|
Plagegeister aller Art und deren Bekämpfung: Windows Vista: Zip Anhang einer Email von einer falschen Rechnung geöffnet-Angst vor VirusWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
21.01.2014, 22:26 | #1 |
| Windows Vista: Zip Anhang einer Email von einer falschen Rechnung geöffnet-Angst vor Virus Hallo liebes Team, ich benötige dringend eure Hilfe. Ich habe heute dummerweise einen Emailanhang, genauer gesagt eine zip-Datei von einer falschen Rechnung geöffnet und habe nach der Recherche im Internet nun Angst, dass ein Virus meinen Laptop komplett lahm legen könnte. Ich würde mich über Hilfe sehr freuen, da ich gar keine Ahnung von Rechnern/Laptops habe. Vielen Dank im Voraus Liebe Grüße Butterfly 16 |
21.01.2014, 22:56 | #2 |
/// the machine /// TB-Ausbilder | Windows Vista: Zip Anhang einer Email von einer falschen Rechnung geöffnet-Angst vor Virus hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
21.01.2014, 23:23 | #3 |
| Windows Vista: Zip Anhang einer Email von einer falschen Rechnung geöffnet-Angst vor Virus FRST Logfile:
__________________FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 21-01-2014 Ran by Samira (administrator) on SAMIRA-PC on 21-01-2014 23:19:45 Running from C:\Users\Samira\Downloads Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: German Standard Internet Explorer Version 9 Boot Mode: Normal ==================== Processes (Whitelisted) =================== (Microsoft Corporation) C:\Windows\System32\SLsvc.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe () C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Nero AG) C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe (Prolific Technology Inc.) C:\Windows\System32\IoctlSvc.exe (TuneUp Software) C:\Windows\System32\TUProgSt.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Realtek Semiconductor) C:\Windows\RtHDVCpl.exe (Google) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Packard Bell BV) C:\Program Files\PACKARD BELL\SetUpMyPC\SmpSys.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (PixArt Imaging Incorporation) C:\Windows\Pixart\Pac7302\Monitor.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe (Geek Software GmbH) C:\Program Files\PDF24\pdf24.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) C:\Windows\ehome\ehtray.exe (Sony) C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe (Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 5520 series\Bin\ScanToPCActivationApp.exe (Spotify Ltd) C:\Users\Samira\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe (Dropbox, Inc.) C:\Users\Samira\AppData\Roaming\Dropbox\bin\Dropbox.exe (Microsoft Corporation) C:\Windows\ehome\ehmsas.exe () C:\Program Files\Sony\Sony PC Companion\PCCompanionInfo.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 5520 series\Bin\HPNetworkCommunicatorCom.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe (Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jucheck.exe (Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Microsoft Corporation.) C:\Program Files\Microsoft\BingBar\7.3.124.0\SeaPort.EXE (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 5520 series\Bin\HPNetworkCommunicator.exe (Avanquest Software) C:\Program Files\Sony\Sony PC Companion\PCCService.exe (Cisco Systems, Inc.) C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (Cisco Systems, Inc.) C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashUtil10q_ActiveX.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Trend Micro Inc.) C:\Users\Samira\AppData\Local\Temp\HouseCall\housecall.bin (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation) HKLM\...\Run: [RtHDVCpl] - C:\Windows\RtHDVCpl.exe [6265376 2008-08-04] (Realtek Semiconductor) HKLM\...\Run: [Google Desktop Search] - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-07-21] (Google) HKLM\...\Run: [SmpcSys] - C:\Program Files\Packard Bell\SetupMyPC\SmpSys.exe [1038136 2008-07-07] (Packard Bell BV) HKLM\...\Run: [GrooveMonitor] - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation) HKLM\...\Run: [PAC7302_Monitor] - C:\Windows\Pixart\PAC7302\Monitor.exe [323584 2007-12-10] (PixArt Imaging Incorporation) HKLM\...\Run: [Skytel] - C:\Windows\Skytel.exe [1833504 2008-08-04] (Realtek Semiconductor Corp.) HKLM\...\Run: [AppleSyncNotifier] - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [47904 2010-09-21] (Apple Inc.) HKLM\...\Run: [] - [x] HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-19] (Avira Operations GmbH & Co. KG) HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254896 2012-09-17] (Sun Microsystems, Inc.) HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-01-28] (Apple Inc.) HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-02-20] (Apple Inc.) HKLM\...\Run: [HP Software Update] - C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard) HKLM\...\Run: [PDFPrint] - C:\Program Files\PDF24\pdf24.exe [162856 2013-06-10] (Geek Software GmbH) HKLM\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] - C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [707984 2013-10-10] (Cisco Systems, Inc.) HKLM\...\Winlogon: [Userinit] C:\Windows\system32\ezShellStart.exe HKCU\...\Run: [SmpcSys] - C:\Program Files\PACKARD BELL\SetUpMyPC\SmpSys.exe [1038136 2008-07-07] (Packard Bell BV) HKCU\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation) HKCU\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [68856 2009-10-09] (Google Inc.) HKCU\...\Run: [Sony PC Companion] - C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe [449760 2013-10-31] (Sony) HKCU\...\Run: [HP Photosmart 5520 series (NET)] - C:\Program Files\HP\HP Photosmart 5520 series\Bin\ScanToPCActivationApp.exe [1837672 2012-10-17] (Hewlett-Packard Co.) HKCU\...\Run: [Spotify Web Helper] - C:\Users\Samira\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1105408 2013-08-02] (Spotify Ltd) HKCU\...\Run: [iCloudServices] - C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [59872 2012-12-17] (Apple Inc.) HKCU\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\system32\Macromed\Flash\FlashUtil10q_ActiveX.exe -update activex [240288 2011-05-23] (Adobe Systems, Inc.) HKCU\...\Policies\system: [DisableLockWorkstation] 0 HKCU\...\Policies\system: [DisableChangePassword] 0 HKCU\...\Policies\Explorer: [NoLogoff] 0 MountPoints2: {865877c5-2d20-11df-abd8-00059a3c7800} - F:\autorun.bat MountPoints2: {b5de1e27-2179-11df-a1fb-00269e3e4172} - F:\shelexec.exe .\Html-Anleitung\index.htm MountPoints2: {d5c1f6a4-26d5-11df-9aff-00269e3e4172} - F:\shelexec.exe .\Html-Anleitung\index.htm HKU\Default\...\Run: [WindowsWelcomeCenter] - C:\Windows\system32\oobefldr.dll [ 2009-04-11] (Microsoft Corporation) Startup: C:\Users\Samira\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Samira\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) Startup: C:\Users\Samira\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Photosmart 5520 series (Netzwerk).lnk ShortcutTarget: Tintenwarnungen überwachen - HP Photosmart 5520 series (Netzwerk).lnk -> C:\Program Files\HP\HP Photosmart 5520 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&s=2&o=vp32&d=0909&m=easynote_mh36 HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&s=2&o=vp32&d=0909&m=easynote_mh36 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&s=2&o=vp32&d=0909&m=easynote_mh36 SearchScopes: HKLM - DefaultScope value is missing. SearchScopes: HKLM - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACPW SearchScopes: HKCU - DefaultScope {03159EC7-6646-4512-AC65-690AE8A20B36} URL = hxxp://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=4666642e-93cb-494d-9b40-30149c6d52f0&pid=icqt&mode=bounce SearchScopes: HKCU - {03159EC7-6646-4512-AC65-690AE8A20B36} URL = hxxp://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=4666642e-93cb-494d-9b40-30149c6d52f0&pid=icqt&mode=bounce SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E62696E672E636F6D2F7365617263683F713D7B7365617263685465726D737D267372633D49452D536561726368426F7826464F524D3D494538535243&st={searchTerms}&clid=4666642e-93cb-494d-9b40-30149c6d52f0&pid=icqt SearchScopes: HKCU - {07F6F4D2-76FB-411C-A091-1EA8613FD8CC} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10261&src=kw&q={searchTerms}&locale=&apn_ptnrs=^AGS&apn_dtid=^YYYYYY^YY^DE&apn_uid=583a7e0c-fd4a-4888-ac19-ad43793d5444&apn_sauid=79F3EECD-D282-492C-9A4F-9035B616BF5B SearchScopes: HKCU - {35414CE3-0FDA-4DC2-9748-E22DDECBD211} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms} SearchScopes: HKCU - {3EB0173B-7CBA-47FE-B4EB-BD5FD963C9CB} URL = hxxp://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=4666642e-93cb-494d-9b40-30149c6d52f0&pid=icqt&mode=bounce SearchScopes: HKCU - {4ACB0E1A-1369-424E-A7E5-C901DF970519} URL = hxxp://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=4666642e-93cb-494d-9b40-30149c6d52f0&pid=icqt&mode=bounce SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E676F6F676C652E636F6D2F7365617263683F736F7572636569643D69653726713D7B7365617263685465726D737D26726C733D636F6D2E6D6963726F736F66743A7B6C616E67756167657D3A7B72656665727265723A736F757263653F7D2669653D7B696E707574456E636F64696E677D266F653D7B6F7574707574456E636F64696E677D26726C7A3D31493741435057&st={searchTerms}&clid=4666642e-93cb-494d-9b40-30149c6d52f0&pid=icqt SearchScopes: HKCU - {6F27DB61-25F8-4F75-B6A9-C3DA7B912B1F} URL = hxxp://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=4666642e-93cb-494d-9b40-30149c6d52f0&pid=icqt&mode=bounce SearchScopes: HKCU - {A7345C8A-B5DB-44C2-8A08-B2BAEFF52ABC} URL = hxxp://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=4666642e-93cb-494d-9b40-30149c6d52f0&pid=icqt&mode=bounce SearchScopes: HKCU - {AC129BF9-68BF-4bc4-A1DC-ECB62712FF99} URL = hxxp://search.kikin.com/search/?q={searchTerms} SearchScopes: HKCU - {FB8B59F8-FD89-49C1-8401-64CAE413973A} URL = hxxp://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=4666642e-93cb-494d-9b40-30149c6d52f0&pid=icqt&mode=bounce BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.) BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) BHO: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\7.3.124.0\BingExt.dll (Microsoft Corporation.) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.3.124.0\BingExt.dll (Microsoft Corporation.) Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation) Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation) Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) ShellExecuteHooks: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\System32\ezUPBHook.dll [49152 2009-10-09] (EasyBits Software Corp.) ShellExecuteHooks: - UPB:{B5A7F190-DDA6-4420-B3BA-52453494E6CD} - No File [ ] Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.) Winsock: Catalog9 01 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 02 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 03 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 04 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 05 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 06 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 07 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 08 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 19 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\Samira\AppData\Roaming\Mozilla\Firefox\Profiles\m3sbls8f.default FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin: @java.com/DTPlugin,version=1.6.0_37 - C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.) FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF Plugin: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF Plugin: @microsoft.com/WLPG,version=14.0.8051.1204 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: @real.com/nppl3260;version=6.0.12.69 - C:\Program Files\VistaCodecPack\rm\browser\plugins\nppl3260.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprpjplug;version=6.0.12.69 - C:\Program Files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll (RealNetworks, Inc.) FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.) FF SearchPlugin: C:\Users\Samira\AppData\Roaming\Mozilla\Firefox\Profiles\m3sbls8f.default\searchplugins\icqplugin-10.xml FF SearchPlugin: C:\Users\Samira\AppData\Roaming\Mozilla\Firefox\Profiles\m3sbls8f.default\searchplugins\icqplugin-11.xml FF SearchPlugin: C:\Users\Samira\AppData\Roaming\Mozilla\Firefox\Profiles\m3sbls8f.default\searchplugins\icqplugin-12.xml FF SearchPlugin: C:\Users\Samira\AppData\Roaming\Mozilla\Firefox\Profiles\m3sbls8f.default\searchplugins\icqplugin-13.xml FF SearchPlugin: C:\Users\Samira\AppData\Roaming\Mozilla\Firefox\Profiles\m3sbls8f.default\searchplugins\icqplugin-14.xml FF SearchPlugin: C:\Users\Samira\AppData\Roaming\Mozilla\Firefox\Profiles\m3sbls8f.default\searchplugins\icqplugin-4.xml FF SearchPlugin: C:\Users\Samira\AppData\Roaming\Mozilla\Firefox\Profiles\m3sbls8f.default\searchplugins\icqplugin-5.xml FF SearchPlugin: C:\Users\Samira\AppData\Roaming\Mozilla\Firefox\Profiles\m3sbls8f.default\searchplugins\icqplugin-6.xml FF SearchPlugin: C:\Users\Samira\AppData\Roaming\Mozilla\Firefox\Profiles\m3sbls8f.default\searchplugins\icqplugin-7.xml FF SearchPlugin: C:\Users\Samira\AppData\Roaming\Mozilla\Firefox\Profiles\m3sbls8f.default\searchplugins\icqplugin-8.xml FF SearchPlugin: C:\Users\Samira\AppData\Roaming\Mozilla\Firefox\Profiles\m3sbls8f.default\searchplugins\icqplugin-9.xml FF SearchPlugin: C:\Users\Samira\AppData\Roaming\Mozilla\Firefox\Profiles\m3sbls8f.default\searchplugins\searchplugins-backup FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\googledesktop.xml FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml FF Extension: Microsoft .NET Framework Assistant - C:\Users\Samira\AppData\Roaming\Mozilla\Firefox\Profiles\m3sbls8f.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011-01-11] FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2013-04-20] FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [] Chrome: ======= CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\32.0.1700.76\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\32.0.1700.76\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\32.0.1700.76\pdf.dll () CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll (Apple Inc.) CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File CHR Plugin: (Java(TM) Platform SE 6 U37) - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files\VistaCodecPack\rm\browser\plugins\nppl3260.dll (RealNetworks, Inc.) CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll (RealNetworks, Inc.) CHR Plugin: (Windows Live\u00AE Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () CHR Plugin: (Windows Presentation Foundation) - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll () CHR Plugin: (Java Deployment Toolkit 6.0.370.6) - C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.) CHR Extension: (Google Drive) - C:\Users\Samira\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-04-21] CHR Extension: (Google Wallet) - C:\Users\Samira\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-30] CHR Extension: (Bitdefender QuickScan) - C:\Users\Samira\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie [2014-01-21] CHR HKLM\...\Chrome\Extension: [aaaaabfjnbeinlpljodiajipidiompfl] - C:\Users\Samira\AppData\Local\APN\GoogleCRXs\aaaaabfjnbeinlpljodiajipidiompfl_7.15.11.0.crx [2014-01-21] ========================== Services (Whitelisted) ================= R2 AdobeActiveFileMonitor6.0; C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [124832 2007-09-11] () R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440376 2013-12-19] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-19] (Avira Operations GmbH & Co. KG) R2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [1011768 2013-12-19] (Avira Operations GmbH & Co. KG) S3 GoogleDesktopManager-051210-111108; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-07-21] (Google) S2 gupdate1ca4ce3cb650f18; C:\Program Files\Google\Update\GoogleUpdate.exe [133104 2009-10-14] (Google Inc.) S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [235216 2013-09-06] (McAfee, Inc.) R3 Sony PC Companion; C:\Program Files\Sony\Sony PC Companion\PCCService.exe [155824 2013-02-04] (Avanquest Software) S3 TuneUp.Defrag; C:\Windows\System32\TuneUpDefragService.exe [360192 2009-10-09] (TuneUp Software) R2 TuneUp.ProgramStatisticsSvc; C:\Windows\System32\TUProgSt.exe [603904 2009-10-09] (TuneUp Software) R2 vpnagent; C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [558480 2013-10-10] (Cisco Systems, Inc.) ==================== Drivers (Whitelisted) ==================== R3 acsint; C:\Windows\System32\DRIVERS\acsint.sys [40304 2013-10-10] (Cisco Systems, Inc.) R3 acsmux; C:\Windows\System32\DRIVERS\acsmux.sys [58736 2013-10-10] (Cisco Systems, Inc.) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [90400 2013-12-19] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135648 2013-12-19] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-11-19] (Avira Operations GmbH & Co. KG) S3 camfilt2; C:\Windows\System32\DRIVERS\camfilt2.sys [98432 2008-02-27] (Guillemot Corporation) S3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.) S4 DNE; C:\Windows\System32\DRIVERS\dne2000.sys [131984 2008-11-16] (Deterministic Networks, Inc.) S3 PAC7302; C:\Windows\System32\DRIVERS\PAC7302.SYS [457984 2007-09-10] (PixArt Imaging Inc.) R3 pfc; C:\Windows\System32\drivers\pfc.sys [10368 2009-10-10] (Padus, Inc.) S3 s0017bus; C:\Windows\System32\DRIVERS\s0017bus.sys [86824 2008-10-21] (MCCI Corporation) S3 s0017mdfl; C:\Windows\System32\DRIVERS\s0017mdfl.sys [15016 2008-10-21] (MCCI Corporation) S3 s0017mdm; C:\Windows\System32\DRIVERS\s0017mdm.sys [114600 2008-10-21] (MCCI Corporation) S3 s0017mgmt; C:\Windows\System32\DRIVERS\s0017mgmt.sys [108328 2008-10-21] (MCCI Corporation) S3 s0017nd5; C:\Windows\System32\DRIVERS\s0017nd5.sys [26024 2008-10-21] (MCCI Corporation) S3 s0017obex; C:\Windows\System32\DRIVERS\s0017obex.sys [104616 2008-10-21] (MCCI Corporation) S3 s0017unic; C:\Windows\System32\DRIVERS\s0017unic.sys [109736 2008-10-21] (MCCI Corporation) R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2012-08-27] (Avira GmbH) R1 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [200976 2011-06-21] (Trend Micro Inc.) S3 EraserUtilDrvI9; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrvI9.sys [x] S3 IpInIp; system32\DRIVERS\ipinip.sys [x] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-01-21 23:19 - 2014-01-21 23:19 - 00030041 _____ C:\Users\Samira\Downloads\FRST.txt 2014-01-21 23:19 - 2014-01-21 23:19 - 00000000 ____D C:\FRST 2014-01-21 23:18 - 2014-01-21 23:19 - 01222144 _____ (Farbar) C:\Users\Samira\Downloads\FRST.exe 2014-01-21 23:07 - 2014-01-21 23:07 - 00000000 ____D C:\Users\Samira\AppData\Roaming\QuickScan 2014-01-21 22:57 - 2011-06-21 05:09 - 00200976 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmcomm.sys 2014-01-21 22:56 - 2014-01-21 22:56 - 00000036 _____ C:\Users\Samira\AppData\Local\housecall.guid.cache 2014-01-21 21:55 - 2014-01-21 21:55 - 00048827 _____ C:\Users\Samira\Downloads\Forderung der abgewiesenen Buchung 16.01.2014 - beauftragte Anwaltschaft.zip 2014-01-21 21:41 - 2013-10-10 22:29 - 00040304 ____R (Cisco Systems, Inc.) C:\Windows\system32\Drivers\acsint.sys 2014-01-16 15:29 - 2014-01-16 15:29 - 00465800 _____ C:\Users\Samira\Downloads\KIC1 (1).ZIP 2014-01-16 15:25 - 2014-01-16 15:25 - 01501314 _____ C:\Users\Samira\Downloads\KIC2 (1).ZIP 2014-01-14 16:30 - 2014-01-14 16:30 - 00007939 _____ C:\Users\Samira\Desktop\Sparkasse am Niederrhein O2 (35450000) - SEPA Überweisung.htm 2014-01-14 16:30 - 2014-01-14 16:30 - 00000000 ____D C:\Users\Samira\Desktop\Sparkasse am Niederrhein O2 (35450000) - SEPA Überweisung_files ==================== One Month Modified Files and Folders ======= 2014-01-21 23:19 - 2014-01-21 23:19 - 00030041 _____ C:\Users\Samira\Downloads\FRST.txt 2014-01-21 23:19 - 2014-01-21 23:19 - 00000000 ____D C:\FRST 2014-01-21 23:19 - 2014-01-21 23:18 - 01222144 _____ (Farbar) C:\Users\Samira\Downloads\FRST.exe 2014-01-21 23:16 - 2006-11-02 13:47 - 00003216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2014-01-21 23:16 - 2006-11-02 13:47 - 00003216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2014-01-21 23:07 - 2014-01-21 23:07 - 00000000 ____D C:\Users\Samira\AppData\Roaming\QuickScan 2014-01-21 23:06 - 2009-09-20 12:21 - 02013979 _____ C:\Windows\WindowsUpdate.log 2014-01-21 23:00 - 2009-10-09 21:43 - 00000502 _____ C:\Windows\Tasks\1-Klick-Wartung.job 2014-01-21 22:56 - 2014-01-21 22:56 - 00000036 _____ C:\Users\Samira\AppData\Local\housecall.guid.cache 2014-01-21 22:37 - 2009-10-14 16:46 - 00001098 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-01-21 22:28 - 2013-06-13 21:05 - 00000000 ____D C:\Users\Samira\Desktop\Masterbewerbung 2014-01-21 21:55 - 2014-01-21 21:55 - 00048827 _____ C:\Users\Samira\Downloads\Forderung der abgewiesenen Buchung 16.01.2014 - beauftragte Anwaltschaft.zip 2014-01-21 21:51 - 2009-10-14 16:46 - 00001094 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-01-21 21:41 - 2011-01-17 17:22 - 00000000 ____D C:\ProgramData\Cisco 2014-01-21 21:41 - 2011-01-17 17:22 - 00000000 ____D C:\Program Files\Cisco 2014-01-20 17:23 - 2012-05-10 22:09 - 00000000 ___RD C:\Users\Samira\Dropbox 2014-01-20 17:23 - 2012-05-10 22:04 - 00000000 ____D C:\Users\Samira\AppData\Roaming\Dropbox 2014-01-20 17:21 - 2006-11-02 14:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2014-01-20 14:39 - 2006-11-02 14:01 - 00032554 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2014-01-19 23:06 - 2008-01-21 08:16 - 01432888 _____ C:\Windows\system32\PerfStringBackup.INI 2014-01-19 23:05 - 2013-05-19 23:44 - 00002388 _____ C:\Windows\setupact.log 2014-01-17 11:28 - 2013-04-05 23:55 - 00006964 _____ C:\Windows\PFRO.log 2014-01-17 04:08 - 2013-03-05 01:05 - 00000000 ____D C:\Users\Samira\AppData\Local\DCA7282E-374F-4DB6-8137-0B78279961EC.aplzod 2014-01-16 15:29 - 2014-01-16 15:29 - 00465800 _____ C:\Users\Samira\Downloads\KIC1 (1).ZIP 2014-01-16 15:25 - 2014-01-16 15:25 - 01501314 _____ C:\Users\Samira\Downloads\KIC2 (1).ZIP 2014-01-16 15:03 - 2009-01-08 17:34 - 00000000 ____D C:\ProgramData\Microsoft Help 2014-01-16 15:02 - 2013-08-16 02:06 - 00000000 ____D C:\Windows\system32\MRT 2014-01-16 14:58 - 2006-11-02 11:24 - 83425928 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe 2014-01-16 00:39 - 2013-04-19 11:32 - 00109706 _____ C:\Windows\DpInst.log 2014-01-16 00:29 - 2012-11-30 23:51 - 00001881 _____ C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk 2014-01-16 00:29 - 2009-01-08 17:29 - 00000000 ___HD C:\Program Files\InstallShield Installation Information 2014-01-14 16:30 - 2014-01-14 16:30 - 00007939 _____ C:\Users\Samira\Desktop\Sparkasse am Niederrhein O2 (35450000) - SEPA Überweisung.htm 2014-01-14 16:30 - 2014-01-14 16:30 - 00000000 ____D C:\Users\Samira\Desktop\Sparkasse am Niederrhein O2 (35450000) - SEPA Überweisung_files 2014-01-09 13:35 - 2009-11-25 21:46 - 00000000 ____D C:\Users\Samira\AppData\Roaming\Apple Computer 2014-01-09 13:35 - 2009-11-25 21:46 - 00000000 ____D C:\Users\Samira\AppData\Local\Apple Computer 2014-01-08 13:06 - 2012-05-10 22:05 - 00000000 ____D C:\Users\Samira\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2014-01-08 13:06 - 2010-03-06 10:33 - 00001336 _____ C:\Windows\wininit.ini 2014-01-02 20:18 - 2009-10-09 19:21 - 00000000 ____D C:\Users\Samira\AppData\Local\Google Some content of TEMP: ==================== C:\Users\Samira\AppData\Local\Temp\avgnt.exe ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-01-20 17:29 ==================== End Of Log ============================ --- --- --- Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 21-01-2014 Ran by Samira at 2014-01-21 23:20:55 Running from C:\Users\Samira\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: Avira Desktop (Enabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C} AS: Avira Desktop (Enabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== Update for Microsoft Office 2007 (KB2508958) (Version: - Microsoft) ACDSee 9 Foto-Manager (Version: 9.0.55 - ACD Systems Ltd.) Adobe Flash Player 10 ActiveX (Version: 10.3.181.14 - Adobe Systems Incorporated) Adobe Flash Player 11 Plugin (Version: 11.0.1.152 - Adobe Systems Incorporated) Adobe Photoshop Elements 6.0 (Version: 6.0 - Adobe Systems, Inc.) Adobe Photoshop Elements 6.0 (Version: 6.0 - Adobe Systems, Inc.) Hidden Adobe Reader X (10.1.4) - Deutsch (Version: 10.1.4 - Adobe Systems Incorporated) Aldi Süd Foto Service 4.6 (Version: 4.6 - ORWO Net) Aldi Sued Fotoservice 2.7 (Version: - ) ALDI Süd Online Druck Service 4.6 (Version: 4.6 - ORWO Net) Apple Application Support (Version: 2.3.3 - Apple Inc.) Apple Mobile Device Support (Version: 6.1.0.13 - Apple Inc.) Apple Software Update (Version: 2.1.3.127 - Apple Inc.) Avanquest update (Version: 1.28 - Avanquest Software) Avira Free Antivirus (Version: 14.0.2.286 - Avira) Bing Bar (Version: 7.3.124.0 - Microsoft Corporation) Bonjour (Version: 3.0.0.10 - Apple Inc.) CCleaner (remove only) (Version: - Piriform) Choice Guard (Version: 1.2.87.0 - Microsoft Corporation) Hidden Cisco AnyConnect Secure Mobility Client (Version: 3.1.04072 - Cisco Systems, Inc.) Cisco AnyConnect Secure Mobility Client (Version: 3.1.04072 - Cisco Systems, Inc.) Hidden Compatibility Pack für 2007 Office System (Version: 12.0.6612.1000 - Microsoft Corporation) dm-Fotowelt (Version: 5.0.1 - CEWE COLOR AG u Co. OHG) Dropbox (HKCU Version: 2.4.11 - Dropbox, Inc.) EasyBits Magic Desktop (Version: - ) EPSON Printer Software (Version: - ) Google Chrome (Version: 32.0.1700.76 - Google Inc.) Google Desktop (Version: 5.9.1005.12335 - Google) Google Earth (Version: 7.1.2.2041 - Google) Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden Google Toolbar for Internet Explorer (Version: 7.5.4805.320 - Google Inc.) Google Update Helper (Version: 1.3.22.3 - Google Inc.) Hidden Graboid Video 3.45 (Version: 3.45 - Graboid Inc.) Graboid Video 3.45 Setup (Version: 3.4.5 - FUSENET) HDRegDE (Version: 2.0.0 - Acxiom) Hercules Classic Link Webcam (Version: 2.8.0.0 - Hercules) HP Photo Creations (Version: 1.0.0.7702 - HP) HP Photosmart 5520 series - Grundlegende Software für das Gerät (Version: 28.0.1315.0 - Hewlett-Packard Co.) HP Photosmart 5520 series Hilfe (Version: 27.0.0 - Hewlett Packard) HP Update (Version: 5.003.003.001 - Hewlett-Packard) iCloud (Version: 2.1.1.3 - Apple Inc.) ICQ Away Reader 1.4 (Version: - murb.com) ICQ7.4 (Version: 7.4 - ICQ) Intel(R) Graphics Media Accelerator Driver (Version: - Intel Corporation) iTunes (Version: 11.0.2.26 - Apple Inc.) Java Auto Updater (Version: 2.0.7.2 - Sun Microsystems, Inc.) Hidden Java(TM) 6 Update 37 (Version: 6.0.370 - Oracle) Junk Mail filter update (Version: 14.0.8050.1202 - Microsoft Corporation) Hidden McAfee Security Scan Plus (Version: 3.8.130.10 - McAfee, Inc.) MetaBoli (Version: 1.00.0000 - ) Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (Version: - Microsoft Corporation) Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729 - Microsoft Corporation) Hidden Microsoft .NET Framework 3.5 SP1 (Version: - Microsoft Corporation) Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden Microsoft Office 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden Microsoft Office Access MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Excel MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office File Validation Add-In (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office Groove MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office InfoPath MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Live Add-in 1.5 (Version: 2.0.4024.1 - Microsoft Corporation) Microsoft Office OneNote MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Outlook MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office PowerPoint Viewer 2007 (German) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (Italian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden Microsoft Office Publisher MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Shared MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Word MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation) Microsoft Works (Version: 9.7.0621 - Microsoft Corporation) Hidden Microsoft Works 9.0 SE (Version: - ) MobileMe Control Panel (Version: 3.1.5.0 - Apple Inc.) Mozilla Firefox 20.0.1 (x86 de) (Version: 20.0.1 - Mozilla) Mozilla Maintenance Service (Version: 20.0.1 - Mozilla) MSVCRT (Version: 14.0.1468.721 - Microsoft) Hidden MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0 - Microsoft Corporation) Nero 8 Essentials (Version: 8.3.389 - Nero AG) neroxml (Version: 1.0.0 - Nero AG) Hidden Packard Bell ImageWriter (Version: 1.00.0000 - ) Packard Bell Updator (Version: 3.00.0000 - ) PDF24 Creator 5.6.0 (Version: - PDF24.org) PDFCreator (Version: 1.5.1 - Frank Heindörfer, Philip Chinery) pdfforge Toolbar v6.5 (Version: 6.5 - Spigot, Inc.) <==== ATTENTION QuickTime (Version: 7.73.80.64 - Apple Inc.) Realtek 8169 8168 8101E 8102E Ethernet Driver (Version: 1.00.0000 - Realtek) Realtek High Definition Audio Driver (Version: 6.0.1.5678 - Realtek Semiconductor Corp.) Realtek USB 2.0 Card Reader (Version: - Realtek Semiconductor Corp.) Safari (Version: 5.34.57.2 - Apple Inc.) SecureW2 EAP Suite 1.1.3 for Windows (Version: - ) Setup My PC (Version: 3.00.0000 - ) Skype Toolbars (Version: 1.0.4051 - Skype Technologies S.A.) Skype™ 6.0 (Version: 6.0.126 - Skype Technologies S.A.) Sony Ericsson Update Engine (Version: 2.13.6.201305161305 - Sony Ericsson Communications AB) Sony PC Companion 2.10.188 (Version: 2.10.188 - Sony) Spelling Dictionaries Support For Adobe Reader 9 (Version: 9.0.0 - Adobe Systems Incorporated) Spotify (HKCU Version: 0.9.0.133.gd18ed589 - Spotify AB) Studie zur Verbesserung von HP Photosmart 5520 series Produkten (Version: 28.0.1315.0 - Hewlett-Packard Co.) Total Commander (Remove or Repair) (Version: - ) TuneUp Utilities 2009 (Version: 8.0.2000.35 - TuneUp Software) Universal Document Converter (Demo) (Version: 5.3 - fCoder Group, Inc.) Update for 2007 Microsoft Office System (KB967642) (Version: - Microsoft) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1 - Microsoft Corporation) Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (Version: - Microsoft) Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (Version: - Microsoft) Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2850085) 32-Bit Edition (Version: - Microsoft) Update für Microsoft Office Excel 2007 Help (KB963678) (Version: - Microsoft) Update für Microsoft Office Outlook 2007 Help (KB963677) (Version: - Microsoft) Update für Microsoft Office Powerpoint 2007 Help (KB963669) (Version: - Microsoft) Update für Microsoft Office Word 2007 Help (KB963665) (Version: - Microsoft) Update Service (Version: 2.9.11.10 - Sony Ericsson Mobile Communications AB) VGA USB Camera (Version: 1.2.0.0 - ) Vista Codec Package (Version: 5.3.2 - Shark007) VLC media player 1.0.1 (Version: 1.0.1 - VideoLAN Team) Windows 7 Upgrade Advisor (Version: 2.0.5000.0 - Microsoft Corporation) Windows Live Call (Version: 14.0.8050.1202 - Microsoft Corporation) Hidden Windows Live Communications Platform (Version: 14.0.8050.1202 - Microsoft Corporation) Hidden Windows Live Essentials (Version: 14.0.8050.1202 - Microsoft Corporation) Windows Live Essentials (Version: 14.0.8050.1202 - Microsoft Corporation) Hidden Windows Live Fotogalerie (Version: 14.0.8051.1204 - Microsoft Corporation) Hidden Windows Live ID-Anmelde-Assistent (Version: 6.500.3165.0 - Microsoft Corporation) Windows Live Mail (Version: 14.0.8050.1202 - Microsoft Corporation) Hidden Windows Live Messenger (Version: 14.0.8050.1202 - Microsoft Corporation) Hidden Windows Live Sync (Version: 14.0.8050.1202 - Microsoft Corporation) Windows Live Writer (Version: 14.0.8050.1202 - Microsoft Corporation) Hidden Windows Live-Uploadtool (Version: 14.0.8014.1029 - Microsoft Corporation) ==================== Restore Points ========================= 17-12-2013 12:51:36 Geplanter Prüfpunkt 02-01-2014 14:16:39 Geplanter Prüfpunkt 14-01-2014 17:40:03 Geplanter Prüfpunkt 15-01-2014 23:29:54 Sony Ericsson PC Suite Drivers 15-01-2014 23:38:57 Sony PC Companion 16-01-2014 13:55:34 Windows Update 17-01-2014 02:43:27 Geplanter Prüfpunkt 20-01-2014 17:12:48 Geplanter Prüfpunkt 21-01-2014 09:45:48 Geplanter Prüfpunkt ==================== Hosts content: ========================== 2006-11-02 11:23 - 2006-09-18 22:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ::1 localhost ==================== Scheduled Tasks (whitelisted) ============= Task: {088D7CE9-6C8B-4013-A3BA-2E9EA7BF38C5} - System32\Tasks\{7D7A6E57-9442-41FB-825A-7177B85E91AB} => Iexplore.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&ver=4.1.0.166.217&LastError=206 Task: {0F58900D-B319-480A-B1B6-3DB935D7837A} - System32\Tasks\{11AD902C-9A2C-4ABC-9F8F-1E9FA189AED5} => C:\Program Files\Skype\Phone\Skype.exe [2012-11-09] (Skype Technologies S.A.) Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages Task: {3CF61B3C-9E56-4166-BDC1-0FB42B27083D} - System32\Tasks\{FDC7307C-AF37-465C-B296-52DA08B5822C} => Chrome.exe hxxp://ui.skype.com/ui/0/5.9.0.115.217/en/abandoninstall?page=tsMain Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-21] (Microsoft Corporation) Task: {52792633-6C0F-48D2-8979-CD7486577EE2} - System32\Tasks\HP AR Program Upload - 43807665ed9144b0b52fc5c9a9aaefdc3d6e8e9cd5754fc98499a590a3e57ffe => C:\Program Files\HP\HP Photosmart 5520 series\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>) Task: {5F565FCD-76C5-4126-8045-E7712106D017} - System32\Tasks\1-Klick-Wartung => C:\Program Files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11] (TuneUp Software GmbH) Task: {75765EF4-BCF5-4FC0-BF16-BD1358A7FF90} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation) Task: {7D03E8B7-D299-489D-8AAB-4864BA121B27} - System32\Tasks\{77393045-CBB6-43A0-A9FF-2757E23C3676} => Iexplore.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&ver=4.1.0.166.217&LastError=206 Task: {96AA2E92-DFAA-4D26-A827-8DC2DCB88A9D} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Samira => C:\Program Files\Windows Calendar\WinCal.exe [2009-04-11] (Microsoft Corporation) Task: {9F377148-AC53-4B92-8DB0-4E53A03B0353} - System32\Tasks\HP AR Program Upload - f99cf1f8d4b348e1878f7c603d03abb46da0082a8b174f489611660b688537a6 => C:\Program Files\HP\HP Photosmart 5520 series\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>) Task: {B804E8F2-F312-4C65-A053-CE1D3795AD14} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2009-10-14] (Google Inc.) Task: {CD67070F-FDE5-467D-83E9-3D19365284B3} - System32\Tasks\HPCustParticipation HP Photosmart 5520 series => C:\Program Files\HP\HP Photosmart 5520 series\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.) Task: {CD84DB2D-2478-4386-B3BE-8A680B6238C3} - System32\Tasks\Apple Diagnostics => C:\Program Files\Common Files\Apple\Internet Services\EReporter.exe [2012-12-17] (Apple Inc.) Task: {DF7D0833-3C05-42B4-A77E-A69590539E35} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files\Ask.com\UpdateTask.exe Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-21] () Task: {ED1F9F41-C757-4A2C-8EEA-0847EE210002} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {F689AB73-58A5-4BB4-9EE9-79C0D0876F9C} - System32\Tasks\{3303A07A-296E-4134-9BEE-6ACA5504C40E} => Iexplore.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&ver=4.1.0.166.217&LastError=206 Task: {F714BC01-AE23-4E26-B4CE-5A02029DC7D8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2009-10-14] (Google Inc.) Task: C:\Windows\Tasks\1-Klick-Wartung.job => C:\Program Files\TuneUp Utilities 2009\OneClickStarter.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\User_Feed_Synchronization-{3626E1E3-17D2-4B2D-AEA9-D7587A15B117}.job => C:\Windows\system32\msfeedssync.exe ==================== Loaded Modules (whitelisted) ============= 2009-01-08 17:41 - 2010-07-21 20:22 - 00034816 _____ () C:\Program Files\Google\Google Desktop Search\gzlib.dll 2012-11-28 14:13 - 2012-11-28 14:13 - 00087952 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2012-11-28 14:13 - 2012-11-28 14:13 - 01242512 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2012-11-30 23:51 - 2012-04-30 10:57 - 00039936 _____ () C:\Program Files\Sony\Sony PC Companion\TMonitorAPI.dll 2012-11-30 23:51 - 2013-09-13 10:02 - 00208896 _____ () C:\Program Files\Sony\Sony PC Companion\MExplorer.dll 2013-10-19 00:55 - 2013-10-19 00:55 - 25100288 _____ () C:\Users\Samira\AppData\Roaming\Dropbox\bin\libcef.dll 2013-10-10 22:48 - 2013-10-10 22:48 - 00063376 _____ () C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll 2014-01-17 03:59 - 2014-01-11 11:29 - 04055320 _____ () C:\Program Files\Google\Chrome\Application\32.0.1700.76\pdf.dll 2014-01-17 03:59 - 2014-01-11 11:29 - 00399640 _____ () C:\Program Files\Google\Chrome\Application\32.0.1700.76\ppGoogleNaClPluginChrome.dll 2014-01-17 03:59 - 2014-01-11 11:28 - 01634584 _____ () C:\Program Files\Google\Chrome\Application\32.0.1700.76\ffmpegsumo.dll 2014-01-17 03:59 - 2014-01-11 11:29 - 13615896 _____ () C:\Program Files\Google\Chrome\Application\32.0.1700.76\PepperFlash\pepflashplayer.dll 2014-01-17 14:58 - 2014-01-17 14:58 - 04591616 _____ () C:\Users\Samira\AppData\Local\Google\Chrome\User Data\SwiftShader\1.0.5.0\libglesv2.dll 2014-01-17 14:58 - 2014-01-17 14:58 - 00112128 _____ () C:\Users\Samira\AppData\Local\Google\Chrome\User Data\SwiftShader\1.0.5.0\libegl.dll 2014-01-21 22:57 - 2009-07-03 06:52 - 00151552 _____ () C:\Users\Samira\AppData\Local\Temp\HouseCall\libexpatw.dll ==================== Alternate Data Streams (whitelisted) ========= ==================== Safe Mode (whitelisted) =================== ==================== Faulty Device Manager Devices ============= Name: Teredo Tunneling Pseudo-Interface Description: Microsoft Tun-Miniportadapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunmp Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Cisco Systems Service: vpnva Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (01/21/2014 09:36:43 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 20991026 Error: (01/21/2014 09:36:43 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 20991026 Error: (01/21/2014 09:36:43 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (01/21/2014 09:36:42 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 20989856 Error: (01/21/2014 09:36:42 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 20989856 Error: (01/21/2014 09:36:42 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (01/21/2014 09:36:41 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 20987625 Error: (01/21/2014 09:36:41 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 20987625 Error: (01/21/2014 09:36:40 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (01/21/2014 03:46:53 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 1185 System errors: ============= Error: (01/20/2014 05:22:47 PM) (Source: Service Control Manager) (User: ) Description: 30000vpnagent Error: (01/20/2014 05:22:47 PM) (Source: Service Control Manager) (User: ) Description: Parallel port driver%%1058 Error: (01/20/2014 02:31:15 PM) (Source: bowser) (User: ) Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "LISA-PC", der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{DD2255CA-E577-4C06-80FB-1EAABB772D-Transport zu sein scheint. Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen. Error: (01/20/2014 02:28:42 PM) (Source: Dhcp) (User: ) Description: Die IP-Adresslease 192.168.1.39 für die Netzwerkkarte mit der Netzwerkadresse 0017C4AF0B92 wurde durch den DHCP-Server 192.168.1.1 abgelehnt (der DHCP-Server hat eine DHCPNACK-Meldung gesendet). Error: (01/19/2014 06:19:36 PM) (Source: Dhcp) (User: ) Description: Die IP-Adresslease 192.168.1.35 für die Netzwerkkarte mit der Netzwerkadresse 0017C4AF0B92 wurde durch den DHCP-Server 192.168.1.1 abgelehnt (der DHCP-Server hat eine DHCPNACK-Meldung gesendet). Error: (01/18/2014 05:04:39 PM) (Source: bowser) (User: ) Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "LISA-PC", der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{6297B51E-03A0-4971-ACDF-83734768D7-Transport zu sein scheint. Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen. Error: (01/17/2014 05:13:23 PM) (Source: Tcpip) (User: ) Description: Das System hat einen Adressenkonflikt der IP-Adresse 192.168.1.34 mit dem Computer mit der Netzwerkhardwareadresse 18-20-32-7A-03-2B ermittelt. Netzwerkvorgänge könnten daher auf diesem System unterbrochen werden. Error: (01/17/2014 04:47:28 PM) (Source: Dhcp) (User: ) Description: Die IP-Adresslease 192.168.1.33 für die Netzwerkkarte mit der Netzwerkadresse 0017C4AF0B92 wurde durch den DHCP-Server 192.168.1.1 abgelehnt (der DHCP-Server hat eine DHCPNACK-Meldung gesendet). Error: (01/17/2014 02:47:13 PM) (Source: Dhcp) (User: ) Description: Die IP-Adresslease 192.168.1.37 für die Netzwerkkarte mit der Netzwerkadresse 0017C4AF0B92 wurde durch den DHCP-Server 192.168.1.1 abgelehnt (der DHCP-Server hat eine DHCPNACK-Meldung gesendet). Error: (01/17/2014 11:30:45 AM) (Source: Service Control Manager) (User: ) Description: Parallel port driver%%1058 Microsoft Office Sessions: ========================= Error: (08/01/2013 03:15:56 PM) (Source: Microsoft Office 12 Sessions)(User: ) Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 14862 seconds with 10080 seconds of active time. This session ended with a crash. Error: (08/01/2013 11:05:42 AM) (Source: Microsoft Office 12 Sessions)(User: ) Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 5794 seconds with 300 seconds of active time. This session ended with a crash. Error: (07/28/2013 07:06:13 PM) (Source: Microsoft Office 12 Sessions)(User: ) Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 6485 seconds with 2400 seconds of active time. This session ended with a crash. Error: (07/28/2013 05:17:52 PM) (Source: Microsoft Office 12 Sessions)(User: ) Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 10027 seconds with 5820 seconds of active time. This session ended with a crash. Error: (04/05/2013 10:05:08 PM) (Source: Microsoft Office 12 Sessions)(User: ) Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 723 seconds with 300 seconds of active time. This session ended with a crash. Error: (07/31/2012 05:59:01 PM) (Source: Microsoft Office 12 Sessions)(User: ) Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 17 seconds with 0 seconds of active time. This session ended with a crash. Error: (12/19/2011 05:58:49 PM) (Source: Microsoft Office 12 Sessions)(User: ) Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2 seconds with 0 seconds of active time. This session ended with a crash. Error: (12/19/2011 05:57:39 PM) (Source: Microsoft Office 12 Sessions)(User: ) Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3 seconds with 0 seconds of active time. This session ended with a crash. Error: (12/14/2011 02:32:44 PM) (Source: Microsoft Office 12 Sessions)(User: ) Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2 seconds with 0 seconds of active time. This session ended with a crash. Error: (12/05/2011 10:35:57 PM) (Source: Microsoft Office 12 Sessions)(User: ) Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2 seconds with 0 seconds of active time. This session ended with a crash. CodeIntegrity Errors: =================================== Date: 2012-08-25 01:04:01.816 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Common Files\Spigot\Search Settings\wth.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2012-08-25 01:04:01.445 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Common Files\Spigot\Search Settings\wth.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2012-08-25 01:04:01.070 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Common Files\Spigot\Search Settings\wth.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2012-08-25 01:04:00.685 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Common Files\Spigot\Search Settings\wth.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2012-08-25 01:04:00.287 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Common Files\Spigot\Search Settings\wth.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2012-08-25 01:03:59.904 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Common Files\Spigot\Search Settings\wth.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2012-08-25 01:03:59.515 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Common Files\Spigot\Search Settings\wth.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2012-08-25 01:03:59.053 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Common Files\Spigot\Search Settings\wth.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2012-08-25 01:03:58.618 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Common Files\Spigot\Search Settings\wth.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2012-08-25 01:03:58.183 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Common Files\Spigot\Search Settings\wth.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. ==================== Memory info =========================== Percentage of memory in use: 60% Total physical RAM: 2971.98 MB Available physical RAM: 1174.98 MB Total Pagefile: 6184.25 MB Available Pagefile: 4053.39 MB Total Virtual: 2047.88 MB Available Virtual: 1902.21 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:86.49 GB) (Free:1.62 GB) NTFS ==>[Drive with boot components (obtained from BCD)] Drive e: (Samira) (Fixed) (Total:198.6 GB) (Free:186.12 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 298 GB) (Disk ID: A013DCE6) Partition 1: (Not Active) - (Size=13 GB) - (Type=27) Partition 2: (Active) - (Size=86 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=199 GB) - (Type=07 NTFS) ==================== End Of Log ============================ |
22.01.2014, 16:15 | #4 | |
/// the machine /// TB-Ausbilder | Windows Vista: Zip Anhang einer Email von einer falschen Rechnung geöffnet-Angst vor VirusCombofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!Downloade dir bitte Combofix vom folgenden Downloadspiegel Link 1 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
22.01.2014, 21:01 | #5 |
| Windows Vista: Zip Anhang einer Email von einer falschen Rechnung geöffnet-Angst vor Virus Es hat leider nicht funktioniert. Ich konnte Combofix.exe nicht auf dem Desktop speichern und danach hat mein Avira und mein Windows-Defender nicht mehr richtig funktioniert. |
23.01.2014, 19:17 | #6 |
/// the machine /// TB-Ausbilder | Windows Vista: Zip Anhang einer Email von einer falschen Rechnung geöffnet-Angst vor Virus Geht das etwas genauer?
__________________ --> Windows Vista: Zip Anhang einer Email von einer falschen Rechnung geöffnet-Angst vor Virus |
Themen zu Windows Vista: Zip Anhang einer Email von einer falschen Rechnung geöffnet-Angst vor Virus |
ahnung, angst, anhang, benötige, dringend, email, falsche, falschen, freue, heute, inter, interne, internet, keine ahnung, komplett, lahm, laptop, legen, rechner, rechnung, virus, vista, windows, windows vista, würde |