C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\
FF Extension: Thunderbird Address Book Synchronisation Extension - C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
Chrome:
=======
CHR RestoreOnStartup: "hxxp://start.iminent.com/?appId=26743BF3-DB62-4643-B7F2-168542EA3BDE"
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\USER\AppData\Local\Google\Chrome\Application\30.0.1599.69\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\USER\AppData\Local\Google\Chrome\Application\30.0.1599.69\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\USER\AppData\Local\Google\Chrome\Application\30.0.1599.69\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.310.5) - C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java(TM) Platform SE 6 U31) - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Earth Plugin) - C:\Users\USER\AppData\Local\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Users\USER\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Extension: (FileConverter 1.3) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\engeblojhfeingnjnfpiceofljnjpldp\10.20.1.508_0
CHR Extension: (SweetIM for Facebook) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.2.0.0_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0
CHR Extension: (SweetPacks Chrome Extension) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.3.0.2_0
CHR HKLM\...\Chrome\Extension: [engeblojhfeingnjnfpiceofljnjpldp] - C:\Users\USER\AppData\Local\CRE\engeblojhfeingnjnfpiceofljnjpldp.crx
CHR HKLM\...\Chrome\Extension: [jcdgjdiieiljkfkdcloehkohchhpekkn] - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\SweetFB.crx
CHR HKLM\...\Chrome\Extension: [ogccgbmabaphcakpiclgcnmcnimhokcj] - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\SweetNT.crx
CHR StartMenuInternet: Google Chrome - C:\Users\USER\AppData\Local\Google\Chrome\Application\chrome.exe
========================== Services (Whitelisted) =================
R2 AcrSch2Svc; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [779944 2010-08-21] (Acronis)
R2 afcdpsrv; C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe [3975088 2011-03-03] (Acronis)
R2 CVPND; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [1516584 2007-04-03] (Cisco Systems, Inc.)
R2 IBUpdaterService; C:\ProgramData\IBUpdaterService\ibsvc.exe [396216 2012-05-18] ()
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-08-12] (Microsoft Corporation)
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [295376 2013-08-12] (Microsoft Corporation)
R2 PDF Architect Helper Service; C:\Program Files\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
R2 PDF Architect Service; C:\Program Files\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
==================== Drivers (Whitelisted) ====================
R3 AtiHDAudioService; C:\Windows\System32\drivers\AtihdW73.sys [101904 2010-07-15] (ATI Technologies, Inc.)
R0 CLFS; C:\Windows\System32\CLFS.sys [249408 2009-07-14] (Microsoft Corporation)
S3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.)
R2 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [306295 2007-04-03] (Cisco Systems, Inc.)
R3 DNE; C:\Windows\System32\DRIVERS\dne2000.sys [127376 2007-01-31] (Deterministic Networks, Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [211560 2013-06-18] (Microsoft Corporation)
R1 MpKslf90b867f; C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F19F7838-67E9-47D4-B628-B748A49A020B}\MpKslf90b867f.sys [40392 2013-10-17] (Microsoft Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [13216 2009-07-16] ()
S3 NuidFltr; C:\Windows\System32\DRIVERS\NuidFltr.sys [14736 2009-11-03] (Microsoft Corporation)
S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [34016 2013-01-10] (The OpenVPN Project)
S4 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
U3 aswMBR; \??\C:\Users\USER\AppData\Local\Temp\aswMBR.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-10-17 16:06 - 2013-10-17 16:06 - 00000000 ____D C:\FRST
2013-10-17 16:05 - 2013-10-17 16:05 - 01087213 _____ (Farbar) C:\Users\USER\Desktop\FRST.exe
2013-10-10 09:14 - 2013-09-23 01:28 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-10-10 09:14 - 2013-09-23 01:28 - 01141248 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-10-10 09:14 - 2013-09-23 01:28 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-10-10 09:14 - 2013-09-23 01:27 - 14335488 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-10-10 09:14 - 2013-09-23 01:27 - 13761024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-10-10 09:14 - 2013-09-23 01:27 - 02876928 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-10-10 09:14 - 2013-09-23 01:27 - 02048512 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-10-10 09:14 - 2013-09-23 01:27 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-10-10 09:14 - 2013-09-23 01:27 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-10-10 09:14 - 2013-09-23 01:27 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-10-10 09:14 - 2013-09-23 01:27 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-10-10 09:14 - 2013-09-23 01:27 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-10-10 09:14 - 2013-09-23 01:27 - 00039424 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-10-10 09:14 - 2013-09-23 01:27 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-10-10 09:14 - 2013-09-21 05:30 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-10-10 09:14 - 2013-09-21 04:39 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-10-10 09:03 - 2013-09-14 02:48 - 00338944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-10-10 09:03 - 2013-09-08 04:07 - 01294272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-10-10 09:03 - 2013-09-08 04:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2013-10-10 09:03 - 2013-08-29 03:51 - 03969472 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2013-10-10 09:03 - 2013-08-29 03:51 - 03914176 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-10-10 09:03 - 2013-08-29 03:50 - 01289096 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-10-10 09:03 - 2013-08-29 03:50 - 00619520 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2013-10-10 09:03 - 2013-08-29 03:48 - 00640512 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2013-10-10 09:03 - 2013-08-29 03:12 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbser.sys
2013-10-10 09:03 - 2013-08-28 03:04 - 02348544 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-10-10 09:03 - 2013-08-28 02:57 - 00434688 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2013-10-10 09:03 - 2013-08-01 13:03 - 00729024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-10-10 09:03 - 2013-07-20 12:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-10 09:03 - 2013-07-04 13:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2013-10-10 09:03 - 2013-07-04 13:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2013-10-10 09:03 - 2013-07-04 13:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2013-10-10 09:03 - 2013-07-04 11:48 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2013-10-10 09:03 - 2013-07-03 06:02 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbscan.sys
2013-10-10 09:03 - 2013-07-03 05:36 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2013-10-10 09:03 - 2013-07-03 05:36 - 00025728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2013-10-10 09:03 - 2013-06-06 06:52 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2013-10-10 09:03 - 2013-06-06 06:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2013-10-10 09:03 - 2013-06-06 06:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2013-10-10 09:03 - 2013-06-06 05:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2013-10-10 09:03 - 2013-06-06 05:01 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2013-10-10 09:02 - 2013-07-12 12:07 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys
2013-10-10 09:02 - 2013-06-26 00:56 - 00527064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2013-10-09 11:20 - 2013-10-09 11:21 - 00000000 ____D C:\Users\USER\AppData\Roaming\Mozilla
2013-10-09 11:20 - 2013-10-09 11:20 - 00001111 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-10-09 11:20 - 2013-10-09 11:20 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-10-09 11:00 - 2013-10-09 11:00 - 00000000 ____D C:\Users\USER\Downloads\backups
2013-10-09 10:57 - 2013-10-09 10:58 - 00388608 _____ (Trend Micro Inc.) C:\Users\USER\Downloads\hijackthis.exe
2013-10-09 10:21 - 2013-10-09 10:24 - 00000000 ____D C:\Users\USER\AppData\Roaming\Ykto
2013-10-09 10:21 - 2013-10-09 10:21 - 00000000 ____D C:\Users\USER\AppData\Roaming\Keas
2013-09-23 08:15 - 2013-09-23 08:15 - 00000168 _____ C:\Users\USER\Downloads\html-2.3 (1).html
2013-09-23 08:14 - 2013-09-23 08:14 - 00009137 _____ C:\Users\USER\Downloads\html-2.3.html
2013-09-23 08:13 - 2013-09-23 08:13 - 00000168 _____ C:\Users\USER\Downloads\html-2.5.html
==================== One Month Modified Files and Folders =======
2013-10-17 16:06 - 2013-10-17 16:06 - 00000000 ____D C:\FRST
2013-10-17 16:05 - 2013-10-17 16:05 - 01087213 _____ (Farbar) C:\Users\USER\Desktop\FRST.exe
2013-10-17 16:04 - 2012-06-26 09:50 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-17 15:31 - 2011-02-28 16:25 - 00001116 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-145834025-3833221412-4044396105-1000UA.job
2013-10-17 15:30 - 2011-02-28 20:48 - 01077150 _____ C:\Windows\WindowsUpdate.log
2013-10-17 14:31 - 2011-02-28 16:25 - 00001064 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-145834025-3833221412-4044396105-1000Core.job
2013-10-17 09:51 - 2012-06-04 11:06 - 00413184 ___SH C:\Users\USER\Documents\Thumbs.db
2013-10-17 08:10 - 2011-02-28 17:22 - 00000000 ____D C:\RKES
2013-10-17 07:57 - 2009-07-14 06:34 - 00014816 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-17 07:57 - 2009-07-14 06:34 - 00014816 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-17 07:50 - 2009-07-14 04:37 - 00000000 ____D C:\Program Files\Windows NT
2013-10-17 07:49 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-17 07:49 - 2009-07-14 06:39 - 00117786 _____ C:\Windows\setupact.log
2013-10-10 13:28 - 2011-03-03 09:32 - 00001912 _____ C:\Windows\epplauncher.mif
2013-10-10 13:28 - 2011-03-03 09:31 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-10-10 12:50 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\rescache
2013-10-10 10:20 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-10-10 09:32 - 2011-02-28 13:57 - 01507342 _____ C:\Windows\system32\PerfStringBackup.INI
2013-10-10 09:27 - 2012-06-01 13:50 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-10-10 09:27 - 2009-07-14 06:33 - 00374040 _____ C:\Windows\system32\FNTCACHE.DAT
2013-10-10 09:25 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\de-DE
2013-10-10 09:23 - 2011-02-28 14:37 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-10-10 09:21 - 2013-08-19 10:51 - 00000000 ____D C:\Windows\system32\MRT
2013-10-10 09:16 - 2011-03-03 09:23 - 78106760 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-10-09 17:05 - 2012-06-26 09:49 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-10-09 17:05 - 2011-06-14 12:19 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-10-09 12:18 - 2011-02-28 16:14 - 00041084 _____ C:\Windows\PFRO.log
2013-10-09 11:21 - 2013-10-09 11:20 - 00000000 ____D C:\Users\USER\AppData\Roaming\Mozilla
2013-10-09 11:20 - 2013-10-09 11:20 - 00001111 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-10-09 11:20 - 2013-10-09 11:20 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-10-09 11:20 - 2011-02-28 14:14 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-10-09 11:13 - 2011-02-28 14:20 - 00000000 ____D C:\Users\USER\AppData\Local\Mozilla
2013-10-09 11:00 - 2013-10-09 11:00 - 00000000 ____D C:\Users\USER\Downloads\backups
2013-10-09 10:58 - 2013-10-09 10:57 - 00388608 _____ (Trend Micro Inc.) C:\Users\USER\Downloads\hijackthis.exe
2013-10-09 10:48 - 2013-02-01 15:45 - 00001721 _____ C:\Windows\system32\InstallUtil.InstallLog
2013-10-09 10:47 - 2013-07-31 14:39 - 00000000 ____D C:\Program Files\Amazon
2013-10-09 10:24 - 2013-10-09 10:21 - 00000000 ____D C:\Users\USER\AppData\Roaming\Ykto
2013-10-09 10:21 - 2013-10-09 10:21 - 00000000 ____D C:\Users\USER\AppData\Roaming\Keas
2013-09-26 07:59 - 2009-07-14 06:53 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-09-23 08:15 - 2013-09-23 08:15 - 00000168 _____ C:\Users\USER\Downloads\html-2.3 (1).html
2013-09-23 08:14 - 2013-09-23 08:14 - 00009137 _____ C:\Users\USER\Downloads\html-2.3.html
2013-09-23 08:13 - 2013-09-23 08:13 - 00000168 _____ C:\Users\USER\Downloads\html-2.5.html
2013-09-23 01:28 - 2013-10-10 09:14 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-23 01:28 - 2013-10-10 09:14 - 01141248 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-23 01:28 - 2013-10-10 09:14 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-09-23 01:27 - 2013-10-10 09:14 - 14335488 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-23 01:27 - 2013-10-10 09:14 - 13761024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-23 01:27 - 2013-10-10 09:14 - 02876928 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-23 01:27 - 2013-10-10 09:14 - 02048512 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-23 01:27 - 2013-10-10 09:14 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-23 01:27 - 2013-10-10 09:14 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-23 01:27 - 2013-10-10 09:14 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-23 01:27 - 2013-10-10 09:14 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-09-23 01:27 - 2013-10-10 09:14 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-09-23 01:27 - 2013-10-10 09:14 - 00039424 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-23 01:27 - 2013-10-10 09:14 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-09-21 05:30 - 2013-10-10 09:14 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-21 04:39 - 2013-10-10 09:14 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
Files to move or delete:
====================
C:\Users\Public\AlexaNSISPlugin.6808.dll
C:\Users\Public\AlexaNSISPlugin.7552.dll
Some content of TEMP:
====================
C:\Users\USER\AppData\Local\Temp\1354784909.exe
C:\Users\USER\AppData\Local\Temp\1354838409.exe
C:\Users\USER\AppData\Local\Temp\1354842228.exe
C:\Users\USER\AppData\Local\Temp\1354850896.exe
C:\Users\USER\AppData\Local\Temp\1354958673.exe
C:\Users\USER\AppData\Local\Temp\1354983839.exe
C:\Users\USER\AppData\Local\Temp\1355943288.exe
C:\Users\USER\AppData\Local\Temp\1355976717.exe
C:\Users\USER\AppData\Local\Temp\1356079972.exe
C:\Users\USER\AppData\Local\Temp\1356138072.exe
C:\Users\USER\AppData\Local\Temp\1356147250.exe
C:\Users\USER\AppData\Local\Temp\1356157837.exe
C:\Users\USER\AppData\Local\Temp\1356238655.exe
C:\Users\USER\AppData\Local\Temp\1356239115.exe
C:\Users\USER\AppData\Local\Temp\1356268725.exe
C:\Users\USER\AppData\Local\Temp\1356277393.exe
C:\Users\USER\AppData\Local\Temp\1356311750.exe
C:\Users\USER\AppData\Local\Temp\1356759082.exe
C:\Users\USER\AppData\Local\Temp\1356773818.exe
C:\Users\USER\AppData\Local\Temp\1357417363.exe
C:\Users\USER\AppData\Local\Temp\1357440809.exe
C:\Users\USER\AppData\Local\Temp\1357517013.exe
C:\Users\USER\AppData\Local\Temp\1357525309.exe
C:\Users\USER\AppData\Local\Temp\1357548581.exe
C:\Users\USER\AppData\Local\Temp\1357579786.exe
C:\Users\USER\AppData\Local\Temp\1357587023.exe
C:\Users\USER\AppData\Local\Temp\1357614692.exe
C:\Users\USER\AppData\Local\Temp\1357622871.exe
C:\Users\USER\AppData\Local\Temp\1357682991.exe
C:\Users\USER\AppData\Local\Temp\1357741728.exe
C:\Users\USER\AppData\Local\Temp\1357755734.exe
C:\Users\USER\AppData\Local\Temp\1357763247.exe
C:\Users\USER\AppData\Local\Temp\1357771833.exe
C:\Users\USER\AppData\Local\Temp\jna4052414465679408263.dll
C:\Users\USER\AppData\Local\Temp\NEventMessages.dll
C:\Users\USER\AppData\Local\Temp\NOSEventMessages.dll
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-10-14 15:08
==================== End Of Log ============================
--- --- --- |
|
17.10.2013, 15:58
| #4 |
| /// TB-Ausbilder | Postbank Banking Trojaner + Logfiles Ja da läuft was.. Schritt 1 Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Schritt 2 Scan mit Combofix
Schritt 3 Starte noch einmal FRST.
Bitte poste in deiner nächsten Antwort:
__________________ cheers, Leo |
|
22.10.2013, 10:08
| #5 |
| | Postbank Banking Trojaner + Logfiles Hier das Ergebnis: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 22-10-2013
Ran by USER (administrator) on USER-PC on 22-10-2013 10:57:56
Running from C:\Users\USER\Desktop\Trojaner entfernen
Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Acronis) C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
(Acronis) C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
(Cisco Systems, Inc.) C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(pdfforge GmbH) C:\Program Files\PDF Architect\HelperService.exe
(pdfforge GmbH) C:\Program Files\PDF Architect\ConversionService.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\itype.exe
(Acronis) C:\Program Files\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe
(Acronis) C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
(Acronis) C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
(Nokia) C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
(Microsoft Corporation) C:\Program Files\Zune\ZuneLauncher.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(d.velop) C:\Program Files\d.velop\d3client\d3login.exe
(Nokia) C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
(Nokia) C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
(Nokia) C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
(Nokia) C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
(Nokia) C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Zune\ZuneNss.exe
(Microsoft Corporation) C:\Windows\system32\wuauclt.exe
(TeamViewer GmbH) C:\Users\USER\AppData\Local\Temp\TeamViewer\Version7\TeamViewer.exe
(TeamViewer GmbH) C:\Users\USER\AppData\Local\Temp\TeamViewer\Version7\tv_w32.exe
(TeamViewer GmbH) c:\users\user\appdata\local\temp\teamviewer\version7\TeamViewer_Desktop.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [8493600 2010-01-29] (Realtek Semiconductor)
HKLM\...\Run: [StartCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-08-25] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [itype] - C:\Program Files\Microsoft IntelliType Pro\itype.exe [1778064 2010-07-21] (Microsoft Corporation)
HKLM\...\Run: [SAOB Monitor] - C:\Program Files\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe [2536752 2010-08-20] (Acronis)
HKLM\...\Run: [TrueImageMonitor.exe] - C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe [5459136 2010-08-21] (Acronis)
HKLM\...\Run: [Acronis Scheduler2 Service] - C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe [390712 2010-08-21] (Acronis)
HKLM\...\Run: [NokiaMServer] - C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
HKLM\...\Run: [Zune Launcher] - C:\Program Files\Zune\ZuneLauncher.exe [159456 2011-08-05] (Microsoft Corporation)
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [995176 2013-08-12] (Microsoft Corporation)
HKLM\...\Run: [logonf] - C:\Program Files\Windows NT\logonf.lnk [650 2013-10-01] ()
HKLM\...\Run: [packvusrv] - C:\Program Files\Windows NT\packvusrv.lnk [664 2013-10-07] ()
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKCU\...\Run: [D3LOGIN] - C:\Program Files\d.velop\d3client\d3login.exe [351744 2007-08-08] (d.velop)
HKCU\...\Run: [NokiaOviSuite2] - C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe [724536 2011-05-20] (Nokia)
HKCU\...\Run: [{1B07821F-E2B1-CA33-4DA2-9104C64BD5CE}] - C:\Users\USER\AppData\Roaming\Keas\mahesy.exe
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x3E44D156D8FDCB01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {6D127035-96CD-4429-A754-10E49E69E54D} URL = hxxp://search.softonic.com/MON00016/tb_v1?q={searchTerms}&SearchSource=4&cc=
SearchScopes: HKCU - {BC91B570-6A28-40AD-9D58-39713D19E700} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=827316&p={searchTerms}
BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files\PDF Architect\PDFIEHelper.dll (pdfforge GmbH)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - No Name - !{8dcb7100-df86-4384-8842-8fa844297b3f} - No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\86zrn2w3.default
FF user.js: detected! => C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\86zrn2w3.default\user.js
FF Homepage: hxxp://www.msn.com/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Google.com/GoogleEarthPlugin - C:\Users\USER\AppData\Local\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\USER\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\USER\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: No Name - C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\86zrn2w3.default\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi
FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKLM\...\Firefox\Extensions: [bkmrksync@nokia.com] - C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\
FF Extension: PC Sync 2 Synchronisation Extension - C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\
FF HKLM\...\Firefox\Extensions: [{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}] - C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\
FF Extension: Firefox Synchronisation Extension - C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\
FF HKLM\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files\PDF Architect\FFPDFArchitectExt
FF HKLM\...\Thunderbird\Extensions: [{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}] - C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\
FF Extension: Thunderbird Address Book Synchronisation Extension - C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
Chrome:
=======
CHR RestoreOnStartup: "hxxp://start.iminent.com/?appId=26743BF3-DB62-4643-B7F2-168542EA3BDE"
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\USER\AppData\Local\Google\Chrome\Application\30.0.1599.69\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\USER\AppData\Local\Google\Chrome\Application\30.0.1599.69\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\USER\AppData\Local\Google\Chrome\Application\30.0.1599.69\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.310.5) - C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java(TM) Platform SE 6 U31) - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Earth Plugin) - C:\Users\USER\AppData\Local\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Users\USER\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Extension: (Chrome In-App Payments service) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0
CHR StartMenuInternet: Google Chrome - C:\Users\USER\AppData\Local\Google\Chrome\Application\chrome.exe
========================== Services (Whitelisted) =================
R2 AcrSch2Svc; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [779944 2010-08-21] (Acronis)
R2 afcdpsrv; C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe [3975088 2011-03-03] (Acronis)
R2 CVPND; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [1516584 2007-04-03] (Cisco Systems, Inc.)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-08-12] (Microsoft Corporation)
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [295376 2013-08-12] (Microsoft Corporation)
R2 PDF Architect Helper Service; C:\Program Files\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
R2 PDF Architect Service; C:\Program Files\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
==================== Drivers (Whitelisted) ====================
R3 AtiHDAudioService; C:\Windows\System32\drivers\AtihdW73.sys [101904 2010-07-15] (ATI Technologies, Inc.)
R0 CLFS; C:\Windows\System32\CLFS.sys [249408 2009-07-14] (Microsoft Corporation)
S3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.)
R2 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [306295 2007-04-03] (Cisco Systems, Inc.)
R3 DNE; C:\Windows\System32\DRIVERS\dne2000.sys [127376 2007-01-31] (Deterministic Networks, Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [211560 2013-06-18] (Microsoft Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [13216 2009-07-16] ()
S3 NuidFltr; C:\Windows\System32\DRIVERS\NuidFltr.sys [14736 2009-11-03] (Microsoft Corporation)
S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [34016 2013-01-10] (The OpenVPN Project)
U3 catchme; \??\C:\Users\USER\AppData\Local\Temp\catchme.sys [x]
S4 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
U3 mbr; \??\C:\ComboFix\mbr.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-10-22 10:54 - 2013-10-22 10:54 - 00015991 _____ C:\Users\USER\Desktop\Combobox.txt
2013-10-22 10:38 - 2013-10-22 10:38 - 00015991 _____ C:\ComboFix.txt
2013-10-21 10:34 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-10-21 10:34 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-10-21 10:34 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-10-21 10:34 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-10-21 10:34 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-10-21 10:34 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-10-21 10:34 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-10-21 10:34 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-10-21 10:01 - 2013-10-22 10:38 - 00000000 ____D C:\Qoobox
2013-10-21 10:01 - 2013-10-22 10:37 - 00000000 ____D C:\Windows\erdnt
2013-10-21 09:58 - 2013-10-22 10:29 - 05136138 ____R (Swearware) C:\Users\USER\Desktop\ComboFix.exe
2013-10-21 09:55 - 2013-10-21 09:55 - 00018098 _____ C:\Users\USER\Desktop\AdwCleaner[S0].txt
2013-10-21 09:48 - 2013-10-21 09:50 - 00000000 ____D C:\AdwCleaner
2013-10-21 09:46 - 2013-10-21 09:46 - 01060070 _____ C:\Users\USER\Desktop\adwcleaner.exe
2013-10-17 16:06 - 2013-10-17 16:06 - 00000000 ____D C:\FRST
2013-10-10 09:14 - 2013-09-23 01:28 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-10-10 09:14 - 2013-09-23 01:28 - 01141248 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-10-10 09:14 - 2013-09-23 01:28 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-10-10 09:14 - 2013-09-23 01:27 - 14335488 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-10-10 09:14 - 2013-09-23 01:27 - 13761024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-10-10 09:14 - 2013-09-23 01:27 - 02876928 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-10-10 09:14 - 2013-09-23 01:27 - 02048512 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-10-10 09:14 - 2013-09-23 01:27 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-10-10 09:14 - 2013-09-23 01:27 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-10-10 09:14 - 2013-09-23 01:27 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-10-10 09:14 - 2013-09-23 01:27 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-10-10 09:14 - 2013-09-23 01:27 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-10-10 09:14 - 2013-09-23 01:27 - 00039424 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-10-10 09:14 - 2013-09-23 01:27 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-10-10 09:14 - 2013-09-21 05:30 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-10-10 09:14 - 2013-09-21 04:39 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-10-10 09:03 - 2013-09-14 02:48 - 00338944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-10-10 09:03 - 2013-09-08 04:07 - 01294272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-10-10 09:03 - 2013-09-08 04:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2013-10-10 09:03 - 2013-08-29 03:51 - 03969472 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2013-10-10 09:03 - 2013-08-29 03:51 - 03914176 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-10-10 09:03 - 2013-08-29 03:50 - 01289096 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-10-10 09:03 - 2013-08-29 03:50 - 00619520 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2013-10-10 09:03 - 2013-08-29 03:48 - 00640512 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2013-10-10 09:03 - 2013-08-29 03:12 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbser.sys
2013-10-10 09:03 - 2013-08-28 03:04 - 02348544 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-10-10 09:03 - 2013-08-28 02:57 - 00434688 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2013-10-10 09:03 - 2013-08-01 13:03 - 00729024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-10-10 09:03 - 2013-07-20 12:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-10 09:03 - 2013-07-04 13:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2013-10-10 09:03 - 2013-07-04 13:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2013-10-10 09:03 - 2013-07-04 13:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2013-10-10 09:03 - 2013-07-04 11:48 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2013-10-10 09:03 - 2013-07-03 06:02 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbscan.sys
2013-10-10 09:03 - 2013-07-03 05:36 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2013-10-10 09:03 - 2013-07-03 05:36 - 00025728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2013-10-10 09:03 - 2013-06-06 06:52 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2013-10-10 09:03 - 2013-06-06 06:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2013-10-10 09:03 - 2013-06-06 06:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2013-10-10 09:03 - 2013-06-06 05:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2013-10-10 09:03 - 2013-06-06 05:01 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2013-10-10 09:02 - 2013-07-12 12:07 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys
2013-10-10 09:02 - 2013-06-26 00:56 - 00527064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2013-10-09 11:20 - 2013-10-09 11:21 - 00000000 ____D C:\Users\USER\AppData\Roaming\Mozilla
2013-10-09 11:20 - 2013-10-09 11:20 - 00001111 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-10-09 11:20 - 2013-10-09 11:20 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-10-09 11:00 - 2013-10-09 11:00 - 00000000 ____D C:\Users\USER\Downloads\backups
2013-10-09 10:21 - 2013-10-09 10:24 - 00000000 ____D C:\Users\USER\AppData\Roaming\Ykto
2013-09-23 08:15 - 2013-09-23 08:15 - 00000168 _____ C:\Users\USER\Downloads\html-2.3 (1).html
2013-09-23 08:14 - 2013-09-23 08:14 - 00009137 _____ C:\Users\USER\Downloads\html-2.3.html
2013-09-23 08:13 - 2013-09-23 08:13 - 00000168 _____ C:\Users\USER\Downloads\html-2.5.html
==================== One Month Modified Files and Folders =======
2013-10-22 10:54 - 2013-10-22 10:54 - 00015991 _____ C:\Users\USER\Desktop\Combobox.txt
2013-10-22 10:38 - 2013-10-22 10:38 - 00015991 _____ C:\ComboFix.txt
2013-10-22 10:38 - 2013-10-21 10:01 - 00000000 ____D C:\Qoobox
2013-10-22 10:38 - 2009-07-14 04:37 - 00000000 __RHD C:\Users\Default
2013-10-22 10:38 - 2009-07-14 04:37 - 00000000 ___RD C:\Users\Public
2013-10-22 10:37 - 2013-10-21 10:01 - 00000000 ____D C:\Windows\erdnt
2013-10-22 10:37 - 2009-07-14 04:04 - 00000215 _____ C:\Windows\system.ini
2013-10-22 10:34 - 2011-02-28 20:48 - 01436677 _____ C:\Windows\WindowsUpdate.log
2013-10-22 10:31 - 2011-02-28 16:25 - 00001116 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-145834025-3833221412-4044396105-1000UA.job
2013-10-22 10:29 - 2013-10-21 09:58 - 05136138 ____R (Swearware) C:\Users\USER\Desktop\ComboFix.exe
2013-10-22 10:23 - 2011-02-28 17:22 - 00000000 ____D C:\RKES
2013-10-22 10:04 - 2012-06-26 09:50 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-22 07:57 - 2012-06-04 11:06 - 00414208 ___SH C:\Users\USER\Documents\Thumbs.db
2013-10-22 07:27 - 2009-07-14 06:34 - 00014816 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-22 07:27 - 2009-07-14 06:34 - 00014816 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-22 07:20 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-22 07:20 - 2009-07-14 06:39 - 00118010 _____ C:\Windows\setupact.log
2013-10-22 07:20 - 2009-07-14 04:37 - 00000000 ____D C:\Program Files\Windows NT
2013-10-22 07:19 - 2011-02-28 16:14 - 00044282 _____ C:\Windows\PFRO.log
2013-10-21 09:55 - 2013-10-21 09:55 - 00018098 _____ C:\Users\USER\Desktop\AdwCleaner[S0].txt
2013-10-21 09:50 - 2013-10-21 09:48 - 00000000 ____D C:\AdwCleaner
2013-10-21 09:46 - 2013-10-21 09:46 - 01060070 _____ C:\Users\USER\Desktop\adwcleaner.exe
2013-10-17 16:06 - 2013-10-17 16:06 - 00000000 ____D C:\FRST
2013-10-17 14:31 - 2011-02-28 16:25 - 00001064 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-145834025-3833221412-4044396105-1000Core.job
2013-10-10 13:28 - 2011-03-03 09:32 - 00001912 _____ C:\Windows\epplauncher.mif
2013-10-10 13:28 - 2011-03-03 09:31 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-10-10 12:50 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\rescache
2013-10-10 10:20 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-10-10 09:32 - 2011-02-28 13:57 - 01507342 _____ C:\Windows\system32\PerfStringBackup.INI
2013-10-10 09:27 - 2012-06-01 13:50 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-10-10 09:27 - 2009-07-14 06:33 - 00374040 _____ C:\Windows\system32\FNTCACHE.DAT
2013-10-10 09:25 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\de-DE
2013-10-10 09:23 - 2011-02-28 14:37 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-10-10 09:21 - 2013-08-19 10:51 - 00000000 ____D C:\Windows\system32\MRT
2013-10-10 09:16 - 2011-03-03 09:23 - 78106760 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-10-09 17:05 - 2012-06-26 09:49 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-10-09 17:05 - 2011-06-14 12:19 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-10-09 11:21 - 2013-10-09 11:20 - 00000000 ____D C:\Users\USER\AppData\Roaming\Mozilla
2013-10-09 11:20 - 2013-10-09 11:20 - 00001111 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-10-09 11:20 - 2013-10-09 11:20 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-10-09 11:20 - 2011-02-28 14:14 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-10-09 11:13 - 2011-02-28 14:20 - 00000000 ____D C:\Users\USER\AppData\Local\Mozilla
2013-10-09 11:00 - 2013-10-09 11:00 - 00000000 ____D C:\Users\USER\Downloads\backups
2013-10-09 10:48 - 2013-02-01 15:45 - 00001721 _____ C:\Windows\system32\InstallUtil.InstallLog
2013-10-09 10:47 - 2013-07-31 14:39 - 00000000 ____D C:\Program Files\Amazon
2013-10-09 10:24 - 2013-10-09 10:21 - 00000000 ____D C:\Users\USER\AppData\Roaming\Ykto
2013-09-26 07:59 - 2009-07-14 06:53 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-09-23 08:15 - 2013-09-23 08:15 - 00000168 _____ C:\Users\USER\Downloads\html-2.3 (1).html
2013-09-23 08:14 - 2013-09-23 08:14 - 00009137 _____ C:\Users\USER\Downloads\html-2.3.html
2013-09-23 08:13 - 2013-09-23 08:13 - 00000168 _____ C:\Users\USER\Downloads\html-2.5.html
2013-09-23 01:28 - 2013-10-10 09:14 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-23 01:28 - 2013-10-10 09:14 - 01141248 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-23 01:28 - 2013-10-10 09:14 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-09-23 01:27 - 2013-10-10 09:14 - 14335488 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-23 01:27 - 2013-10-10 09:14 - 13761024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-23 01:27 - 2013-10-10 09:14 - 02876928 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-23 01:27 - 2013-10-10 09:14 - 02048512 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-23 01:27 - 2013-10-10 09:14 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-23 01:27 - 2013-10-10 09:14 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-23 01:27 - 2013-10-10 09:14 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-23 01:27 - 2013-10-10 09:14 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-09-23 01:27 - 2013-10-10 09:14 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-09-23 01:27 - 2013-10-10 09:14 - 00039424 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-23 01:27 - 2013-10-10 09:14 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
Files to move or delete:
====================
C:\Users\Public\AlexaNSISPlugin.6808.dll
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-10-21 09:35
==================== End Of Log ============================
Code:
ATTFilter ComboFix 13-10-21.01 - USER 22.10.2013 10:30:12.1.4 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.3550.2230 [GMT 2:00]
ausgeführt von:: c:\users\USER\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Public\AlexaNSISPlugin.7552.dll
c:\users\USER\AppData\Roaming\Keas
c:\users\USER\AppData\Roaming\Keas\mahesy.exe
c:\users\USER\AppData\Roaming\result.db
c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\outicon.exe
c:\windows\system32\is-D80A9.tmp
F:\install.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-09-22 bis 2013-10-22 ))))))))))))))))))))))))))))))
.
.
2013-10-22 08:36 . 2013-10-22 08:36 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-10-21 07:48 . 2013-10-21 07:50 -------- d-----w- C:\AdwCleaner
2013-10-21 05:35 . 2013-10-21 05:35 719224 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4621A31A-A31E-4540-A0BF-E54A1F6725FD}\gapaengine.dll
2013-10-21 05:35 . 2013-10-14 06:39 7796464 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{66C97DE0-8899-407F-9998-6753F57BCDCB}\mpengine.dll
2013-10-17 16:10 . 2013-10-14 06:39 7796464 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-10-17 14:06 . 2013-10-17 14:06 -------- d-----w- C:\FRST
2013-10-10 07:03 . 2013-08-29 01:51 3969472 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-10-10 07:02 . 2013-06-25 22:56 527064 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2013-10-10 07:02 . 2013-07-12 10:07 86016 ----a-w- c:\windows\system32\drivers\usbcir.sys
2013-10-09 08:21 . 2013-10-09 08:24 -------- d-----w- c:\users\USER\AppData\Roaming\Ykto
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-10-09 15:05 . 2012-06-26 07:49 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-10-09 15:05 . 2011-06-14 10:19 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-09-06 04:42 . 2011-03-25 06:22 718712 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-08-05 01:56 . 2013-09-11 04:40 133056 ----a-w- c:\windows\system32\drivers\ataport.sys
2013-08-02 01:50 . 2013-09-11 04:40 169984 ----a-w- c:\windows\system32\winsrv.dll
2013-08-02 01:49 . 2013-09-11 04:40 293376 ----a-w- c:\windows\system32\KernelBase.dll
2013-08-02 01:48 . 2013-09-11 04:40 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 04:40 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 04:40 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 04:40 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 04:40 4096 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 04:40 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 04:40 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 04:40 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 04:40 3072 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 04:40 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 04:40 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 04:40 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 04:40 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 04:40 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 04:40 3584 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 04:40 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 04:40 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 04:40 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 04:40 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 04:40 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 04:40 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 04:40 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 04:40 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 04:40 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-08-02 00:52 . 2013-09-11 04:40 271360 ----a-w- c:\windows\system32\conhost.exe
2013-08-02 00:43 . 2013-09-11 04:40 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-08-02 00:43 . 2013-09-11 04:40 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-08-02 00:43 . 2013-09-11 04:40 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-08-02 00:43 . 2013-09-11 04:40 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-07-31 12:38 . 2013-07-31 12:38 129536 ----a-w- c:\users\Public\AlexaNSISPlugin.6808.dll
2013-07-25 08:57 . 2013-08-19 07:59 1620992 ----a-w- c:\windows\system32\WMVDECOD.DLL
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"D3LOGIN"="c:\program files\d.velop\d3client\d3login.exe" [2007-08-08 351744]
"NokiaOviSuite2"="c:\program files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe" [2011-05-20 724536]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-01-29 8493600]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-08-25 98304]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2010-07-21 1778064]
"SAOB Monitor"="c:\program files\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe" [2010-08-20 2536752]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2010-08-21 5459136]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2010-08-21 390712]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 159456]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-08-12 995176]
"logonf"="c:\program files\Windows NT\logonf.lnk" [2013-10-01 650]
"packvusrv"="c:\program files\Windows NT\packvusrv.lnk" [2013-10-07 664]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-23 270336]
VPN Client.lnk - c:\windows\Installer\{CCBAA1F7-E5E1-48B2-9ED9-A79C6A37CE78}\Icon3E5562ED7.ico -user_logon [2011-3-3 6144]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users.WINDOWS^Startmenü^Programme^Autostart^d3register.lnk]
path=c:\dokumente und einstellungen\All Users.WINDOWS\Startmenü\Programme\Autostart\d3register.lnk
backup=c:\windows\pss\d3register.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^d3register.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\d3register.lnk
backup=c:\windows\pss\d3register.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Synchronizer]
2013-09-03 13:53 1272704 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\AdobeCollabSync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]
2011-01-07 14:55 1797488 ----a-w- c:\program files\Microsoft IntelliPoint\ipoint.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Google Update"="c:\users\USER\AppData\Local\Google\Update\GoogleUpdate.exe" /c
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe
.
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2013-06-18 107392]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe [2013-08-12 295376]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R4 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
S0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);c:\windows\system32\DRIVERS\tdrpm273.sys [2011-03-03 752128]
S2 afcdpsrv;Acronis Nonstop Backup service;c:\program files\Common Files\Acronis\CDP\afcdpsrv.exe [2011-03-03 3975088]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-08-26 176128]
S2 PDF Architect Helper Service;PDF Architect Helper Service;c:\program files\PDF Architect\HelperService.exe [2013-04-08 1320496]
S2 PDF Architect Service;PDF Architect Service;c:\program files\PDF Architect\ConversionService.exe [2013-04-08 799280]
S2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [2011-01-27 2253688]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-11-04 2320920]
S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [2011-03-03 163232]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2010-07-15 101904]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-01-06 44416]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-06-23 275048]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
Update-Service-Installer-Service REG_MULTI_SZ Update-Service-Installer-Service
.
Inhalt des "geplante Tasks" Ordners
.
2013-10-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-26 15:05]
.
2013-10-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-145834025-3833221412-4044396105-1000Core.job
- c:\users\USER\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-28 14:25]
.
2013-10-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-145834025-3833221412-4044396105-1000UA.job
- c:\users\USER\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-28 14:25]
.
.
------- Zusätzlicher Suchlauf -------
.
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1 192.168.2.1
FF - ProfilePath - c:\users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\86zrn2w3.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/
FF - ExtSQL: 2013-10-09 11:23; {fe272bd1-5f76-4ea4-8501-a05d35d823fc}; c:\users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\86zrn2w3.default\extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi
FF - ExtSQL: !HIDDEN! 2011-02-28 20:04; smartwebprinting@hp.com; c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-10 - (no file)
Toolbar-!{95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
HKCU-Run-{1B07821F-E2B1-CA33-4DA2-9104C64BD5CE} - c:\users\USER\AppData\Roaming\Keas\mahesy.exe
c:\users\USER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Outlook 2010.lnk - c:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\outicon.exe
MSConfigStartUp-D3LOGIN - c:\programme\d.velop\d3client\d3login.exe
AddRemove-VideoPerformer - c:\program files\VideoPerformer\uninstall.exe
AddRemove-FoxTab PDF Creator - c:\progra~1\FOXTAB~1\Uninstall\Uninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-10-22 10:38:49
ComboFix-quarantined-files.txt 2013-10-22 08:38
.
Vor Suchlauf: 9 Verzeichnis(se), 99.352.883.200 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 99.934.740.480 Bytes frei
.
- - End Of File - - 282149AD309CDD2A8F63A70B963CB127
A36C5E4F47E84449FF07ED3517B43A31
Code:
ATTFilter # AdwCleaner v3.010 - Bericht erstellt am 21/10/2013 um 09:50:41
# Updated 20/10/2013 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (32 bits)
# Benutzername : USER - USER-PC
# Gestartet von : C:\Users\USER\Desktop\adwcleaner.exe
# Option : Löschen
***** [ Dienste ] *****
Dienst Gelöscht : IBUpdaterService
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\boost_interprocess
Ordner Gelöscht : C:\ProgramData\IBUpdaterService
Ordner Gelöscht : C:\ProgramData\Premium
Ordner Gelöscht : C:\Program Files\SearchCore for Browsers
Ordner Gelöscht : C:\Program Files\VideoPerformer
Ordner Gelöscht : C:\Program Files\Windows iLivid Toolbar
Ordner Gelöscht : C:\Program Files\Common Files\spigot
Ordner Gelöscht : C:\USERs\USER\AppData\Local\Babylon
Ordner Gelöscht : C:\USERs\USER\AppData\Local\Ilivid Player
Ordner Gelöscht : C:\USERs\USER\AppData\Local\PackageAware
Ordner Gelöscht : C:\USERs\USER\AppData\Local\Temp\BabylonToolbar
Ordner Gelöscht : C:\USERs\USER\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\USERs\USER\AppData\LocalLow\IncrediMail_MediaBar_2
Ordner Gelöscht : C:\USERs\USER\AppData\Roaming\Babylon
Ordner Gelöscht : C:\USERs\USER\AppData\Roaming\OpenCandy
Ordner Gelöscht : C:\USERs\USER\AppData\Roaming\pdfforge
Ordner Gelöscht : C:\USERs\USER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoPerformer
Ordner Gelöscht : C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn
Ordner Gelöscht : C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj
Ordner Gelöscht : C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\engeblojhfeingnjnfpiceofljnjpldp
Datei Gelöscht : C:\USERs\USER\Desktop\Search The Web.url
Datei Gelöscht : C:\USERs\USER\Desktop\sweetpcfix.url
Datei Gelöscht : C:\Program Files\Mozilla Firefox\searchplugins\Babylon.xml
Datei Gelöscht : C:\Program Files\Mozilla Firefox\searchplugins\fcmdSrch.xml
Datei Gelöscht : C:\Program Files\Mozilla Firefox\searchplugins\Search_Results.xml
Datei Gelöscht : C:\Program Files\Mozilla Firefox\searchplugins\SearchResults.xml
Datei Gelöscht : C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage
Datei Gelöscht : C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage-journal
Datei Gelöscht : C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_apps.conduit.com_0.localstorage
Datei Gelöscht : C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_apps.conduit.com_0.localstorage-journal
Datei Gelöscht : C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_home.sweetim.com_0.localstorage
Datei Gelöscht : C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_home.sweetim.com_0.localstorage-journal
Datei Gelöscht : C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage
Datei Gelöscht : C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage-journal
Datei Gelöscht : C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.sweetim.com_0.localstorage
Datei Gelöscht : C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.sweetim.com_0.localstorage-journal
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj
Schlüssel Gelöscht : HKCU\Software\Google\Chrome\Extensions\engeblojhfeingnjnfpiceofljnjpldp
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\engeblojhfeingnjnfpiceofljnjpldp
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SweetPacks Communicator
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\BundleSweetIMSetup_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\BundleSweetIMSetup_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\facemoods_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\facemoods_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\facemoodssrv_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\facemoodssrv_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Searchqu Toolbar uninstall_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Searchqu Toolbar uninstall_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\softonic_ggl_1_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\softonic_ggl_1_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\sweetim_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\sweetim_rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\sweetimsetup_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\sweetimsetup_rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\sweetpacksupdatemanager_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_freepdf_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_freepdf_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_picture-converter_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_picture-converter_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{7ABBFE1C-E485-44AA-8F36-353751B4124D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9E393F82-2644-4AB6-B994-1AD39D6C59EE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35D-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416D-A838-AB665251703A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2426}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2426}
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EEE6C35B-6118-11DC-9C72-001320C79847}]
Schlüssel Gelöscht : HKCU\Software\Alexa Internet
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\DataMngr
Schlüssel Gelöscht : HKCU\Software\distromatic
Schlüssel Gelöscht : HKCU\Software\IGearSettings
Schlüssel Gelöscht : HKCU\Software\IM
Schlüssel Gelöscht : HKCU\Software\ImInstaller
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\performersoft llc
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\IncrediMail_MediaBar_2
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\smartbar
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\Software\Iminent
Schlüssel Gelöscht : HKLM\Software\ImInstaller
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Updater Service
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\00E944CB89111313EAF35A0553F547F9
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\53F55AF3F4049ED3FA6EA6F88E414E24
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E4BF4B11615E03C97732FD581AB607
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CE3DDAB2D152683FBCEB4866BCD2B0F
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AF6CE16AFEA5C9A39B766468A8B35C21
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FB1E44269B58F433A8C8E671E37CFDCF
***** [ Browser ] *****
-\\ Internet Explorer v10.0.9200.16720
-\\ Mozilla Firefox v24.0 (de)
[ Datei : C:\USERs\USER\AppData\Roaming\Mozilla\Firefox\Profiles\86zrn2w3.default\prefs.js ]
-\\ Google Chrome v
[ Datei : C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [18000 octets] - [21/10/2013 09:48:51]
AdwCleaner[S0].txt - [17956 octets] - [21/10/2013 09:50:41]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [18017 octets] ##########
|
|
22.10.2013, 10:38
| #6 |
| /// TB-Ausbilder | Postbank Banking Trojaner + Logfiles Hi, kannst du bitte einen Rechtsklick machen auf die Datei C:\Program Files\Windows NT\logonf.lnk, die Eigenschaften davon anzeigen lassen und dort ablesen, was für ein Ziel diese Verknüpfung hat (also auf welche Datei sie zeigt)? Schritt 1 Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter HKLM\...\Run: [logonf] - C:\Program Files\Windows NT\logonf.lnk [650 2013-10-01] ()
HKLM\...\Run: [packvusrv] - C:\Program Files\Windows NT\packvusrv.lnk [664 2013-10-07] ()
HKCU\...\Run: [{1B07821F-E2B1-CA33-4DA2-9104C64BD5CE}] - C:\Users\USER\AppData\Roaming\Keas\mahesy.exe
C:\Users\Public\*.dll
SearchScopes: HKCU - {6D127035-96CD-4429-A754-10E49E69E54D} URL = hxxp://search.softonic.com/MON00016/tb_v1?q={searchTerms}&SearchSource=4&cc=
CHR RestoreOnStartup: "hxxp://start.iminent.com/?appId=26743BF3-DB62-4643-B7F2-168542EA3BDE"
2013-10-09 10:21 - 2013-10-09 10:24 - 00000000 ____D C:\Users\USER\AppData\Roaming\Ykto
C:\ProgramData\dxmjpgk.exe.vir
CMD: dir /a/b "C:\Program Files\Windows NT"
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Schritt 2 Downloade Dir bitte  Malwarebytes Anti-Malware
Schritt 3 ESET Online Scanner
Schritt 4 Starte noch einmal FRST.
Bitte poste in deiner nächsten Antwort:
__________________ --> Postbank Banking Trojaner + Logfiles |
|
24.10.2013, 08:03
| #7 |
| | Postbank Banking Trojaner + Logfiles Hier der Pfad: "C:\Program Files\Windows NT\logonf.exe" -autorun Ein Klick auf Dateipfad öffnen... sagt mir, dass er die Datei nicht finden kann. Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 23-10-2013
Ran by USER at 2013-10-23 16:22:14 Run:1
Running from C:\Users\USER\Desktop\Trojaner entfernen
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
HKLM\...\Run: [logonf] - C:\Program Files\Windows NT\logonf.lnk [650 2013-10-01] ()
HKLM\...\Run: [packvusrv] - C:\Program Files\Windows NT\packvusrv.lnk [664 2013-10-07] ()
HKCU\...\Run: [{1B07821F-E2B1-CA33-4DA2-9104C64BD5CE}] - C:\Users\USER\AppData\Roaming\Keas\mahesy.exe
C:\Users\Public\*.dll
SearchScopes: HKCU - {6D127035-96CD-4429-A754-10E49E69E54D} URL = hxxp://search.softonic.com/MON00016/tb_v1?q={searchTerms}&SearchSource=4&cc=
CHR RestoreOnStartup: "hxxp://start.iminent.com/?appId=26743BF3-DB62-4643-B7F2-168542EA3BDE"
2013-10-09 10:21 - 2013-10-09 10:24 - 00000000 ____D C:\Users\USER\AppData\Roaming\Ykto
C:\ProgramData\dxmjpgk.exe.vir
CMD: dir /a/b "C:\Program Files\Windows NT"
*****************
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\logonf => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\packvusrv => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\{1B07821F-E2B1-CA33-4DA2-9104C64BD5CE} => Value deleted successfully.
C:\Users\Public\*.dll => Moved successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6D127035-96CD-4429-A754-10E49E69E54D} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{6D127035-96CD-4429-A754-10E49E69E54D} => Key not found.
CHR RestoreOnStartup: "hxxp://start.iminent.com/?appId=26743BF3-DB62-4643-B7F2-168542EA3BDE" ==> The Chrome "Settings" can be used to fix the entry.
C:\Users\USER\AppData\Roaming\Ykto => Moved successfully.
"C:\ProgramData\dxmjpgk.exe.vir" => File/Directory not found.
========= dir /a/b "C:\Program Files\Windows NT" =========
Accessories
logonf.lnk
packvusrv.lnk
TableTextService
Zubeh�r
========= End of CMD: =========
==== End of Fixlog ====
Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.10.23.06 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 10.0.9200.16721 USER :: USER-PC [Administrator] 23.10.2013 16:27:19 mbam-log-2013-10-23 (16-27-19).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 214067 Laufzeit: 6 Minute(n), 25 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\Users\USER\Downloads\PandaPDFConverter.exe (Adware.InstallBrain) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=bf02e3777eb0ff4f8195549b6142b69b
# engine=15602
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-10-23 03:58:48
# local_time=2013-10-23 05:58:48 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1023 16777215 0 0 0 0 0 0
# compatibility_mode=5893 16776574 100 94 9088471 134175119 0 0
# scanned=157785
# found=1
# cleaned=0
# scan_time=4350
sh=74F530C8EE13BA3159F40236F779CC3AC3C201F2 ft=1 fh=06c0fb779a7dfbe5 vn="a variant of Win32/Injector.AODX trojan" ac=I fn="C:\Qoobox\Quarantine\C\Users\USER\AppData\Roaming\Keas\mahesy.exe.vir"
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 23-10-2013 Ran by USER (administrator) on USER-PC on 24-10-2013 08:59:09 Running from C:\Users\USER\Desktop\Trojaner entfernen Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: German Standard Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) =================== (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (AMD) C:\Windows\system32\atiesrxx.exe (AMD) C:\Windows\system32\atieclxx.exe (Acronis) C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (Acronis) C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe (Cisco Systems, Inc.) C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (pdfforge GmbH) C:\Program Files\PDF Architect\HelperService.exe (pdfforge GmbH) C:\Program Files\PDF Architect\ConversionService.exe (TeamViewer GmbH) C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\itype.exe (Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Acronis) C:\Program Files\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe (Acronis) C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis) C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe (Nokia) C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe (Microsoft Corporation) C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (d.velop) C:\Program Files\d.velop\d3client\d3login.exe (ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Nokia) C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe (Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe (Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe (Hewlett-Packard) C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe (Nokia) C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia) C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe (Nokia) C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe (Nokia) C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Microsoft Corporation) C:\Program Files\Zune\ZuneNss.exe (d.velop) C:\Program Files\d.velop\d3client\dwatch.exe (Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE (Microsoft Corporation) C:\RKES\OFFICE\MSACCESS.EXE (TeamViewer GmbH) C:\Users\USER\AppData\Local\Temp\TeamViewer\Version7\TeamViewer.exe (TeamViewer GmbH) C:\Users\USER\AppData\Local\Temp\TeamViewer\Version7\tv_w32.exe (TeamViewer GmbH) c:\users\user\appdata\local\temp\teamviewer\version7\TeamViewer_Desktop.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [8493600 2010-01-29] (Realtek Semiconductor) HKLM\...\Run: [StartCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-08-25] (Advanced Micro Devices, Inc.) HKLM\...\Run: [itype] - C:\Program Files\Microsoft IntelliType Pro\itype.exe [1778064 2010-07-21] (Microsoft Corporation) HKLM\...\Run: [SAOB Monitor] - C:\Program Files\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe [2536752 2010-08-20] (Acronis) HKLM\...\Run: [TrueImageMonitor.exe] - C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe [5459136 2010-08-21] (Acronis) HKLM\...\Run: [Acronis Scheduler2 Service] - C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe [390712 2010-08-21] (Acronis) HKLM\...\Run: [NokiaMServer] - C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup HKLM\...\Run: [Zune Launcher] - C:\Program Files\Zune\ZuneLauncher.exe [159456 2011-08-05] (Microsoft Corporation) HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [995176 2013-08-12] (Microsoft Corporation) HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) HKLM\...\RunOnce: [ Malwarebytes Anti-Malware ] - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-04] (Malwarebytes Corporation) HKLM\...\Runonce: [ Malwarebytes Anti-Malware (cleanup)] - rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript HKCU\...\Run: [D3LOGIN] - C:\Program Files\d.velop\d3client\d3login.exe [351744 2007-08-08] (d.velop) HKCU\...\Run: [NokiaOviSuite2] - C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe [724536 2011-05-20] (Nokia) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/ HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x3E44D156D8FDCB01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/ SearchScopes: HKLM - DefaultScope value is missing. SearchScopes: HKCU - {BC91B570-6A28-40AD-9D58-39713D19E700} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=827316&p={searchTerms} BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.) BHO: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files\PDF Architect\PDFIEHelper.dll (pdfforge GmbH) BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.) Toolbar: HKLM - No Name - !{8dcb7100-df86-4384-8842-8fa844297b3f} - No File DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1 FireFox: ======== FF ProfilePath: C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\86zrn2w3.default FF user.js: detected! => C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\86zrn2w3.default\user.js FF Homepage: hxxp://www.msn.com/ FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll () FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @Google.com/GoogleEarthPlugin - C:\Users\USER\AppData\Local\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\USER\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\USER\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.) FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: No Name - C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\86zrn2w3.default\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF HKLM\...\Firefox\Extensions: [bkmrksync@nokia.com] - C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ FF Extension: PC Sync 2 Synchronisation Extension - C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ FF HKLM\...\Firefox\Extensions: [{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}] - C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ FF Extension: Firefox Synchronisation Extension - C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ FF HKLM\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files\PDF Architect\FFPDFArchitectExt FF Extension: PDF Architect Converter For Firefox - C:\Program Files\PDF Architect\FFPDFArchitectExt FF HKLM\...\Thunderbird\Extensions: [{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}] - C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ FF Extension: Thunderbird Address Book Synchronisation Extension - C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 Chrome: ======= CHR RestoreOnStartup: "hxxp://start.iminent.com/?appId=26743BF3-DB62-4643-B7F2-168542EA3BDE" CHR Plugin: (Remoting Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Users\USER\AppData\Local\Google\Chrome\Application\30.0.1599.69\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Users\USER\AppData\Local\Google\Chrome\Application\30.0.1599.69\pdf.dll () CHR Plugin: (Shockwave Flash) - C:\Users\USER\AppData\Local\Google\Chrome\Application\30.0.1599.69\gcswf32.dll No File CHR Plugin: (Shockwave Flash) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll No File CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (Java Deployment Toolkit 6.0.310.5) - C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.) CHR Plugin: (Java(TM) Platform SE 6 U31) - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) CHR Plugin: (Google Earth Plugin) - C:\Users\USER\AppData\Local\Google\Google Earth\plugin\npgeplugin.dll (Google) CHR Plugin: (Google Update) - C:\Users\USER\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File CHR Extension: (Chrome In-App Payments service) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0 CHR StartMenuInternet: Google Chrome - C:\Users\USER\AppData\Local\Google\Chrome\Application\chrome.exe ========================== Services (Whitelisted) ================= R2 AcrSch2Svc; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [779944 2010-08-21] (Acronis) R2 afcdpsrv; C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe [3975088 2011-03-03] (Acronis) R2 CVPND; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [1516584 2007-04-03] (Cisco Systems, Inc.) R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-08-12] (Microsoft Corporation) S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [295376 2013-08-12] (Microsoft Corporation) R2 PDF Architect Helper Service; C:\Program Files\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH) R2 PDF Architect Service; C:\Program Files\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH) ==================== Drivers (Whitelisted) ==================== R3 AtiHDAudioService; C:\Windows\System32\drivers\AtihdW73.sys [101904 2010-07-15] (ATI Technologies, Inc.) R0 CLFS; C:\Windows\System32\CLFS.sys [249408 2009-07-14] (Microsoft Corporation) S3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.) R2 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [306295 2007-04-03] (Cisco Systems, Inc.) R3 DNE; C:\Windows\System32\DRIVERS\dne2000.sys [127376 2007-01-31] (Deterministic Networks, Inc.) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [211560 2013-06-18] (Microsoft Corporation) R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [13216 2009-07-16] () S3 NuidFltr; C:\Windows\System32\DRIVERS\NuidFltr.sys [14736 2009-11-03] (Microsoft Corporation) U0 oxdcewck; C:\Windows\System32\drivers\oekn.sys [54016 2013-10-23] () S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [34016 2013-01-10] (The OpenVPN Project) S3 catchme; \??\C:\Users\USER\AppData\Local\Temp\catchme.sys [x] S4 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-10-23 16:41 - 2013-10-23 16:41 - 02347384 _____ (ESET) C:\Users\USER\Downloads\esetsmartinstaller_enu.exe 2013-10-23 16:39 - 2013-10-23 16:39 - 00054016 _____ C:\Windows\system32\Drivers\oekn.sys 2013-10-23 16:26 - 2013-10-23 16:26 - 00001073 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2013-10-23 16:26 - 2013-10-23 16:26 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware 2013-10-23 16:26 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2013-10-22 10:38 - 2013-10-22 10:38 - 00015991 _____ C:\ComboFix.txt 2013-10-21 10:34 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe 2013-10-21 10:34 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe 2013-10-21 10:34 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2013-10-21 10:34 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2013-10-21 10:34 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2013-10-21 10:34 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe 2013-10-21 10:34 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe 2013-10-21 10:34 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe 2013-10-21 10:01 - 2013-10-22 10:38 - 00000000 ____D C:\Qoobox 2013-10-21 10:01 - 2013-10-22 10:37 - 00000000 ____D C:\Windows\erdnt 2013-10-21 09:48 - 2013-10-21 09:50 - 00000000 ____D C:\AdwCleaner 2013-10-17 16:06 - 2013-10-17 16:06 - 00000000 ____D C:\FRST 2013-10-10 09:14 - 2013-09-23 01:28 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2013-10-10 09:14 - 2013-09-23 01:28 - 01141248 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2013-10-10 09:14 - 2013-09-23 01:28 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2013-10-10 09:14 - 2013-09-23 01:27 - 14335488 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2013-10-10 09:14 - 2013-09-23 01:27 - 13761024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2013-10-10 09:14 - 2013-09-23 01:27 - 02876928 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2013-10-10 09:14 - 2013-09-23 01:27 - 02048512 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2013-10-10 09:14 - 2013-09-23 01:27 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2013-10-10 09:14 - 2013-09-23 01:27 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2013-10-10 09:14 - 2013-09-23 01:27 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2013-10-10 09:14 - 2013-09-23 01:27 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2013-10-10 09:14 - 2013-09-23 01:27 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2013-10-10 09:14 - 2013-09-23 01:27 - 00039424 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2013-10-10 09:14 - 2013-09-23 01:27 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2013-10-10 09:14 - 2013-09-21 05:30 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2013-10-10 09:14 - 2013-09-21 04:39 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe 2013-10-10 09:03 - 2013-09-14 02:48 - 00338944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys 2013-10-10 09:03 - 2013-09-08 04:07 - 01294272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys 2013-10-10 09:03 - 2013-09-08 04:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll 2013-10-10 09:03 - 2013-08-29 03:51 - 03969472 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe 2013-10-10 09:03 - 2013-08-29 03:51 - 03914176 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2013-10-10 09:03 - 2013-08-29 03:50 - 01289096 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2013-10-10 09:03 - 2013-08-29 03:50 - 00619520 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll 2013-10-10 09:03 - 2013-08-29 03:48 - 00640512 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll 2013-10-10 09:03 - 2013-08-29 03:12 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbser.sys 2013-10-10 09:03 - 2013-08-28 03:04 - 02348544 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2013-10-10 09:03 - 2013-08-28 02:57 - 00434688 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll 2013-10-10 09:03 - 2013-08-01 13:03 - 00729024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys 2013-10-10 09:03 - 2013-07-20 12:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll 2013-10-10 09:03 - 2013-07-04 13:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll 2013-10-10 09:03 - 2013-07-04 13:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll 2013-10-10 09:03 - 2013-07-04 13:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll 2013-10-10 09:03 - 2013-07-04 11:48 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys 2013-10-10 09:03 - 2013-07-03 06:02 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbscan.sys 2013-10-10 09:03 - 2013-07-03 05:36 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys 2013-10-10 09:03 - 2013-07-03 05:36 - 00025728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys 2013-10-10 09:03 - 2013-06-06 06:52 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll 2013-10-10 09:03 - 2013-06-06 06:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll 2013-10-10 09:03 - 2013-06-06 06:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll 2013-10-10 09:03 - 2013-06-06 05:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll 2013-10-10 09:03 - 2013-06-06 05:01 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll 2013-10-10 09:02 - 2013-07-12 12:07 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys 2013-10-10 09:02 - 2013-06-26 00:56 - 00527064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys 2013-10-09 11:20 - 2013-10-09 11:21 - 00000000 ____D C:\Users\USER\AppData\Roaming\Mozilla 2013-10-09 11:20 - 2013-10-09 11:20 - 00001111 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk 2013-10-09 11:20 - 2013-10-09 11:20 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service 2013-10-09 11:00 - 2013-10-09 11:00 - 00000000 ____D C:\Users\USER\Downloads\backups ==================== One Month Modified Files and Folders ======= 2013-10-24 08:31 - 2011-02-28 16:25 - 00001116 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-145834025-3833221412-4044396105-1000UA.job 2013-10-24 08:04 - 2012-06-26 09:50 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-10-24 07:53 - 2012-06-04 11:06 - 00413696 ___SH C:\Users\USER\Documents\Thumbs.db 2013-10-24 06:51 - 2011-02-28 20:48 - 01591265 _____ C:\Windows\WindowsUpdate.log 2013-10-23 16:41 - 2013-10-23 16:41 - 02347384 _____ (ESET) C:\Users\USER\Downloads\esetsmartinstaller_enu.exe 2013-10-23 16:39 - 2013-10-23 16:39 - 00054016 _____ C:\Windows\system32\Drivers\oekn.sys 2013-10-23 16:39 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Microsoft.NET 2013-10-23 16:26 - 2013-10-23 16:26 - 00001073 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2013-10-23 16:26 - 2013-10-23 16:26 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware 2013-10-23 16:22 - 2009-07-14 04:37 - 00000000 ___RD C:\Users\Public 2013-10-23 15:37 - 2009-07-14 06:34 - 00014816 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-10-23 15:37 - 2009-07-14 06:34 - 00014816 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-10-23 15:30 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-10-23 15:30 - 2009-07-14 06:39 - 00118178 _____ C:\Windows\setupact.log 2013-10-22 16:02 - 2011-02-28 16:14 - 00044834 _____ C:\Windows\PFRO.log 2013-10-22 13:11 - 2011-02-28 14:37 - 00000000 ____D C:\ProgramData\Microsoft Help 2013-10-22 13:11 - 2009-07-14 04:04 - 00000513 _____ C:\Windows\win.ini 2013-10-22 10:38 - 2013-10-22 10:38 - 00015991 _____ C:\ComboFix.txt 2013-10-22 10:38 - 2013-10-21 10:01 - 00000000 ____D C:\Qoobox 2013-10-22 10:38 - 2009-07-14 04:37 - 00000000 __RHD C:\Users\Default 2013-10-22 10:37 - 2013-10-21 10:01 - 00000000 ____D C:\Windows\erdnt 2013-10-22 10:37 - 2009-07-14 04:04 - 00000215 _____ C:\Windows\system.ini 2013-10-22 07:20 - 2009-07-14 04:37 - 00000000 ____D C:\Program Files\Windows NT 2013-10-21 09:50 - 2013-10-21 09:48 - 00000000 ____D C:\AdwCleaner 2013-10-17 16:06 - 2013-10-17 16:06 - 00000000 ____D C:\FRST 2013-10-17 14:31 - 2011-02-28 16:25 - 00001064 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-145834025-3833221412-4044396105-1000Core.job 2013-10-10 13:28 - 2011-03-03 09:32 - 00001912 _____ C:\Windows\epplauncher.mif 2013-10-10 13:28 - 2011-03-03 09:31 - 00000000 ____D C:\Program Files\Microsoft Security Client 2013-10-10 12:50 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\rescache 2013-10-10 09:32 - 2011-02-28 13:57 - 01507342 _____ C:\Windows\system32\PerfStringBackup.INI 2013-10-10 09:27 - 2012-06-01 13:50 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2013-10-10 09:27 - 2009-07-14 06:33 - 00374040 _____ C:\Windows\system32\FNTCACHE.DAT 2013-10-10 09:25 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\de-DE 2013-10-10 09:21 - 2013-08-19 10:51 - 00000000 ____D C:\Windows\system32\MRT 2013-10-10 09:16 - 2011-03-03 09:23 - 78106760 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2013-10-09 17:05 - 2012-06-26 09:49 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2013-10-09 17:05 - 2011-06-14 12:19 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2013-10-09 11:21 - 2013-10-09 11:20 - 00000000 ____D C:\Users\USER\AppData\Roaming\Mozilla 2013-10-09 11:20 - 2013-10-09 11:20 - 00001111 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk 2013-10-09 11:20 - 2013-10-09 11:20 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service 2013-10-09 11:20 - 2011-02-28 14:14 - 00000000 ____D C:\Program Files\Mozilla Firefox 2013-10-09 11:13 - 2011-02-28 14:20 - 00000000 ____D C:\Users\USER\AppData\Local\Mozilla 2013-10-09 11:00 - 2013-10-09 11:00 - 00000000 ____D C:\Users\USER\Downloads\backups 2013-10-09 10:48 - 2013-02-01 15:45 - 00001721 _____ C:\Windows\system32\InstallUtil.InstallLog 2013-10-09 10:47 - 2013-07-31 14:39 - 00000000 ____D C:\Program Files\Amazon 2013-09-26 07:59 - 2009-07-14 06:53 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT Some content of TEMP: ==================== C:\Users\USER\AppData\Local\Temp\NEventMessages.dll C:\Users\USER\AppData\Local\Temp\NOSEventMessages.dll ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-10-21 09:35 ==================== End Of Log ============================ |
|
24.10.2013, 11:13
| #8 |
| /// TB-Ausbilder | Postbank Banking Trojaner + Logfiles Ok, sieht gut aus. Beachte noch den Hinweis zum Infostealer, wirf das alte Java runter und dann räumen wir auf.  Warnung: InfostealerAus deinen Logs ist ersichtlich, dass du Malware eingefangen hast, die es speziell auf deine sensitiven Daten (Benutzernamen, Passwörter, Onlinebankingzugangsdaten, etc.) abgesehen hat. Man kann nicht genau wissen, was alles mitgeloggt wurde, aber sicherheitshalber würd ich alle auf diesem Rechner eingegebenen Daten und Passwörter als bekannt voraussetzen. Ich würde dir daher raten, zum Schluss oder von einem sauberen Rechner aus sämtliche Zugangsdaten, welche an diesem Rechner verwendet wurden, zu ändern. Schritt 1 Dein Java ist nicht mehr aktuell. Ältere Versionen enthalten Sicherheitslücken, die von Malware zur Infizierung per Drive-by Download missbraucht werden können. Die aktuelle Version ist Java 7 Update 45.
Überleg dir also, ob du eine Java-Installation wirklich brauchst. Falls du Java weiterhin verwenden möchtest, dann:
Überprüfe dann mit diesem Plugin-Check (mit dem Firefox hier), ob nun alle deine verwendeten Versionen aktuell sind und update sie anderenfalls. Cleanup Zum Schluss werden wir jetzt noch unsere Tools (inklusive der Quarantäne-Ordner) wegräumen, die verseuchten Systemwiederherstellungspunkte löschen und alle Einstellungen wieder herrichten. Auch diese Schritte sind noch wichtig und sollten in der angegebenen Reihenfolge ausgeführt werden.
>> OK << Wir sind durch, deine Logs sehen für mich im Moment sauber aus.  Ich habe dir nachfolgend ein paar Hinweise und Tipps zusammengestellt, die dazu beitragen sollen, dass du in Zukunft unsere Hilfe nicht mehr brauchen wirst. Bitte gib mir danach noch eine kurze Rückmeldung, wenn auch von deiner Seite keine Probleme oder Fragen mehr offen sind, damit ich dieses Thema als erledigt betrachten kann. Epilog: Tipps, Dos & Don'ts Aktualität von System und SoftwareDas Betriebsystem Windows muss zwingend immer auf dem neusten Stand sein. Stelle sicher, dass die automatischen Updates aktiviert sind:
Auch die installierte Software sollte immer in der aktuellsten Version vorliegen. Speziell gilt das für den Browser, Java, Flash-Player und PDF-Reader, denn bekannte Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim blossen Besuch einer präparierten Website per Drive-by Download Malware zu installieren. Das kann sogar auf normalerweise legitimen Websites geschehen, wenn es einem Angreifer gelungen ist, seinen Code in die Seite einzuschleusen, und ist deshalb relativ unberechenbar.
Sicherheits-SoftwareEine Bemerkung vorneweg: Jede Softwarelösung hat ihre Schwächen. Die gesamte Verantwortung für die Sicherheit auf Software zu übertragen und einen Rundum-Schutz zu erwarten, wäre eine gefährliche Illusion. Bei unbedachtem oder bewusst risikoreichem Verhalten wird auch das beste Programm früher oder später seinen Dienst versagen (z.B. ein Virenscanner, der eine verseuchte Datei nicht erkennt). Trotzdem ist entsprechende Software natürlich wichtig und hilft dir in Kombination mit einem gut gewarteten (up-to-date) System und durchdachtem Verhalten, deinen Rechner sauber zu halten.
Es liegt in der Natur der Sache, dass die am weitesten verbreitete Anwendungs-Software auch am häufigsten von Malware-Autoren attackiert wird. Es kann daher bereits einen kleinen Sicherheitsgewinn darstellen, wenn man alternative Software (z.B. einen alternativen PDF Reader) benutzt. Anstelle des Internet Explorers kann man beispielsweise den Mozilla Firefox einsetzen, für welchen es zwei nützliche Addons zur Empfehlung gibt:
(Un-)Sicheres Verhalten im InternetNebst unbemerkten Drive-by Installationen wird Malware aber auch oft mehr oder weniger aktiv vom Benutzer selbst installiert. Der Besuch zwielichtiger Websites kann bereits Risiken bergen. Und Downloads aus dubiosen Quellen sind immer russisches Roulette. Auch wenn der Virenscanner im Moment darin keine Bedrohung erkennt, muss das nichts bedeuten.
Oft wird auch versucht, den Benutzer mit mehr oder weniger trickreichen Methoden dazu zu bringen, eine für ihn verhängnisvolle Handlung selbst auszuführen (Überbegriff Social Engineering).
Nervige Adware (Werbung) und unnötige Toolbars werden auch meist durch den Benutzer selbst mitinstalliert.
Allgemeine HinweiseAbschliessend noch ein paar grundsätzliche Bemerkungen:
Wenn du möchtest, kannst du das Forum mit einer kleinen Spende unterstützen. Es bleibt mir nur noch, dir unbeschwertes und sicheres Surfen zu wünschen und dass wir uns hier so bald nicht wiedersehen. 
__________________ cheers, Leo |
|
17.11.2013, 22:22
| #9 |
| /// TB-Ausbilder | Postbank Banking Trojaner + Logfiles Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Ich bekomme somit keine Benachrichtigung mehr über neue Antworten. Solltest du das Thema erneut brauchen, schicke mir bitte eine PM und wir machen hier weiter. Jeder andere bitte diese Anleitung lesen und einen eigenen Thread erstellen.
__________________ cheers, Leo |
|
18.11.2013, 08:28
| #10 |
| | Postbank Banking Trojaner + Logfiles ja es hat alles geklappt! Vielen Dank noch einmal! :-) |
|
| Themen zu Postbank Banking Trojaner + Logfiles |
| adware.installbrain, anlage, antivir, banking trojaner, boot, boot cd, browser, dateien, erkannt, files, hoffe, infos, logfile, logfiles, postbank, spyhunter, spyhunter entfernen, support, troja, trojaner, weiterhelfen, welchem, win32/injector.aodx |
Linear-Darstellung
