| |
| |||||||
Log-Analyse und Auswertung: Log Datei Malewarebytes - E-Mail verschickt selbstständig SpamWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
16.01.2014, 11:15
| #1 |
| |  Log Datei Malewarebytes - E-Mail verschickt selbstständig Spam Hallo, ich habe ein großes Problem auf meinem Rechner. Von meiner E-Mail Adresse werden permanent E-Mails verschickt die ich selbst bei den gesendeten Objekten nicht sehe! Ich bekomme es nur mit da mir Leute antworten bzw. Abwesenheitsnotizen zurück kommen. Daraufhin habe ich hier etwas gelesen und Malewarebytes Installiert und aktualisiert um eine Log Datei zu erstellen. Bisher lief auf meinem PC Antivir und das war auch immer aktuell. Kann ich all diese aufgelisteten Dateien einfach entfernen? Oder wird dann der PC nicht mehr hochfahren? Was kann ich tun ohne den PC neu instalieren zu müssen? Folgenden Inhalt hat die Log Datei von Malewarebytes Malwarebytes Anti-Malware (Test) 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2014.01.16.02 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 11.0.9600.16476 Fritzlar :: PC330029 [Administrator] Schutz: Aktiviert 16.01.2014 10:43:08 MBAM-log-2014-01-16 (10-47-38).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 237613 Laufzeit: 3 Minute(n), 43 Sekunde(n) Infizierte Speicherprozesse: 1 C:\Users\Fritzlar\AppData\Roaming\KB00478123.exe (Trojan.Agent.Gen) -> 6128 -> Keine Aktion durchgeführt. Infizierte Speichermodule: 3 C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.8.3.8\BabylonToolbarTlbr.dll (PUP.Optional.BabylonToolBar.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.8.3.8\BabylonToolbarApp.dll (PUP.Optional.BabylonToolBar.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.8.3.8\BabylonToolbarEng.dll (PUP.Optional.BabylonToolBar.A) -> Keine Aktion durchgeführt. Infizierte Registrierungsschlüssel: 23 HKCR\CLSID\{98889811-442D-49dd-99D7-DC866BE87DBC} (PUP.Optional.BabylonToolBar.A) -> Keine Aktion durchgeführt. HKCR\Babylon.dskBnd.1 (PUP.Optional.BabylonToolBar.A) -> Keine Aktion durchgeführt. HKCR\Babylon.dskBnd (PUP.Optional.BabylonToolBar.A) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC} (PUP.Optional.BabylonToolBar.A) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC} (PUP.Optional.BabylonToolBar.A) -> Keine Aktion durchgeführt. HKCR\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370} (PUP.Optional.BabylonToolBar.A) -> Keine Aktion durchgeführt. HKCR\bbylnApp.appCore.1 (PUP.Optional.BabylonToolBar.A) -> Keine Aktion durchgeführt. HKCR\bbylnApp.appCore (PUP.Optional.BabylonToolBar.A) -> Keine Aktion durchgeführt. HKCR\CLSID\{B8276A94-891D-453C-9FF3-715C042A2575} (PUP.Optional.BabylonToolBar.A) -> Keine Aktion durchgeführt. HKCR\b (PUP.Optional.BabylonToolBar.A) -> Keine Aktion durchgeführt. HKCR\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1} (PUP.Optional.BabylonToolBar.A) -> Keine Aktion durchgeführt. HKCR\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1} (PUP.Optional.BabylonToolBar.A) -> Keine Aktion durchgeführt. HKCR\CLSID\{291BCCC1-6890-484a-89D3-318C928DAC1B} (PUP.Optional.BabylonToolBar.A) -> Keine Aktion durchgeführt. HKCR\esrv.BabylonESrvc.1 (PUP.Optional.BabylonToolBar.A) -> Keine Aktion durchgeführt. HKCR\esrv.BabylonESrvc (PUP.Optional.BabylonToolBar.A) -> Keine Aktion durchgeführt. HKCR\Typelib\{6E8BF012-2C85-4834-B10A-1B31AF173D70} (PUP.Optional.BabylonToolBar.A) -> Keine Aktion durchgeführt. HKCR\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A} (PUP.Optional.BabylonToolBar.A) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542} (PUP.Optional.BabylonToolBar.A) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\BabylonToolbar (PUP.Optional.BabylonToolBar.A) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\DataMngr_Toolbar (PUP.Optional.DataMngr.A) -> Keine Aktion durchgeführt. HKCU\Software\DataMngr (PUP.Optional.DataMngr.A) -> Keine Aktion durchgeführt. HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings (PUP.Optional.BProtector.A) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\BabylonToolbar (PUP.Optional.Babylon.A) -> Keine Aktion durchgeführt. Infizierte Registrierungswerte: 4 HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{98889811-442D-49DD-99D7-DC866BE87DBC} (PUP.Optional.BabylonToolBar.A) -> Daten: Babylon Toolbar -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|KB00478123.exe (Trojan.Agent.Gen) -> Daten: "C:\Users\Fritzlar\AppData\Roaming\KB00478123.exe" -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|bProtector Start Page (PUP.BProtector) -> Daten: hxxp://search.babylon.com/?affID=109958&tt=4612_1&babsrc=HP_ss&mntrId=4cafedeb0000000000004c72b9429b9d -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes|bProtectorDefaultScope (PUP.BProtector) -> Daten: {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} -> Keine Aktion durchgeführt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 5 C:\Users\Fritzlar\AppData\Roaming\Babylon (PUP.Optional.Babylon.A) -> Keine Aktion durchgeführt. C:\Users\Anwender\AppData\Roaming\File Scout (PUP.Optional.FileScout.A) -> Keine Aktion durchgeführt. C:\Users\Fritzlar\AppData\Local\Temp\mt_ffx\BabylonToolbar (PUP.Optional.BabylonToolbar.A) -> Keine Aktion durchgeführt. C:\Users\Fritzlar\AppData\Local\Temp\mt_ffx\BabylonToolbar\BabylonToolbar (PUP.Optional.BabylonToolbar.A) -> Keine Aktion durchgeführt. C:\Users\Fritzlar\AppData\Local\Temp\mt_ffx\BabylonToolbar\BabylonToolbar\1.8.3.8 (PUP.Optional.BabylonToolbar.A) -> Keine Aktion durchgeführt. Infizierte Dateien: 14 C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.8.3.8\BabylonToolbarTlbr.dll (PUP.Optional.BabylonToolBar.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.8.3.8\BabylonToolbarApp.dll (PUP.Optional.BabylonToolBar.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.8.3.8\BabylonToolbarEng.dll (PUP.Optional.BabylonToolBar.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.8.3.8\BabylonToolbarsrv.exe (PUP.Optional.BabylonToolBar.A) -> Keine Aktion durchgeführt. C:\Users\Anwender\AppData\Roaming\File Scout\filescout.exe (PUP.Optional.FileScout.A) -> Keine Aktion durchgeführt. C:\Users\Anwender\AppData\Local\Temp\7125.tmp (PUP.Optional.PerformerSoft.A) -> Keine Aktion durchgeführt. C:\Users\Fritzlar\AppData\Local\Temp\4F67.tmp (PUP.Optional.Babylon.A) -> Keine Aktion durchgeführt. C:\Users\Fritzlar\AppData\Local\Temp\9BBA.tmp (PUP.Optional.PerformerSoft.A) -> Keine Aktion durchgeführt. C:\Users\Fritzlar\AppData\Local\Temp\AD01.tmp (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt. C:\Users\Fritzlar\AppData\Local\Temp\F2D9.tmp (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt. C:\Users\Fritzlar\AppData\Local\Temp\InstallShare21171\bab_setup.exe (PUP.Optional.Babylon.A) -> Keine Aktion durchgeführt. C:\Users\Fritzlar\AppData\Roaming\Babylon\log_file.txt (PUP.Optional.Babylon.A) -> Keine Aktion durchgeführt. C:\Users\Fritzlar\AppData\Roaming\KB00478123.exe (Trojan.Agent.Gen) -> Keine Aktion durchgeführt. C:\Users\Anwender\AppData\Roaming\File Scout\uninst.exe (PUP.Optional.FileScout.A) -> Keine Aktion durchgeführt. (Ende) Für Hilfe wäre ich unendlich dankbar! LG Mia |
|
16.01.2014, 11:30
| #2 |
| /// the machine /// TB-Ausbilder    | Log Datei Malewarebytes - E-Mail verschickt selbstständig Spam hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
|
16.01.2014, 12:16
| #3 |
| | Log Datei Malewarebytes - E-Mail verschickt selbstständig Spam Hallo,
__________________habe das mit dem Farbar probiert. Habe ein 64 Bit System und die 64 Bit Version geladen und gestartet. Wenn ich auf "scan" drücke sehe ich kurz wie er beginnt ein paar Dateien zu scannen und dann kommt eine Windows Fehlermeldung. Sinngemäß sagt er mir das die farbar.exe nicht funktioniert und ich online nach einer Lösung suchen kann oder das Programm schließen. Habe es 5 mal probiert aber er bricht immer wieder mit der Meldung ab? Was hat das zu bedeuten? LG Mia Edit: Habe das Programm auch 2 mal runter geladen. Geändert von mialein (16.01.2014 um 12:24 Uhr) |
|
17.01.2014, 11:59
| #4 |
| /// the machine /// TB-Ausbilder | Log Datei Malewarebytes - E-Mail verschickt selbstständig Spam Komisch. Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden ).
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
23.01.2014, 14:23
| #5 |
| | Log Datei Malewarebytes - E-Mail verschickt selbstständig Spam Hallo, war die letzten Tage nicht am PC. Mit dem zuletzt genannten Programm konnte ich eine Log Datei erstellen. So sieht es aus:OTL Logfile: Code:
ATTFilter OTL logfile created on: 23.01.2014 14:08:10 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Fritzlar\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.11.9600.16428) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,82 Gb Total Physical Memory | 0,71 Gb Available Physical Memory | 18,50% Memory free 7,64 Gb Paging File | 4,08 Gb Available in Paging File | 53,48% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 233,32 Gb Total Space | 175,89 Gb Free Space | 75,39% Space Free | Partition Type: NTFS Drive D: | 6,56 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Drive E: | 232,34 Gb Total Space | 229,22 Gb Free Space | 98,65% Space Free | Partition Type: NTFS Drive F: | 465,65 Gb Total Space | 127,13 Gb Free Space | 27,30% Space Free | Partition Type: FAT32 Drive V: | 78,13 Gb Total Space | 1,68 Gb Free Space | 2,15% Space Free | Partition Type: NTFS Drive X: | 1862,40 Gb Total Space | 104,43 Gb Free Space | 5,61% Space Free | Partition Type: NTFS Drive Y: | 78,13 Gb Total Space | 1,68 Gb Free Space | 2,15% Space Free | Partition Type: NTFS Drive Z: | 78,13 Gb Total Space | 1,68 Gb Free Space | 2,15% Space Free | Partition Type: NTFS Computer Name: PC330029 | User Name: Fritzlar | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - File not found PRC - C:\Users\Fritzlar\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Tor\tor.exe () PRC - C:\DATEV\PROGRAMM\B0001442\PSNTServ.exe (DATEV eG) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\DATEV\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe (DATEV eG) PRC - C:\DATEV\PROGRAMM\B0000150\ScServer\DVckService.exe (DATEV eG) PRC - C:\DATEV\PROGRAMM\Sws\LiMaService.exe (DATEV eG) PRC - C:\DATEV\PROGRAMM\B0000398\SiPaHost.exe (DATEV eG) PRC - C:\DATEV\PROGRAMM\B0000398\SiPaHostService.exe (DATEV eG) PRC - C:\DATEV\PROGRAMM\Install\DvInesASDSvc.Exe (DATEV eG) PRC - C:\DATEV\SYSTEM\Nuko\NKWLOGIN.exe (DATEV eG) PRC - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe (TeamViewer GmbH) PRC - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH) PRC - C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe (TeamViewer GmbH) PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) PRC - C:\DATEV\PROGRAMM\D0100000\Datev.Framework.RemoteServiceModel.GenericService2010.exe (DATEV eG) PRC - C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.) PRC - C:\DATEV\PROGRAMM\B0000000\DFUEMNGR\DcManag.exe (DATEV eG) PRC - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe () PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) PRC - C:\DATEV\PROGRAMM\B0000404\msdisrv.exe (KOBIL Systems GmbH) PRC - C:\DATEV\SYSTEM\RzpjWtch.exe (DATEV eG) PRC - C:\Program Files (x86)\Firebird\Firebird_2_0\bin\fbguard.exe (FirebirdSQL Project) PRC - C:\Program Files (x86)\Firebird\Firebird_2_0\bin\fbserver.exe (FirebirdSQL Project) PRC - C:\PVSW\Bin\NTBTRV.EXE () PRC - C:\PVSW\Bin\NTDBSMGR.EXE () PRC - C:\PVSW\Bin\W3SQLMGR.EXE (Pervasive Software Inc.) ========== Modules (No Company Name) ========== MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.WorkflowServ#\decc12017394d466b473669f85b31b5d\System.WorkflowServices.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\0aa6ae92cf58fb9d614d00132c439b39\System.ServiceModel.Discovery.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\c8823408f21cc24f6add84812f1caaaf\System.ServiceModel.Routing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\53b16e9e500081433b043c3148d10239\System.ServiceModel.Channels.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\593b48b531c3445e6dae067cc6879cdd\System.ServiceModel.Web.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data.DataSet#\00711a4bc1014a1b22c16e62c1cce557\System.Data.DataSetExtensions.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Datev.Security.Iden#\16f4fe495dca7340d57db1b6c9168964\Datev.Security.IdentityManagement.Database.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Datev.Network\05fb8add8ed309511d33005b64db51d8\Datev.Network.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Datev.Framework.Ser#\eaab7f0c55cb2b34ecaa3e026c8953d5\Datev.Framework.ServiceBus.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Datev.Framework.Rem#\0e99536530746dc209e6dcf9ebd54986\Datev.Framework.RemoteServiceModel.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Datev.Framework.Mic#\9b17db1567cedc01fe2d6c7dc90b01ec\Datev.Framework.MicroKernel.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Datev.Framework.Mes#\aea87641c4fcbebcf220bb9e997c0cf1\Datev.Framework.Messages.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\DATEV.Framework.Int#\6684969b18bae00b6d6357d7144e972e\DATEV.Framework.Interop.OfficeObjectModel.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\DATEV.Framework.Int#\acb0fd77acd294e766da9e8b11392cf2\DATEV.Framework.Interop.Office.MSOffice12.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\DATEV.Framework.Int#\3c5ce8af61cc1e702fc89c39a89dc7c0\DATEV.Framework.Interop.Office.Goal.MSOTypes.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\DATEV.Framework.Int#\3c76afd2827aae5e1a6a8aa52adea739\DATEV.Framework.Interop.Office.Goal.Common.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\DATEV.Framework.Int#\2a0ee01e51a444aa70a7c74c6d61340b\DATEV.Framework.Interop.Office.Goal.BSOffice.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\DATEV.Framework.Int#\5b6371c8a1008b55ca0a48f260b3f3e9\DATEV.Framework.Interop.Office.Goal.Base.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\DATEV.Framework.Int#\f3428ba1ec8c42ba6f69339dde313c97\DATEV.Framework.Interop.Office.Extensions.Compatibility.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Datev.Framework.Int#\0b34b014292227431fd31035ceef3ba2\Datev.Framework.Interface.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Datev.Framework.Hos#\87bf09b581e2cdb90095387402ca0c6b\Datev.Framework.Hosting.Interface.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Datev.Framework.Dia#\c0887ced42561c0c2b9dc65b183fecc1\Datev.Framework.Diagnostics.RealTimeTracing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Datev.Database.Comm#\c23c550dbbcbbb9201b6f465435e5889\Datev.Database.Common.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Datev.Database.Publ#\6a1d381debe93e0b04cffff4d7197cf4\Datev.Database.PublicInterfaces.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Datev.Database.Cons#\6ab7a0117377c90b26cdaeb076d620cc\Datev.Database.ConserveManager.PlugIn.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Datev.ConfigDB\d0a3586446af1f7aa101a31ac36dbc1d\Datev.ConfigDB.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\5b0f72f144945b19324f94884e1e8699\System.ServiceModel.Activities.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\51ffeacb880d9c15fecc1c74f83e8973\System.IdentityModel.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\60608b811724b2711cb96817043c4dd8\System.ServiceModel.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\IAStorDataMgrSvcInt#\32c68615292d0e6fbc6d235dd541ee61\IAStorDataMgrSvcInterfaces.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\10ef07233e429503b5bc942aa6194fe8\System.Runtime.DurableInstancing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\10519c5a16fab95707f40b55941647b5\System.Runtime.Serialization.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Datev.Lexinform.Ser#\5ca3ce0150d26abcb07828aeb3737a7a\Datev.Lexinform.Services.SemanticRecognition.Interface.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Datev.Lexinform.Ser#\489a0660b11bb2d255fed4bd9efa7fd5\Datev.Lexinform.Services.SemanticRecognition.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Datev.Lexinform.Ser#\355cd6f9c0df6357214588f0f1e10a52\Datev.Lexinform.Services.LexinformSearch.Business.LocalSearch.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Datev.Lexinform.Ser#\d349277c6e8da1985b02f044727a2206\Datev.Lexinform.Services.LexinformSearch.Business.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Datev.Lexinform.Ser#\0e02a347eef0dd301ccf9cb90f06761f\Datev.Lexinform.Services.LexinformBase.ServiceContracts.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Datev.Lexinform.Ser#\c9d8b61b194d1a248daf55512ce66b20\Datev.Lexinform.Services.LexinformBase.LicenceRetriever.Business.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Datev.Lexinform.Ser#\5870a30b06213c5a768da772e4a25ecf\Datev.Lexinform.Services.LexinformBase.Interface.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Datev.Lexinform.Ser#\f50fd3303910b1e3550fb381afb56821\Datev.Lexinform.Services.LexinformBase.Business.Server.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Datev.Lexinform.Ser#\4877af1f2d2192535ef8ffef9949c790\Datev.Lexinform.Services.LexinformBase.Business.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Datev.Lexinform.Ser#\0b1df224491fd5f2a13f9f665cc02896\Datev.Lexinform.Services.Document.ServiceContracts.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Datev.Lexinform.Ser#\e10fd746531e18b99d01d7a1956ed09a\Datev.Lexinform.Services.Document.Business.Server.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Datev.Lexinform.Ser#\67bfeba9f823a685c06200bd5097d27e\Datev.Lexinform.Services.Document.Interface.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\de9e77138e17f0188104c9ec32d375da\System.Data.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.CSharp\fa0072823d9517fa1aca78405b49d3ae\Microsoft.CSharp.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Dynamic\38c8d5cc87e3b08170189613a6efea8b\System.Dynamic.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\e40d894a772b2cff5ffd5a84ef20d2d4\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\dac1208781fdd0b960afc12efff42944\System.Core.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\71d887ce964fb69b7f03c4fe7a3f28ff\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Datev.Security.Iden#\346b7df433c373ef6b60e178541c37ca\Datev.Security.IdentityManagement.IamClaimService.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Datev.Framework.Win#\628725ae917c7f6aef7e85f52b705763\Datev.Framework.Windows.MessageListeners.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Datev.Framework.Res#\d0015daf88ba283903134d95a9c0b6bd\Datev.Framework.ResourceData.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Datev.Framework.Rem#\52e8e45b503882dab685810ee3d19b58\Datev.Framework.RemoteServiceModel.GenericServiceBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\DATEV.Framework.Int#\e144a64b6f45925204f8d1e0f3a8a528\DATEV.Framework.Interop.Office.Word12.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\DATEV.Framework.Int#\b49314a634f98bf6d4b0c0fc15705316\DATEV.Framework.Interop.Office.Goal.ObjectFactory.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\DATEV.Framework.Int#\ac0a82d116c43dfa7556e0fa9830446e\DATEV.Framework.Interop.Office.Goal.Calc.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\DATEV.Framework.Int#\e2ec546ef40c590ca2c55a8d5006ca35\DATEV.Framework.Interop.Office.Goal.Basics.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\DATEV.Framework.Int#\797af1fef2e5f7f69a895b3ac7829b63\DATEV.Framework.Interop.Office.Extensions.OfficeUI.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\DATEV.Framework.Int#\87879028bdeeb98b5ab9bc7f3891c3e8\DATEV.Framework.Interop.Office.Extensions.Base.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Datev.Framework.Env#\4b8be5756ca686cdd2a9a1015a4b0c4c\Datev.Framework.Environment.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Datev.Framework.Dat#\0a267d02bc23217e8d7e70d5ef9a1a79\Datev.Framework.Data.PlugIn.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Datev.ConfigDB.Stor#\771e5ed154c876977db5816adc808637\Datev.ConfigDB.StorageProvider.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\IAStorUtil\7378eb7695a9b15e303df16d43a4084f\IAStorUtil.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\4d277a8481c203a35c58bd277a2e71df\System.Xaml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Cach#\0261fe53d071650a54759d4170ee019f\System.Runtime.Caching.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\102014a4f570b1dc944ff7eb8e1c6e2b\System.Transactions.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\af7d7a2e47e0ac57b4f0fe5e0c1cda9a\SMDiagnostics.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\7bf3e4deef4483205017aa7b13194845\System.ServiceProcess.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\884bcbd22130ebeb1211bc7bcc3910c9\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\3a3fc0216674bdea0be809b305517c98\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\de853615c8224ba5d9aa9b76276c6d98\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Datev.Network.Inter#\f41b1c423b0773c656fad36adadd7931\Datev.Network.Interfaces.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Datev.Framework.Lic#\1fdc26c5aa2e3e11a22c56362bbf794b\Datev.Framework.Licensing.PlugIn.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\DATEV.Framework.Int#\794f134fd574b106461b20b224b57df1\DATEV.Framework.Interop.Office.Goal.Text.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\DATEV.Framework.Int#\e9c1d3baac577ec5eac2d7a90437f1bb\DATEV.Framework.Interop.Office.Goal.Component.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\DATEV.Framework.Int#\6a851c744185a856a105954971d094ad\DATEV.Framework.Interop.Office.Goal.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\DATEV.Framework.Int#\e3c331ac5b358f4c190f2ddc78ba9e02\DATEV.Framework.Interop.Office.Extensions.DDMA.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\DATEV.Framework.Int#\3aa681fb4055d3e03daaec3f9686c96c\DATEV.Framework.Interop.Office.Extensions.BSOfficeMenu.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Datev.ConfigDB.Inte#\614b0fe9393254fba76ddb4bf0235a6c\Datev.ConfigDB.Interfaces.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Datev.ConfigDB.Plug#\5bfabe6cff190292ea59339b0cf04bee\Datev.ConfigDB.PlugIn.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\IAStorCommon\58e0f357dbe7cd9fb85de22272bc8526\IAStorCommon.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Datev.Lexinform.Ser#\5db10c17237f491b4cea4824fe0c5a59\Datev.Lexinform.Services.Search.Interface.Server.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Datev.Lexinform.Ser#\2757ed47185cd259ae1e5b59cde4e81a\Datev.Lexinform.Services.Document.Strategies.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\cf58670896c5313b9b52f026f4455a5d\mscorlib.ni.dll () MOD - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL () MOD - C:\Windows\assembly\GAC_32\Datev.Framework.Licensing.Wrapper\4.0.0.0__cbc631f1c682336b\Datev.Framework.Licensing.Wrapper.dll () MOD - C:\DATEV\SYSTEM\DVCCSASCMtf001.dll () MOD - C:\DATEV\SYSTEM\DVCCDBNETCONVAPIAX300.DLL () ========== Services (SafeList) ========== SRV:64bit: - (IEEtwCollectorService) -- C:\Windows\SysNative\IEEtwCollector.exe (Microsoft Corporation) SRV:64bit: - (hasplms) -- C:\Windows\SysNative\hasplms.exe (SafeNet Inc.) SRV:64bit: - (Intel(R) -- C:\Windows\SysNative\IPROSetMonitor.exe (Intel Corporation) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirWebService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (tor) -- C:\Program Files (x86)\Tor\tor.exe () SRV - (DatevPrintService) -- C:\DATEV\PROGRAMM\B0001442\PSNTServ.exe (DATEV eG) SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (DVckService) -- C:\DATEV\PROGRAMM\B0000150\ScServer\DVckService.exe (DATEV eG) SRV - (Sicherheitspaket-Dienst) -- C:\DATEV\PROGRAMM\B0000398\SiPaHostService.exe (DATEV eG) SRV - (DATEV Update-Service) -- C:\DATEV\PROGRAMM\Install\DvInesASDSvc.Exe (DATEV eG) SRV - (TeamViewer7) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (Dcmanag) -- C:\DATEV\PROGRAMM\B0000000\DFUEMNGR\DcManag.exe (DATEV eG) SRV - (cphs) -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Intel Corporation) SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe () SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) SRV - (Intel(R) -- C:\Programme\Intel\iCLS Client\HeciServer.exe (Intel(R) Corporation) SRV - (SQLAgent$DATEV_DBENGINE) -- C:\Programme\Microsoft SQL Server\MSSQL10_50.DATEV_DBENGINE\MSSQL\Binn\SQLAGENT.EXE (Microsoft Corporation) SRV - (MSSQL$DATEV_DBENGINE) -- C:\Programme\Microsoft SQL Server\MSSQL10_50.DATEV_DBENGINE\MSSQL\Binn\sqlservr.exe (Microsoft Corporation) SRV - (KOBIL_MSDI) -- C:\DATEV\PROGRAMM\B0000404\msdisrv.exe (KOBIL Systems GmbH) SRV - (MSSQLServerADHelper100) -- C:\Programme\Microsoft SQL Server\100\Shared\sqladhlp.exe (Microsoft Corporation) SRV - (MSSQLFDLauncher$DATEV_DBENGINE) -- C:\Programme\Microsoft SQL Server\MSSQL10_50.DATEV_DBENGINE\MSSQL\Binn\fdlauncher.exe (Microsoft Corporation) SRV - (SQLWriter) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (FirebirdGuardianDefaultInstance) -- C:\Program Files (x86)\Firebird\Firebird_2_0\bin\fbguard.exe (FirebirdSQL Project) SRV - (FirebirdServerDefaultInstance) -- C:\Program Files (x86)\Firebird\Firebird_2_0\bin\fbserver.exe (FirebirdSQL Project) SRV - (Pervasive.SQL 2000 (transactional) -- C:\PVSW\Bin\NTBTRV.EXE () SRV - (Pervasive.SQL 2000 (relational) -- C:\PVSW\Bin\W3SQLMGR.EXE (Pervasive Software Inc.) ========== Driver Services (SafeList) ========== DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (KOBCCID) -- C:\Windows\SysNative\drivers\KOBCCID.sys (KOBIL Systems GmbH) DRV:64bit: - (KOBCCEX) -- C:\Windows\SysNative\drivers\KOBCCEX.sys (KOBIL Systems GmbH) DRV:64bit: - (iaStorA) -- C:\Windows\SysNative\drivers\iaStorA.sys (Intel Corporation) DRV:64bit: - (iaStorF) -- C:\Windows\SysNative\drivers\iaStorF.sys (Intel Corporation) DRV:64bit: - (SC_SERV3D) -- C:\Windows\SysNative\drivers\d3_kafm.sys (Datev eG) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (iusb3xhc) -- C:\Windows\SysNative\drivers\iusb3xhc.sys (Intel Corporation) DRV:64bit: - (iusb3hub) -- C:\Windows\SysNative\drivers\iusb3hub.sys (Intel Corporation) DRV:64bit: - (iusb3hcs) -- C:\Windows\SysNative\drivers\iusb3hcs.sys (Intel Corporation) DRV:64bit: - (e1cexpress) -- C:\Windows\SysNative\drivers\e1c62x64.sys (Intel Corporation) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (aksfridge) -- C:\Windows\SysNative\drivers\aksfridge.sys (SafeNet Inc.) DRV:64bit: - (aksdf) -- C:\Windows\SysNative\drivers\aksdf.sys (SafeNet Inc.) DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (hardlock) -- C:\Windows\SysNative\drivers\hardlock.sys (SafeNet Inc.) DRV:64bit: - (RsFx0151) -- C:\Windows\SysNative\drivers\RsFx0151.sys (Microsoft Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://search.babylon.com/?affID=109958&tt=4612_1&babsrc=HP_ss&mntrId=4cafedeb0000000000004c72b9429b9d IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/?affID=109958&tt=4612_1&babsrc=HP_ss&mntrId=4cafedeb0000000000004c72b9429b9d IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 2E F1 2E 88 E2 C0 CD 01 [binary data] IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=109958&tt=4612_1&babsrc=SP_ss&mntrId=4cafedeb0000000000004c72b9429b9d IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.15.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{58bd07eb-0ee0-4df0-8121-dc9b693373df}: C:\ProgramData\Browser Manager\2.6.1123.78\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension [2012.11.12 20:02:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (DtvIePwdSafeBHO Class) - {6EF6B546-25FB-455B-801F-FDB3B3D39F9E} - C:\DATEV\PROGRAMM\B0000397\DtvIePwdSafe64.dll (DATEV eG) O2:64bit: - BHO: (SCardBHOEvent Class) - {AF8CD625-E04A-4A8F-A90A-0C74846C2E30} - C:\DATEV\SYSTEM\DVCCSASCardBHO64002.dll (DATEV eG) O2 - BHO: (ProxTube) - {0AA2810A-F009-4BD7-A10A-32F140A1B9F3} - C:\Users\Fritzlar\AppData\LocalLow\ProxTube\IE\ProxTube.dll (Malte Goetz) O2 - BHO: (DtvIePwdSafeBHO Class) - {6EF6B546-25FB-455B-801F-FDB3B3D39F9E} - C:\DATEV\PROGRAMM\B0000397\DtvIePwdSafe.dll (DATEV eG) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (SCardBHOEvent Class) - {AF8CD625-E04A-4A8F-A90A-0C74846C2E30} - C:\DATEV\SYSTEM\DVCCSASCardBHO002.dll (DATEV eG) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.8.3.8\BabylonToolbarTlbr.dll File not found O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [DATEV Update-Monitor] C:\DATEV\PROGRAMM\Install\DvInesASDMon.exe (DATEV eG) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe (Intel Corporation) O4 - HKLM..\Run: [IMSS] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe (Intel Corporation) O4 - HKLM..\Run: [SiPaHost] C:\DATEV\PROGRAMM\B0000398\SiPaHost.exe (DATEV eG) O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1 O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: datev.com ([]http is out of zone range - 5) O15 - HKCU\..Trusted Domains: datev.com ([]https is out of zone range - 5) O15 - HKCU\..Trusted Domains: datev.de ([]http is out of zone range - 5) O15 - HKCU\..Trusted Domains: datev.de ([]https is out of zone range - 5) O15 - HKCU\..Trusted Domains: datev.de ([www] http is out of zone range - 5) O15 - HKCU\..Trusted Domains: datev.de ([www] https is out of zone range - 5) O15 - HKCU\..Trusted Domains: datevnet.de ([*.services] http is out of zone range - 5) O15 - HKCU\..Trusted Domains: datevnet.de ([*.services] https is out of zone range - 5) O15 - HKCU\..Trusted Domains: datevstadt.de ([]http is out of zone range - 5) O15 - HKCU\..Trusted Domains: datevstadt.de ([]https is out of zone range - 5) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AA25A358-378C-43F8-87B0-944DE5505E50}: NameServer = 192.168.7.56 O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - AppInit_DLLs: (c:\progra~3\bitguard\271769~1.27\{16cdf~1\loader.dll) - File not found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2013.04.24 00:40:09 | 000,000,000 | R--D | M] - D:\AUTORUN -- [ UDF ] O32 - AutoRun File - [2009.10.01 12:01:20 | 000,000,047 | R--- | M] () - D:\AUTORUN.INF -- [ UDF ] O33 - MountPoints2\{e3697d43-37bb-11e3-8ca7-4c72b9429b9d}\Shell - "" = AutoRun O33 - MountPoints2\{e3697d43-37bb-11e3-8ca7-4c72b9429b9d}\Shell\AutoRun\command - "" = F:\HTC_Sync_Manager_PC.exe O33 - MountPoints2\{e93678ce-dc6e-11e1-b78d-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{e93678ce-dc6e-11e1-b78d-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Start.exe -- [2012.11.23 16:18:38 | 000,755,960 | R--- | M] (DATEV eG) O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2014.01.23 14:05:43 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Fritzlar\Desktop\OTL.exe [2014.01.16 12:29:49 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt [2014.01.16 12:07:05 | 000,000,000 | ---D | C] -- C:\FRST [2014.01.16 10:41:26 | 000,000,000 | ---D | C] -- C:\Users\Fritzlar\AppData\Roaming\Malwarebytes [2014.01.16 10:41:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2014.01.16 10:41:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2014.01.16 10:41:09 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2014.01.16 10:41:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2014.01.16 10:40:08 | 000,000,000 | ---D | C] -- C:\Users\Fritzlar\AppData\Local\Programs [2014.01.15 20:19:32 | 000,325,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbport.sys [2014.01.15 20:19:32 | 000,007,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbd.sys [2014.01.15 20:19:30 | 000,376,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys [2014.01.06 16:02:53 | 000,000,000 | -H-D | C] -- C:\Users\Fritzlar\AppData\Roaming\034DDA38 [2013.04.04 09:54:29 | 017,644,864 | ---- | C] (RIB Software AG ) -- C:\Users\Fritzlar\avasign_update.exe ========== Files - Modified Within 30 Days ========== [2014.01.23 13:43:34 | 001,799,866 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2014.01.23 13:43:34 | 000,762,792 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2014.01.23 13:43:34 | 000,718,110 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2014.01.23 13:43:34 | 000,173,498 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2014.01.23 13:43:34 | 000,146,452 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2014.01.22 19:18:22 | 000,029,760 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2014.01.22 19:18:22 | 000,029,760 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2014.01.22 16:36:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job [2014.01.20 09:16:55 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Fritzlar\Desktop\OTL.exe [2014.01.20 08:24:41 | 000,000,828 | ---- | M] () -- C:\Windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job [2014.01.20 08:23:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2014.01.20 08:23:33 | 3076,018,176 | -HS- | M] () -- C:\hiberfil.sys [2014.01.16 10:41:11 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2014.01.16 03:20:44 | 000,414,936 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2014.01.13 14:36:48 | 000,001,601 | -H-- | M] () -- C:\Users\Fritzlar\AppData\Roaming\body2.html ========== Files Created - No Company Name ========== [2014.01.16 10:41:11 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2014.01.13 07:35:36 | 000,001,601 | -H-- | C] () -- C:\Users\Fritzlar\AppData\Roaming\body2.html [2013.02.04 10:23:54 | 000,001,505 | ---- | C] () -- C:\Windows\HBCIKRNL.INI [2013.02.04 10:03:08 | 000,000,227 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc [2012.08.09 20:53:13 | 000,004,985 | ---- | C] () -- C:\Users\Fritzlar\AppData\Local\EmptySettings.xml [2012.08.06 15:10:47 | 000,000,151 | ---- | C] () -- C:\Windows\ODBC.INI [2012.08.06 14:43:17 | 000,000,021 | ---- | C] () -- C:\Windows\DvInesKurusOleServer003.INI [2012.08.06 14:42:14 | 001,776,824 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.08.06 14:39:24 | 000,000,108 | ---- | C] () -- C:\Windows\dvinesinstalllocation001.INI [2012.08.06 14:36:51 | 000,000,109 | ---- | C] () -- C:\Windows\Startup.INI [2012.08.06 14:21:17 | 000,000,052 | ---- | C] () -- C:\Windows\WUCADMIN.INI [2012.08.06 14:21:17 | 000,000,052 | ---- | C] () -- C:\Windows\W32UCADM.INI [2012.08.06 13:06:48 | 000,000,000 | ---- | C] () -- C:\Windows\efibu.ini [2012.08.06 12:49:58 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\Vamngr32.dll [2012.08.06 12:46:10 | 000,000,363 | ---- | C] () -- C:\Windows\ODBCINST.INI [2012.08.06 12:45:38 | 000,000,184 | ---- | C] () -- C:\Windows\BTI.INI [2012.07.03 11:27:17 | 000,000,110 | ---- | C] () -- C:\Windows\Bench32.INI [2012.07.03 09:46:03 | 000,755,572 | ---- | C] () -- C:\Windows\SysWow64\igkrng700.bin [2012.07.03 09:46:02 | 000,963,912 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin [2012.07.03 09:45:34 | 000,559,972 | ---- | C] () -- C:\Windows\SysWow64\igfcg700m.bin [2012.07.03 09:45:34 | 000,261,208 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin [2012.07.03 09:44:22 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll [2012.07.03 09:44:01 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin [2012.07.03 09:43:35 | 013,026,816 | ---- | C] () -- C:\Windows\SysWow64\ig7icd32.dll [2012.07.03 09:43:09 | 013,214,720 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll [2012.04.20 12:59:44 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013.07.26 03:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.07.26 02:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== Files - Unicode (All) ========== [2013.11.14 01:00:04 | 104,165,720 | ---- | M] ()(C:\Windows\SysWow64\???¶) -- C:\Windows\SysWow64\騤眒�¶ [2013.10.30 00:59:15 | 104,165,720 | ---- | C] ()(C:\Windows\SysWow64\???¶) -- C:\Windows\SysWow64\騤眒�¶ < End of report > Hilft das weiter? LG Mia |
|
24.01.2014, 09:25
| #6 |
| /// the machine /// TB-Ausbilder | Log Datei Malewarebytes - E-Mail verschickt selbstständig Spam Ja  MBAM updaten, Scannen, Funde diesmal löschen lassen. Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches OTL log bitte.
__________________ --> Log Datei Malewarebytes - E-Mail verschickt selbstständig Spam |
|
24.01.2014, 15:02
| #7 |
| | Log Datei Malewarebytes - E-Mail verschickt selbstständig Spam Hallo, danke erstmal für deine Unterstützung! Bin deine genannten Schritte jetzt durchgegangen und fange mit dem ersten Bericht an: ADW CleanerAdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v3.017 - Bericht erstellt am 24/01/2014 um 14:15:00
# Aktualisiert 12/01/2014 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzername : Fritzlar - PC330029
# Gestartet von : C:\Users\Fritzlar\Desktop\adwcleaner.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\Users\Anwender\AppData\LocalLow\BabylonToolbar
Ordner Gelöscht : C:\Users\Fritzlar\AppData\LocalLow\BabylonToolbar
Ordner Gelöscht : C:\Users\Fritzlar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard
Datei Gelöscht : C:\Windows\System32\Tasks\BitGuard
Datei Gelöscht : C:\Windows\System32\Tasks\Browser Manager
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Wert Gelöscht : HKCU\Software\Mozilla\Firefox\Extensions [{58BD07EB-0EE0-4DF0-8121-DC9B693373DF}]
Schlüssel Gelöscht : HKCU\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\BabylonToolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\babylon.com
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\*\shell\filescout
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Babylon.dskBnd
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Babylon.dskBnd.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\bbylnApp.appCore
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\bbylnApp.appCore.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Schlüssel Gelöscht : HKCU\Software\5f558f8fe168b913
Schlüssel Gelöscht : HKLM\SOFTWARE\5f558f8fe168b913
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{50F7F0BE-31BA-4145-BD8B-6B0DECFED804}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FD8F79A0-D2E2-4FA2-AEAF-393EAC8064F7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{FD8F79A0-D2E2-4FA2-AEAF-393EAC8064F7}
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{206a7328-437f-4bd9-b53e-12bfee24d588}
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.16428
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
*************************
AdwCleaner[R0].txt - [6751 octets] - [24/01/2014 14:12:44]
AdwCleaner[S0].txt - [6406 octets] - [24/01/2014 14:15:00]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6466 octets] ##########
Dann kommt der Bericht von JRT ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.1.0 (01.07.2014:1) OS: Windows 7 Professional x64 Ran by Fritzlar on 24.01.2014 at 14:21:46,97 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1936444783-2730222909-2985493418-1001\Software\sweetim ~~~ Files ~~~ Folders ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 24.01.2014 at 14:26:13,41 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Zum Schluß der aktuelle Bericht von OTLOTL Logfile: Code:
ATTFilter OTL logfile created on: 24.01.2014 14:27:44 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Fritzlar\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.11.9600.16428) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,82 Gb Total Physical Memory | 2,37 Gb Available Physical Memory | 61,92% Memory free 7,64 Gb Paging File | 5,68 Gb Available in Paging File | 74,32% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 233,32 Gb Total Space | 175,93 Gb Free Space | 75,40% Space Free | Partition Type: NTFS Drive D: | 6,56 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Drive E: | 232,34 Gb Total Space | 229,22 Gb Free Space | 98,65% Space Free | Partition Type: NTFS Drive F: | 465,65 Gb Total Space | 125,06 Gb Free Space | 26,86% Space Free | Partition Type: FAT32 Drive V: | 78,13 Gb Total Space | 1,67 Gb Free Space | 2,13% Space Free | Partition Type: NTFS Drive X: | 1862,40 Gb Total Space | 104,42 Gb Free Space | 5,61% Space Free | Partition Type: NTFS Drive Y: | 78,13 Gb Total Space | 1,67 Gb Free Space | 2,13% Space Free | Partition Type: NTFS Drive Z: | 78,13 Gb Total Space | 1,67 Gb Free Space | 2,13% Space Free | Partition Type: NTFS Computer Name: PC330029 | User Name: Fritzlar | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - File not found PRC - C:\Users\Fritzlar\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Tor\tor.exe () PRC - C:\DATEV\PROGRAMM\B0001442\PSNTServ.exe (DATEV eG) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\DATEV\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe (DATEV eG) PRC - C:\DATEV\PROGRAMM\B0000150\ScServer\DVckService.exe (DATEV eG) PRC - C:\DATEV\PROGRAMM\Sws\LiMaService.exe (DATEV eG) PRC - C:\DATEV\PROGRAMM\Sws\LiMaServer.exe (DATEV eG) PRC - C:\DATEV\PROGRAMM\B0000398\SiPaHost.exe (DATEV eG) PRC - C:\DATEV\PROGRAMM\B0000398\SiPaHostService.exe (DATEV eG) PRC - C:\DATEV\PROGRAMM\Install\DvInesASDMon.Exe (DATEV eG) PRC - C:\DATEV\PROGRAMM\Install\DvInesASDSvc.Exe (DATEV eG) PRC - C:\DATEV\PROGRAMM\B0000000\DFUEMNGR\DfueMan.exe (DATEV eG) PRC - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe (TeamViewer GmbH) PRC - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH) PRC - C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe (TeamViewer GmbH) PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) PRC - C:\DATEV\PROGRAMM\DFUEISDN\SSLClt\sslclt.exe (DATEV eG) PRC - C:\DATEV\PROGRAMM\B0000000\DFUEMNGR\DcManag.exe (DATEV eG) PRC - C:\DATEV\PROGRAMM\B0000299\AS\as.exe (DATEVeG) PRC - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe () PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) PRC - C:\DATEV\PROGRAMM\B0000404\msdisrv.exe (KOBIL Systems GmbH) PRC - C:\DATEV\SYSTEM\RzpjWtch.exe (DATEV eG) PRC - C:\Program Files (x86)\Firebird\Firebird_2_0\bin\fbguard.exe (FirebirdSQL Project) PRC - C:\Program Files (x86)\Firebird\Firebird_2_0\bin\fbserver.exe (FirebirdSQL Project) PRC - C:\PVSW\Bin\NTBTRV.EXE () PRC - C:\PVSW\Bin\NTDBSMGR.EXE () PRC - C:\PVSW\Bin\W3SQLMGR.EXE (Pervasive Software Inc.) ========== Modules (No Company Name) ========== MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.WorkflowServ#\decc12017394d466b473669f85b31b5d\System.WorkflowServices.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\0aa6ae92cf58fb9d614d00132c439b39\System.ServiceModel.Discovery.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\c8823408f21cc24f6add84812f1caaaf\System.ServiceModel.Routing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\53b16e9e500081433b043c3148d10239\System.ServiceModel.Channels.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\593b48b531c3445e6dae067cc6879cdd\System.ServiceModel.Web.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Datev.Framework.Mic#\9b17db1567cedc01fe2d6c7dc90b01ec\Datev.Framework.MicroKernel.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Datev.ConfigDB\d0a3586446af1f7aa101a31ac36dbc1d\Datev.ConfigDB.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\5b0f72f144945b19324f94884e1e8699\System.ServiceModel.Activities.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\51ffeacb880d9c15fecc1c74f83e8973\System.IdentityModel.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\60608b811724b2711cb96817043c4dd8\System.ServiceModel.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\IAStorDataMgrSvcInt#\32c68615292d0e6fbc6d235dd541ee61\IAStorDataMgrSvcInterfaces.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\10ef07233e429503b5bc942aa6194fe8\System.Runtime.DurableInstancing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\10519c5a16fab95707f40b55941647b5\System.Runtime.Serialization.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\e40d894a772b2cff5ffd5a84ef20d2d4\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\dac1208781fdd0b960afc12efff42944\System.Core.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\71d887ce964fb69b7f03c4fe7a3f28ff\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\IAStorUtil\7378eb7695a9b15e303df16d43a4084f\IAStorUtil.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\4d277a8481c203a35c58bd277a2e71df\System.Xaml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\af7d7a2e47e0ac57b4f0fe5e0c1cda9a\SMDiagnostics.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\884bcbd22130ebeb1211bc7bcc3910c9\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\3a3fc0216674bdea0be809b305517c98\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\de853615c8224ba5d9aa9b76276c6d98\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Datev.ConfigDB.Inte#\614b0fe9393254fba76ddb4bf0235a6c\Datev.ConfigDB.Interfaces.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\IAStorCommon\58e0f357dbe7cd9fb85de22272bc8526\IAStorCommon.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\cf58670896c5313b9b52f026f4455a5d\mscorlib.ni.dll () MOD - C:\DATEV\SYSTEM\DVCCSASCMtf001.dll () MOD - C:\DATEV\SYSTEM\DVCCDBNETCONVAPIAX300.DLL () ========== Services (SafeList) ========== SRV:64bit: - (IEEtwCollectorService) -- C:\Windows\SysNative\IEEtwCollector.exe (Microsoft Corporation) SRV:64bit: - (hasplms) -- C:\Windows\SysNative\hasplms.exe (SafeNet Inc.) SRV:64bit: - (Intel(R) -- C:\Windows\SysNative\IPROSetMonitor.exe (Intel Corporation) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirWebService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (tor) -- C:\Program Files (x86)\Tor\tor.exe () SRV - (DatevPrintService) -- C:\DATEV\PROGRAMM\B0001442\PSNTServ.exe (DATEV eG) SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (DVckService) -- C:\DATEV\PROGRAMM\B0000150\ScServer\DVckService.exe (DATEV eG) SRV - (Sicherheitspaket-Dienst) -- C:\DATEV\PROGRAMM\B0000398\SiPaHostService.exe (DATEV eG) SRV - (DATEV Update-Service) -- C:\DATEV\PROGRAMM\Install\DvInesASDSvc.Exe (DATEV eG) SRV - (TeamViewer7) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (Dcmanag) -- C:\DATEV\PROGRAMM\B0000000\DFUEMNGR\DcManag.exe (DATEV eG) SRV - (cphs) -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Intel Corporation) SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe () SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) SRV - (Intel(R) -- C:\Programme\Intel\iCLS Client\HeciServer.exe (Intel(R) Corporation) SRV - (SQLAgent$DATEV_DBENGINE) -- C:\Programme\Microsoft SQL Server\MSSQL10_50.DATEV_DBENGINE\MSSQL\Binn\SQLAGENT.EXE (Microsoft Corporation) SRV - (MSSQL$DATEV_DBENGINE) -- C:\Programme\Microsoft SQL Server\MSSQL10_50.DATEV_DBENGINE\MSSQL\Binn\sqlservr.exe (Microsoft Corporation) SRV - (KOBIL_MSDI) -- C:\DATEV\PROGRAMM\B0000404\msdisrv.exe (KOBIL Systems GmbH) SRV - (MSSQLServerADHelper100) -- C:\Programme\Microsoft SQL Server\100\Shared\sqladhlp.exe (Microsoft Corporation) SRV - (MSSQLFDLauncher$DATEV_DBENGINE) -- C:\Programme\Microsoft SQL Server\MSSQL10_50.DATEV_DBENGINE\MSSQL\Binn\fdlauncher.exe (Microsoft Corporation) SRV - (SQLWriter) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (FirebirdGuardianDefaultInstance) -- C:\Program Files (x86)\Firebird\Firebird_2_0\bin\fbguard.exe (FirebirdSQL Project) SRV - (FirebirdServerDefaultInstance) -- C:\Program Files (x86)\Firebird\Firebird_2_0\bin\fbserver.exe (FirebirdSQL Project) SRV - (Pervasive.SQL 2000 (transactional) -- C:\PVSW\Bin\NTBTRV.EXE () SRV - (Pervasive.SQL 2000 (relational) -- C:\PVSW\Bin\W3SQLMGR.EXE (Pervasive Software Inc.) ========== Driver Services (SafeList) ========== DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (KOBCCID) -- C:\Windows\SysNative\drivers\KOBCCID.sys (KOBIL Systems GmbH) DRV:64bit: - (KOBCCEX) -- C:\Windows\SysNative\drivers\KOBCCEX.sys (KOBIL Systems GmbH) DRV:64bit: - (iaStorA) -- C:\Windows\SysNative\drivers\iaStorA.sys (Intel Corporation) DRV:64bit: - (iaStorF) -- C:\Windows\SysNative\drivers\iaStorF.sys (Intel Corporation) DRV:64bit: - (SC_SERV3D) -- C:\Windows\SysNative\drivers\d3_kafm.sys (Datev eG) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (iusb3xhc) -- C:\Windows\SysNative\drivers\iusb3xhc.sys (Intel Corporation) DRV:64bit: - (iusb3hub) -- C:\Windows\SysNative\drivers\iusb3hub.sys (Intel Corporation) DRV:64bit: - (iusb3hcs) -- C:\Windows\SysNative\drivers\iusb3hcs.sys (Intel Corporation) DRV:64bit: - (e1cexpress) -- C:\Windows\SysNative\drivers\e1c62x64.sys (Intel Corporation) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (aksfridge) -- C:\Windows\SysNative\drivers\aksfridge.sys (SafeNet Inc.) DRV:64bit: - (aksdf) -- C:\Windows\SysNative\drivers\aksdf.sys (SafeNet Inc.) DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (hardlock) -- C:\Windows\SysNative\drivers\hardlock.sys (SafeNet Inc.) DRV:64bit: - (RsFx0151) -- C:\Windows\SysNative\drivers\RsFx0151.sys (Microsoft Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 2E F1 2E 88 E2 C0 CD 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.15.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) [2012.11.12 20:02:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (DtvIePwdSafeBHO Class) - {6EF6B546-25FB-455B-801F-FDB3B3D39F9E} - C:\DATEV\PROGRAMM\B0000397\DtvIePwdSafe64.dll (DATEV eG) O2:64bit: - BHO: (SCardBHOEvent Class) - {AF8CD625-E04A-4A8F-A90A-0C74846C2E30} - C:\DATEV\SYSTEM\DVCCSASCardBHO64002.dll (DATEV eG) O2 - BHO: (ProxTube) - {0AA2810A-F009-4BD7-A10A-32F140A1B9F3} - C:\Users\Fritzlar\AppData\LocalLow\ProxTube\IE\ProxTube.dll (Malte Goetz) O2 - BHO: (DtvIePwdSafeBHO Class) - {6EF6B546-25FB-455B-801F-FDB3B3D39F9E} - C:\DATEV\PROGRAMM\B0000397\DtvIePwdSafe.dll (DATEV eG) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (SCardBHOEvent Class) - {AF8CD625-E04A-4A8F-A90A-0C74846C2E30} - C:\DATEV\SYSTEM\DVCCSASCardBHO002.dll (DATEV eG) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [DATEV Update-Monitor] C:\DATEV\PROGRAMM\Install\DvInesASDMon.exe (DATEV eG) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe (Intel Corporation) O4 - HKLM..\Run: [IMSS] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe (Intel Corporation) O4 - HKLM..\Run: [SiPaHost] C:\DATEV\PROGRAMM\B0000398\SiPaHost.exe (DATEV eG) O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1 O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: datev.com ([]http is out of zone range - 5) O15 - HKCU\..Trusted Domains: datev.com ([]https is out of zone range - 5) O15 - HKCU\..Trusted Domains: datev.de ([]http is out of zone range - 5) O15 - HKCU\..Trusted Domains: datev.de ([]https is out of zone range - 5) O15 - HKCU\..Trusted Domains: datev.de ([www] http is out of zone range - 5) O15 - HKCU\..Trusted Domains: datev.de ([www] https is out of zone range - 5) O15 - HKCU\..Trusted Domains: datevnet.de ([*.services] http is out of zone range - 5) O15 - HKCU\..Trusted Domains: datevnet.de ([*.services] https is out of zone range - 5) O15 - HKCU\..Trusted Domains: datevstadt.de ([]http is out of zone range - 5) O15 - HKCU\..Trusted Domains: datevstadt.de ([]https is out of zone range - 5) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AA25A358-378C-43F8-87B0-944DE5505E50}: NameServer = 192.168.7.56 O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - AppInit_DLLs: (c:\progra~3\bitguard\271769~1.27\{16cdf~1\loader.dll) - File not found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2013.04.24 00:40:09 | 000,000,000 | R--D | M] - D:\AUTORUN -- [ UDF ] O32 - AutoRun File - [2009.10.01 12:01:20 | 000,000,047 | R--- | M] () - D:\AUTORUN.INF -- [ UDF ] O33 - MountPoints2\{e3697d43-37bb-11e3-8ca7-4c72b9429b9d}\Shell - "" = AutoRun O33 - MountPoints2\{e3697d43-37bb-11e3-8ca7-4c72b9429b9d}\Shell\AutoRun\command - "" = F:\HTC_Sync_Manager_PC.exe O33 - MountPoints2\{e93678ce-dc6e-11e1-b78d-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{e93678ce-dc6e-11e1-b78d-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Start.exe -- [2012.11.23 16:18:38 | 000,755,960 | R--- | M] (DATEV eG) O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2014.01.24 14:21:45 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2014.01.24 14:19:45 | 001,037,068 | ---- | C] (Thisisu) -- C:\Users\Fritzlar\Desktop\JRT.exe [2014.01.24 14:09:59 | 000,000,000 | ---D | C] -- C:\AdwCleaner [2014.01.23 14:05:43 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Fritzlar\Desktop\OTL.exe [2014.01.16 12:29:49 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt [2014.01.16 12:07:05 | 000,000,000 | ---D | C] -- C:\FRST [2014.01.16 10:41:26 | 000,000,000 | ---D | C] -- C:\Users\Fritzlar\AppData\Roaming\Malwarebytes [2014.01.16 10:41:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2014.01.16 10:41:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2014.01.16 10:41:09 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2014.01.16 10:41:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2014.01.16 10:40:08 | 000,000,000 | ---D | C] -- C:\Users\Fritzlar\AppData\Local\Programs [2014.01.15 20:19:32 | 000,325,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbport.sys [2014.01.15 20:19:32 | 000,007,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbd.sys [2014.01.15 20:19:30 | 000,376,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys [2014.01.06 16:02:53 | 000,000,000 | -H-D | C] -- C:\Users\Fritzlar\AppData\Roaming\034DDA38 [2013.04.04 09:54:29 | 017,644,864 | ---- | C] (RIB Software AG ) -- C:\Users\Fritzlar\avasign_update.exe ========== Files - Modified Within 30 Days ========== [2014.01.24 14:24:55 | 000,029,760 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2014.01.24 14:24:55 | 000,029,760 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2014.01.24 14:24:35 | 001,799,866 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2014.01.24 14:24:35 | 000,762,792 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2014.01.24 14:24:35 | 000,718,110 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2014.01.24 14:24:35 | 000,173,498 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2014.01.24 14:24:35 | 000,146,452 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2014.01.24 14:16:53 | 000,000,828 | ---- | M] () -- C:\Windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job [2014.01.24 14:16:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2014.01.24 14:16:17 | 3076,018,176 | -HS- | M] () -- C:\hiberfil.sys [2014.01.24 11:04:49 | 001,037,068 | ---- | M] (Thisisu) -- C:\Users\Fritzlar\Desktop\JRT.exe [2014.01.24 11:01:48 | 001,236,282 | ---- | M] () -- C:\Users\Fritzlar\Desktop\adwcleaner.exe [2014.01.23 16:36:02 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job [2014.01.20 09:16:55 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Fritzlar\Desktop\OTL.exe [2014.01.16 10:41:11 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2014.01.16 03:20:44 | 000,414,936 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2014.01.13 14:36:48 | 000,001,601 | -H-- | M] () -- C:\Users\Fritzlar\AppData\Roaming\body2.html ========== Files Created - No Company Name ========== [2014.01.24 14:09:45 | 001,236,282 | ---- | C] () -- C:\Users\Fritzlar\Desktop\adwcleaner.exe [2014.01.16 10:41:11 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2014.01.13 07:35:36 | 000,001,601 | -H-- | C] () -- C:\Users\Fritzlar\AppData\Roaming\body2.html [2013.02.04 10:23:54 | 000,001,505 | ---- | C] () -- C:\Windows\HBCIKRNL.INI [2013.02.04 10:03:08 | 000,000,227 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc [2012.08.09 20:53:13 | 000,004,985 | ---- | C] () -- C:\Users\Fritzlar\AppData\Local\EmptySettings.xml [2012.08.06 15:10:47 | 000,000,151 | ---- | C] () -- C:\Windows\ODBC.INI [2012.08.06 14:43:17 | 000,000,021 | ---- | C] () -- C:\Windows\DvInesKurusOleServer003.INI [2012.08.06 14:42:14 | 001,776,824 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.08.06 14:39:24 | 000,000,108 | ---- | C] () -- C:\Windows\dvinesinstalllocation001.INI [2012.08.06 14:36:51 | 000,000,109 | ---- | C] () -- C:\Windows\Startup.INI [2012.08.06 14:21:17 | 000,000,052 | ---- | C] () -- C:\Windows\WUCADMIN.INI [2012.08.06 14:21:17 | 000,000,052 | ---- | C] () -- C:\Windows\W32UCADM.INI [2012.08.06 13:06:48 | 000,000,000 | ---- | C] () -- C:\Windows\efibu.ini [2012.08.06 12:49:58 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\Vamngr32.dll [2012.08.06 12:46:10 | 000,000,363 | ---- | C] () -- C:\Windows\ODBCINST.INI [2012.08.06 12:45:38 | 000,000,184 | ---- | C] () -- C:\Windows\BTI.INI [2012.07.03 11:27:17 | 000,000,110 | ---- | C] () -- C:\Windows\Bench32.INI [2012.07.03 09:46:03 | 000,755,572 | ---- | C] () -- C:\Windows\SysWow64\igkrng700.bin [2012.07.03 09:46:02 | 000,963,912 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin [2012.07.03 09:45:34 | 000,559,972 | ---- | C] () -- C:\Windows\SysWow64\igfcg700m.bin [2012.07.03 09:45:34 | 000,261,208 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin [2012.07.03 09:44:22 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll [2012.07.03 09:44:01 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin [2012.07.03 09:43:35 | 013,026,816 | ---- | C] () -- C:\Windows\SysWow64\ig7icd32.dll [2012.07.03 09:43:09 | 013,214,720 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll [2012.04.20 12:59:44 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013.07.26 03:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.07.26 02:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== Files - Unicode (All) ========== [2013.11.14 01:00:04 | 104,165,720 | ---- | M] ()(C:\Windows\SysWow64\???¶) -- C:\Windows\SysWow64\騤眒�¶ [2013.10.30 00:59:15 | 104,165,720 | ---- | C] ()(C:\Windows\SysWow64\???¶) -- C:\Windows\SysWow64\騤眒�¶ < End of report > So viele Zeichen aber keine Ahnung was das alles zu bedeuten hat  Der PC läuft auf jedenfall nach dem entfernen der ganzen Dateien mit Malwarebytes noch. Kann ich denn jetzt wieder mein E-Mail Konto bei Outlook einrichten? Hatte das alles rausgenommen um keine weiteren Mails zu verschicken. Das Passwort hatte ich für den E-Mailzugang auch getauscht. LG Mia |
|
25.01.2014, 12:11
| #8 |
| /// the machine /// TB-Ausbilder | Log Datei Malewarebytes - E-Mail verschickt selbstständig Spam Ja kannste machen ESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Log Datei Malewarebytes - E-Mail verschickt selbstständig Spam |
| administrator, anti-malware, antworten, autostart, datei, entfernen, großes, hochfahren, neu, problem, pup.bprotector, pup.optional.babylon, pup.optional.babylon.a, pup.optional.babylontoolbar.a, pup.optional.bprotector.a, pup.optional.conduit.a, pup.optional.datamngr.a, pup.optional.filescout.a, pup.optional.performersoft.a, roaming, speicher, trojan.agent.gen, version |
Linear-Darstellung
