| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Virenverdacht: Ihre Telekom Mobilfunk RechnungOnline für Geschäftskunden 441457467125403501 vom 14.01.2014Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
25.01.2014, 21:39
| #1 |
| |  Virenverdacht: Ihre Telekom Mobilfunk RechnungOnline für Geschäftskunden 441457467125403501 vom 14.01.2014 Liebe Leute von TB! Habe auch die manipulierte "Telekomrechnung" erhalten und leider - ohne misstraurisch zu sein - am 14.01.14 auf den angegebenen Link geklickt. Draufhin öffnete sich ein Fenster, wobei nichts Augescheinliches passierte. Auch das Virenprogamm AVG hat nichts gemeldet. Eine angehängte Datei war nicht dabei. Gibt es irgendwelche negativen Auswirkungen? Vielleicht habt ihr schon Erfahrung, mit diesen Mails. Ein Freund hat mich auf euch aufmerksam gemacht, daher bitte ich (wenn irgend möglich) um Durchsicht der entsprechenden Auswertungen (Logs) der Überprüfungsprogramme. Was evt. erwähnenswert ist: Bei der ersten Ausführung von GMER kam es zu einem Systemabsturz mit automat. Neustart (daher hab ich keinen Haken vor Devices gemacht). Falls es 'was hilft, kann ich euch auch die korrupte e-mail, die ich erhalten habe, weiterleiten. Besten Dank im Voraus, Michael. 1) aus Schritt 1: defogger_disable.log Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 15:28 on 25/01/2014 (MICHAEL)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-01-2014 01
Ran by MICHAEL (administrator) on ERIKAJETTEL-HP on 25-01-2014 18:27:56
Running from C:\Users\MICHAEL\Desktop
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(Check Point Software Technologies LTD) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
(ABBYY) C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP SkyRoom\Hp.Skyroom.Windows.Service.exe
(InterVideo) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(InternetSafety.com, Inc.) C:\Program Files (x86)\Internet Content Filter\UpdateService.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\loggingserver.exe
(Microsoft) C:\Program Files (x86)\Yontoo\Y2Desktop.Updater.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Check Point Software Technologies, Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(Hewlett-Packard, Inc.) C:\Program Files (x86)\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsendersvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\SeaPort.EXE
(McAfee, Inc.) C:\Program Files (x86)\Internet Content Filter\mfeicfcore.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsender.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP SkyRoom\remote graphics sender\Plugins\Ice\Hp.SkyRoom.Windows.RgsPlugin.Licensing\Hp.SkyRoom.Windows.RgsPlugin.Licensing.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Yontoo LLC) C:\Users\MICHAEL\AppData\Roaming\Yontoo\YontooDesktop.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
(pdfforge hxxp://www.pdfforge.org/) C:\Program Files (x86)\PDFCreator\PDFCreator.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\ControlCenter3\BrccMCtl.exe
(Check Point Software Technologies LTD) C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
() C:\Program Files (x86)\AVG Secure Search\vprot.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(ABBYY.) C:\Program Files (x86)\ABBYY FineReader 11\Bonus.ScreenshotReader.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(InternetSafety.com, Inc.) C:\Program Files (x86)\Internet Content Filter\SafeEyes.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\Windows\System32\prevhost.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8317472 2009-11-03] (Realtek Semiconductor)
HKLM-x32\...\Run: [IMSS] - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [111640 2009-11-04] ()
HKLM-x32\...\Run: [BrMfcWnd] - C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [ControlCenter3] - C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ZoneAlarm] - C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [73832 2013-10-25] (Check Point Software Technologies LTD)
HKLM-x32\...\Run: [vProt] - C:\Program Files (x86)\AVG Secure Search\vprot.exe [2486296 2014-01-09] ()
HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2014\avgui.exe [4956176 2013-11-07] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [Bonus.SSR.FR11] - C:\Program Files (x86)\ABBYY FineReader 11\Bonus.ScreenshotReader.exe [925960 2011-08-19] (ABBYY.)
HKLM-x32\...\Run: [PDFPrint] - C:\Program Files (x86)\PDF24\pdf24.exe [162856 2013-07-22] (Geek Software GmbH)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\runonceex: [ContentMerger] - C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\ContentMerger10.exe [19952 2009-06-13] (Sonic Solutions)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [LightScribe Control Panel] - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2009-05-19] (Hewlett-Packard Company)
HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [17418928 2012-07-13] (Skype Technologies S.A.)
HKCU\...\Run: [Yontoo Desktop] - C:\Users\MICHAEL\AppData\Roaming\Yontoo\YontooDesktop.exe [42784 2013-03-13] (Yontoo LLC)
HKCU\...\Policies\system: [LogonHoursAction] 2
HKCU\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
MountPoints2: {5a132a90-7e4a-11e0-a7d9-78acc0ace4dc} - "E:\WD SmartWare.exe" autoplay=true
HKU\Chris\...\Run: [LightScribe Control Panel] - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2009-05-19] (Hewlett-Packard Company)
HKU\Chris\...\Run: [Amazon Cloud Player] - C:\Users\Chris\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe [3145536 2013-12-12] ()
HKU\Chris\...\Run: [AmazonMP3DownloaderHelper] - C:\Users\Chris\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe [400704 2013-05-22] ()
HKU\Chris\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_9_900_170_Plugin.exe [839560 2013-12-11] (Adobe Systems Incorporated)
HKU\Chris\...\Policies\system: [LogonHoursAction] 2
HKU\Chris\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Erika JETTEL\...\Run: [LightScribe Control Panel] - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2009-05-19] (Hewlett-Packard Company)
HKU\Erika JETTEL\...\Policies\system: [LogonHoursAction] 2
HKU\Erika JETTEL\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Erika JETTEL.ErikaJETTEL-HP\...\Run: [LightScribe Control Panel] - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2009-05-19] (Hewlett-Packard Company)
HKU\Erika JETTEL.ErikaJETTEL-HP\...\Policies\system: [LogonHoursAction] 2
HKU\Erika JETTEL.ErikaJETTEL-HP\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Gast\...\Run: [LightScribe Control Panel] - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2009-05-19] (Hewlett-Packard Company)
HKU\REBEKKA\...\Run: [LightScribe Control Panel] - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2009-05-19] (Hewlett-Packard Company)
HKU\REBEKKA\...\Policies\system: [LogonHoursAction] 2
HKU\REBEKKA\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
AppInit_DLLs-x32: c:\progra~3\browse~1\261125~1.80\{c16c1~1\browse~1.dll => File Not Found
Startup: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\MICHAEL\AppData\Roaming\Dropbox\bin\Dropbox.exe (No File)
Startup: C:\Users\Erika JETTEL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\MICHAEL\AppData\Roaming\Dropbox\bin\Dropbox.exe (No File)
Startup: C:\Users\MICHAEL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\REBEKKA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\MICHAEL\AppData\Roaming\Dropbox\bin\Dropbox.exe (No File)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.zonealarm.com/?src=hp&tbid=goughDev3&Lan=en&gu=30765ff476c049729a08cc798602b933&tu=10GXy008w2B0CO0&sku=&tstsId=&ver=&
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/4
URLSearchHook: HKLM-x32 - (No Name) - {91da5e8a-3318-4f8c-b67e-5964de3ab546} - No File
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=CMDTDF
SearchScopes: HKLM - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMDTDF
SearchScopes: HKLM-x32 - DefaultScope {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2645238
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=CMDTDF
SearchScopes: HKLM-x32 - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2645238
SearchScopes: HKLM-x32 - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMDTDF
SearchScopes: HKCU - DefaultScope {F7F6F1FC-6D50-4C7A-99DC-E6571882467E} URL = hxxp://search.zonealarm.com/search?src=sp&tbid=base2013&Lan=en&q={searchTerms}&gu=30765ff476c049729a08cc798602b933&tu=10GX0006f2B000c&sku=&tstsId=&ver=&&r=897
SearchScopes: HKCU - {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL =
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://isearch.avg.com/search?cid={F7A716E2-4EA0-40BD-B092-9830C6098F2C}&mid=cbd3f6eca18d47d1ba80a9e586480d2f-44b9bc154be3b764088a5a65387d62daea1b6d8c&lang=de&ds=AVG&pr=fr&d=2012-06-23 16:02:34&v=15.3.0.11&pid=avg&sg=0&sap=dsp&q={searchTerms}
SearchScopes: HKCU - {F7F6F1FC-6D50-4C7A-99DC-E6571882467E} URL = hxxp://search.zonealarm.com/search?src=sp&tbid=base2013&Lan=en&q={searchTerms}&gu=30765ff476c049729a08cc798602b933&tu=10GX0006f2B000c&sku=&tstsId=&ver=&&r=897
BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll No File
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\amd64\BingExt.dll (Microsoft Corporation.)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Zonealarm Helper Object - {2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C} - C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.22.0\bh\zonealarm.dll (Check Point Software Technologies LTD)
BHO-x32: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll No File
BHO-x32: ZoneAlarm Do Not Track Me - {6E45F3E8-2683-4824-A6BE-08108022FB36} - C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\AbineSDK\IE\DNTPAddon.dll (Abine Inc)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\17.3.0.49\AVG Secure Search_toolbar.dll (AVG Secure Search)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Yontoo - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll (Yontoo LLC)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\amd64\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
Toolbar: HKLM-x32 - AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\17.3.0.49\AVG Secure Search_toolbar.dll (AVG Secure Search)
Toolbar: HKLM-x32 - ZoneAlarm Security Toolbar - {438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} - C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.22.0\zonealarmTlbr.dll (Check Point Software Technologies LTD)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKCU - No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File
Toolbar: HKCU - No Name - {91DA5E8A-3318-4F8C-B67E-5964DE3AB546} - No File
Toolbar: HKCU - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.3.0\ViProtocol.dll (AVG Secure Search)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\MICHAEL\AppData\Roaming\Mozilla\Firefox\Profiles\wbw2hc5m.default
FF user.js: detected! => C:\Users\MICHAEL\AppData\Roaming\Mozilla\Firefox\Profiles\wbw2hc5m.default\user.js
FF NewTab: hxxp://isearch.babylon.com/?affID=119849&babsrc=NT_ss&mntrId=E2F078ACC0ACE4DC
FF DefaultSearchEngine: AVG Secure Search
FF SearchEngineOrder.1: Search By ZoneAlarm
FF SelectedSearchEngine: AVG Secure Search
FF Homepage: hxxp://www.gmx.at/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\17.3.0\\npsitesafety.dll (AVG Technologies)
FF Plugin-x32: @checkpoint.com/FFApi - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll No File
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 - C:\DATEN\9_TEMP\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\MICHAEL\AppData\Roaming\Mozilla\Firefox\Profiles\wbw2hc5m.default\searchplugins\zonealarm.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\avg-secure-search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: ZoneAlarm Do Not Track - C:\Users\MICHAEL\AppData\Roaming\Mozilla\Firefox\Profiles\wbw2hc5m.default\Extensions\donottrack@checkpoint.com [2013-02-17]
FF Extension: Babylon Toolbar - C:\Users\MICHAEL\AppData\Roaming\Mozilla\Firefox\Profiles\wbw2hc5m.default\Extensions\ffxtlbr@babylon.com [2013-03-30]
FF Extension: Yontoo - C:\Users\MICHAEL\AppData\Roaming\Mozilla\Firefox\Profiles\wbw2hc5m.default\Extensions\plugin@yontoo.com [2013-03-29]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-11-18]
FF HKLM-x32\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker
FF HKLM-x32\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG Secure Search\FireFoxExt\17.3.0.49
FF Extension: AVG Security Toolbar - C:\ProgramData\AVG Secure Search\FireFoxExt\17.3.0.49 [2014-01-09]
FF HKCU\...\Firefox\Extensions: [{0F827075-B026-42F3-885D-98981EE7B1AE}] - C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension
==================== Services (Whitelisted) =================
R2 ABBYY.Licensing.FineReader.Professional.11.0; C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe [819976 2011-08-18] (ABBYY)
S3 AVG Security Toolbar Service; C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [167264 2011-11-10] ()
S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3478544 2013-11-11] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [348008 2013-09-24] (AVG Technologies CZ, s.r.o.)
R2 Hp.Skyroom.Windows.Service; C:\Program Files (x86)\Hewlett-Packard\HP SkyRoom\Hp.Skyroom.Windows.Service.exe [124472 2010-03-03] (Hewlett-Packard)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-06] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219272 2013-07-24] (McAfee, Inc.)
R2 mfeicfcore; C:\Program Files (x86)\Internet Content Filter\mfeicfcore.exe [2765968 2013-07-31] (McAfee, Inc.)
R2 mfeicfupdate; C:\Program Files (x86)\Internet Content Filter\UpdateService.exe [2316328 2013-07-31] (InternetSafety.com, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [182752 2013-07-24] (McAfee, Inc.)
R2 rgsender; c:\Program Files (x86)\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsendersvc.exe [379904 2009-11-19] (Hewlett-Packard, Inc.)
R2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [2445816 2013-10-25] (Check Point Software Technologies LTD)
R2 vToolbarUpdater17.3.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe [1771544 2014-01-09] (AVG Secure Search)
R2 Yontoo Desktop Updater; C:\Users\MICHAEL\AppData\Roaming\Yontoo\YontooDesktop.exe [42784 2013-03-13] (Yontoo LLC)
R2 ZAPrivacyService; C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe [50704 2013-10-15] (Check Point Software Technologies, Ltd.)
==================== Drivers (Whitelisted) ====================
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [150808 2013-11-05] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [240920 2013-11-04] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [194872 2013-10-24] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [212280 2013-10-31] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [294712 2013-10-31] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123704 2013-10-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31544 2013-09-10] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [251192 2013-08-01] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [46368 2013-11-11] (AVG Technologies)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [179664 2013-07-24] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [310224 2013-07-24] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [519064 2013-07-24] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [776168 2013-07-24] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [343312 2013-07-24] (McAfee, Inc.)
R1 Vsdatant; C:\Windows\System32\drivers\vsdatant.sys [454168 2013-10-23] (Check Point Software Technologies LTD)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-01-25 18:27 - 2014-01-25 18:28 - 00025183 _____ C:\Users\MICHAEL\Desktop\FRST.txt
2014-01-25 18:23 - 2014-01-25 18:23 - 00000000 ____D C:\FRST
2014-01-25 18:20 - 2014-01-25 18:20 - 02077696 _____ (Farbar) C:\Users\MICHAEL\Desktop\FRST64.exe
2014-01-25 17:54 - 2014-01-25 17:54 - 00370971 _____ C:\Users\MICHAEL\Desktop\gmer_2.1.19355.zip
2014-01-25 15:28 - 2014-01-25 15:28 - 00000476 _____ C:\Users\MICHAEL\Desktop\defogger_disable.log
2014-01-25 15:28 - 2014-01-25 15:28 - 00000000 _____ C:\Users\MICHAEL\defogger_reenable
2014-01-25 15:23 - 2014-01-25 15:23 - 00050477 _____ C:\Users\MICHAEL\Desktop\Defogger.exe
2014-01-21 21:56 - 2014-01-21 21:56 - 00380416 _____ C:\Users\MICHAEL\Desktop\gmer.exe
2014-01-16 11:25 - 2013-11-27 02:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-01-16 11:25 - 2013-11-27 02:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-01-16 11:25 - 2013-11-27 02:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-01-16 11:25 - 2013-11-27 02:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-01-16 11:25 - 2013-11-27 02:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-01-16 11:25 - 2013-11-27 02:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-01-16 11:25 - 2013-11-27 02:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-01-16 11:25 - 2013-11-26 12:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-01-16 11:25 - 2013-11-26 11:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-01-12 17:46 - 2014-01-12 17:46 - 00187669 _____ C:\Users\Chris\Downloads\Exercise Prudky- Jettel.pptx
2014-01-04 16:34 - 2014-01-04 16:34 - 00000000 ____D C:\Users\Chris\AppData\Roaming\Amazon
2014-01-04 16:33 - 2014-01-04 16:33 - 00000000 ____D C:\Users\Chris\Documents\Amazon MP3
2014-01-04 16:33 - 2014-01-04 16:33 - 00000000 ____D C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon
2014-01-04 16:32 - 2014-01-04 16:32 - 02328864 _____ C:\Users\Chris\Downloads\AmazonMP3DownloaderInstall._V383688031_.exe
2014-01-04 16:31 - 2014-01-04 16:31 - 00001218 _____ C:\Users\Chris\Desktop\Amazon Cloud Player.lnk
2014-01-04 16:31 - 2014-01-04 16:31 - 00000000 ____D C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon Cloud Player
2014-01-04 16:31 - 2014-01-04 16:31 - 00000000 ____D C:\Users\Chris\AppData\Local\Amazon Cloud Player
2014-01-04 16:30 - 2014-01-04 16:30 - 00000000 ___RD C:\Users\Chris\AppData\Roaming\Brother
2014-01-04 16:29 - 2014-01-04 16:30 - 36152456 _____ (Amazon) C:\Users\Chris\Downloads\AmazonCloudPlayerInstaller_399.exe
2014-01-04 13:24 - 2014-01-04 13:24 - 00000000 ____D C:\Users\Chris\AppData\Roaming\Hewlett-Packard
2014-01-04 12:53 - 2014-01-04 12:53 - 00000000 ____D C:\Users\Chris\AppData\Local\Hewlett-Packard
==================== One Month Modified Files and Folders =======
2014-01-25 18:28 - 2014-01-25 18:27 - 00025183 _____ C:\Users\MICHAEL\Desktop\FRST.txt
2014-01-25 18:23 - 2014-01-25 18:23 - 00000000 ____D C:\FRST
2014-01-25 18:20 - 2014-01-25 18:20 - 02077696 _____ (Farbar) C:\Users\MICHAEL\Desktop\FRST64.exe
2014-01-25 18:20 - 2011-03-17 19:38 - 01491660 _____ C:\Windows\WindowsUpdate.log
2014-01-25 17:54 - 2014-01-25 17:54 - 00370971 _____ C:\Users\MICHAEL\Desktop\gmer_2.1.19355.zip
2014-01-25 17:40 - 2013-10-14 07:22 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-25 17:29 - 2011-06-24 08:06 - 00001122 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-25 17:22 - 2011-04-25 20:52 - 00000000 ____D C:\ProgramData\MFAData
2014-01-25 15:36 - 2009-07-14 05:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-25 15:36 - 2009-07-14 05:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-25 15:28 - 2014-01-25 15:28 - 00000476 _____ C:\Users\MICHAEL\Desktop\defogger_disable.log
2014-01-25 15:28 - 2014-01-25 15:28 - 00000000 _____ C:\Users\MICHAEL\defogger_reenable
2014-01-25 15:28 - 2011-05-01 15:45 - 00000000 ____D C:\Users\MICHAEL
2014-01-25 15:23 - 2014-01-25 15:23 - 00050477 _____ C:\Users\MICHAEL\Desktop\Defogger.exe
2014-01-25 15:00 - 2013-06-03 20:28 - 00000350 _____ C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
2014-01-25 15:00 - 2011-06-24 08:06 - 00001118 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-25 14:36 - 2013-12-17 17:38 - 00000000 ____D C:\Users\Chris\AppData\Roaming\Dropbox
2014-01-25 12:07 - 2011-03-17 20:14 - 00654150 _____ C:\Windows\system32\perfh007.dat
2014-01-25 12:07 - 2011-03-17 20:14 - 00130022 _____ C:\Windows\system32\perfc007.dat
2014-01-25 12:07 - 2009-07-14 06:13 - 01498742 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-25 11:22 - 2013-12-17 17:39 - 00000000 ___RD C:\Users\Chris\Dropbox
2014-01-25 11:14 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-25 11:13 - 2009-07-14 05:51 - 00103179 _____ C:\Windows\setupact.log
2014-01-22 17:48 - 2011-05-31 20:18 - 00000052 _____ C:\Windows\SysWOW64\DOErrors.log
2014-01-21 21:56 - 2014-01-21 21:56 - 00380416 _____ C:\Users\MICHAEL\Desktop\gmer.exe
2014-01-17 16:55 - 2009-07-14 05:45 - 00361080 _____ C:\Windows\system32\FNTCACHE.DAT
2014-01-16 22:44 - 2011-04-25 19:47 - 00000000 ____D C:\ProgramData\Microsoft Help
2014-01-16 22:43 - 2013-08-10 21:01 - 00000000 ____D C:\Windows\system32\MRT
2014-01-16 22:41 - 2011-05-04 17:15 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-12 17:46 - 2014-01-12 17:46 - 00187669 _____ C:\Users\Chris\Downloads\Exercise Prudky- Jettel.pptx
2014-01-09 17:26 - 2013-06-27 13:07 - 00003728 _____ C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml
2014-01-09 17:26 - 2011-12-08 10:57 - 00000000 ____D C:\Program Files (x86)\AVG Secure Search
2014-01-07 15:10 - 2013-12-17 17:39 - 00001027 _____ C:\Users\Chris\Desktop\Dropbox.lnk
2014-01-07 15:10 - 2013-12-17 17:38 - 00000000 ____D C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-01-07 15:10 - 2013-12-17 17:37 - 00000000 ___RD C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-07 15:08 - 2012-02-25 13:49 - 00000000 ____D C:\Users\Erika JETTEL\AppData\Roaming\Dropbox
2014-01-07 15:08 - 2011-04-22 17:17 - 00000000 ___RD C:\Users\Erika JETTEL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-05 19:58 - 2011-12-04 18:42 - 00000000 ____D C:\Users\MICHAEL\AppData\Roaming\Skype
2014-01-05 16:26 - 2009-07-14 06:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2014-01-04 16:34 - 2014-01-04 16:34 - 00000000 ____D C:\Users\Chris\AppData\Roaming\Amazon
2014-01-04 16:33 - 2014-01-04 16:33 - 00000000 ____D C:\Users\Chris\Documents\Amazon MP3
2014-01-04 16:33 - 2014-01-04 16:33 - 00000000 ____D C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon
2014-01-04 16:32 - 2014-01-04 16:32 - 02328864 _____ C:\Users\Chris\Downloads\AmazonMP3DownloaderInstall._V383688031_.exe
2014-01-04 16:31 - 2014-01-04 16:31 - 00001218 _____ C:\Users\Chris\Desktop\Amazon Cloud Player.lnk
2014-01-04 16:31 - 2014-01-04 16:31 - 00000000 ____D C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon Cloud Player
2014-01-04 16:31 - 2014-01-04 16:31 - 00000000 ____D C:\Users\Chris\AppData\Local\Amazon Cloud Player
2014-01-04 16:30 - 2014-01-04 16:30 - 00000000 ___RD C:\Users\Chris\AppData\Roaming\Brother
2014-01-04 16:30 - 2014-01-04 16:29 - 36152456 _____ (Amazon) C:\Users\Chris\Downloads\AmazonCloudPlayerInstaller_399.exe
2014-01-04 15:32 - 2013-12-17 17:37 - 00000000 ____D C:\Users\Chris\AppData\Roaming\Adobe
2014-01-04 15:32 - 2013-12-17 17:37 - 00000000 ____D C:\Users\Chris\AppData\Local\Adobe
2014-01-04 13:24 - 2014-01-04 13:24 - 00000000 ____D C:\Users\Chris\AppData\Roaming\Hewlett-Packard
2014-01-04 12:53 - 2014-01-04 12:53 - 00000000 ____D C:\Users\Chris\AppData\Local\Hewlett-Packard
2014-01-04 12:51 - 2013-12-17 19:26 - 00000000 ____D C:\Users\Chris\AppData\Local\Mozilla
2013-12-28 12:06 - 2011-05-01 17:54 - 00003962 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{BB0032F1-2752-438A-8403-89BBD33D848D}
2013-12-28 10:02 - 2012-02-25 13:50 - 00000000 ___RD C:\Users\REBEKKA\Dropbox
2013-12-28 10:02 - 2012-02-25 13:48 - 00000000 ____D C:\Users\REBEKKA\AppData\Roaming\Dropbox
2013-12-27 18:26 - 2013-11-18 14:56 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-27 18:26 - 2012-05-13 17:40 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
Some content of TEMP:
====================
C:\Users\Erika JETTEL\AppData\Local\Temp\ffunzip.exe
C:\Users\Erika JETTEL\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Erika JETTEL\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Erika JETTEL\AppData\Local\Temp\ose00000.exe
C:\Users\Erika JETTEL\AppData\Local\Temp\pdfiutil.exe
C:\Users\Erika JETTEL\AppData\Local\Temp\uninstall.exe
C:\Users\MICHAEL\AppData\Local\Temp\avguidx.dll
C:\Users\MICHAEL\AppData\Local\Temp\CommonInstaller.exe
C:\Users\MICHAEL\AppData\Local\Temp\iGearedHelper.dll
C:\Users\MICHAEL\AppData\Local\Temp\jre-6u30-windows-i586-iftw-rv.exe
C:\Users\MICHAEL\AppData\Local\Temp\jre-7u40-windows-i586-iftw.exe
C:\Users\MICHAEL\AppData\Local\Temp\MachineIdCreator.exe
C:\Users\MICHAEL\AppData\Local\Temp\ToolbarInstaller.exe
C:\Users\MICHAEL\AppData\Local\Temp\Uninstall.exe
C:\Users\MICHAEL\AppData\Local\Temp\v4s270uf.dll
C:\Users\REBEKKA\AppData\Local\Temp\~convert8993512753486298900.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-01-09 17:45
==================== End Of Log ============================
Code:
ATTFilter GMER 2.1.19355 - hxxp://www.gmer.net
Rootkit scan 2014-01-25 20:45:01
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.JPFO 298,09GB
Running: gmer.exe; Driver: C:\Users\MICHAEL\AppData\Local\Temp\kwdoqaog.sys
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe[1592] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076981465 2 bytes [98, 76]
.text C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe[1592] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000769814bb 2 bytes [98, 76]
.text ... * 2
.text C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe[1336] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076981465 2 bytes [98, 76]
.text C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe[1336] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000769814bb 2 bytes [98, 76]
.text ... * 2
.text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2068] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076981465 2 bytes [98, 76]
.text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2068] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000769814bb 2 bytes [98, 76]
.text ... * 2
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2100] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076981465 2 bytes [98, 76]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[2100] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000769814bb 2 bytes [98, 76]
.text ... * 2
.text C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe[2620] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076981465 2 bytes [98, 76]
.text C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe[2620] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000769814bb 2 bytes [98, 76]
.text ... * 2
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[1892] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076981465 2 bytes [98, 76]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[1892] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000769814bb 2 bytes [98, 76]
.text ... * 2
.text C:\Users\MICHAEL\AppData\Roaming\Yontoo\YontooDesktop.exe[4368] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076981465 2 bytes [98, 76]
.text C:\Users\MICHAEL\AppData\Roaming\Yontoo\YontooDesktop.exe[4368] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000769814bb 2 bytes [98, 76]
.text ... * 2
.text C:\Program Files (x86)\AVG Secure Search\vprot.exe[4668] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076981465 2 bytes [98, 76]
.text C:\Program Files (x86)\AVG Secure Search\vprot.exe[4668] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000769814bb 2 bytes [98, 76]
.text ... * 2
.text C:\Program Files (x86)\ABBYY FineReader 11\Bonus.ScreenshotReader.exe[4696] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076981465 2 bytes [98, 76]
.text C:\Program Files (x86)\ABBYY FineReader 11\Bonus.ScreenshotReader.exe[4696] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000769814bb 2 bytes [98, 76]
.text ... * 2
.text C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[4768] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076981465 2 bytes [98, 76]
.text C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[4768] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000769814bb 2 bytes [98, 76]
.text ... * 2
.text C:\Program Files (x86)\Internet Content Filter\safeeyes.exe[4864] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076981465 2 bytes [98, 76]
.text C:\Program Files (x86)\Internet Content Filter\safeeyes.exe[4864] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000769814bb 2 bytes [98, 76]
.text ... * 2
.text C:\PROGRA~2\MICROS~1\Office12\WINWORD.EXE[3372] C:\PROGRA~2\MICROS~1\Office12\WINWORD.EXE!wdGetApplicationObject + 166 000000002f211afc 2 bytes [21, 2F]
.text C:\PROGRA~2\MICROS~1\Office12\WINWORD.EXE[3372] C:\PROGRA~2\MICROS~1\Office12\WINWORD.EXE!wdGetApplicationObject + 253 000000002f211b53 2 bytes [21, 2F]
.text C:\PROGRA~2\MICROS~1\Office12\WINWORD.EXE[3372] C:\PROGRA~2\MICROS~1\Office12\WINWORD.EXE!wdGetApplicationObject + 320 000000002f211b96 2 bytes [21, 2F]
.text C:\PROGRA~2\MICROS~1\Office12\WINWORD.EXE[3372] C:\PROGRA~2\MICROS~1\Office12\WINWORD.EXE!wdGetApplicationObject + 390 000000002f211bdc 2 bytes [21, 2F]
.text C:\PROGRA~2\MICROS~1\Office12\WINWORD.EXE[3372] C:\PROGRA~2\MICROS~1\Office12\WINWORD.EXE!wdGetApplicationObject + 738 000000002f211d38 2 bytes [21, 2F]
.text C:\PROGRA~2\MICROS~1\Office12\WINWORD.EXE[3372] C:\PROGRA~2\MICROS~1\Office12\WINWORD.EXE!wdGetApplicationObject + 937 000000002f211dff 2 bytes [21, 2F]
.text C:\PROGRA~2\MICROS~1\Office12\WINWORD.EXE[3372] C:\PROGRA~2\MICROS~1\Office12\WINWORD.EXE!wdGetApplicationObject + 958 000000002f211e14 2 bytes [21, 2F]
.text C:\PROGRA~2\MICROS~1\Office12\WINWORD.EXE[3372] C:\PROGRA~2\MICROS~1\Office12\WINWORD.EXE!wdGetApplicationObject + 970 000000002f211e20 2 bytes [21, 2F]
.text C:\PROGRA~2\MICROS~1\Office12\WINWORD.EXE[3372] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000076878769 5 bytes JMP 000000015f8053fc
.text C:\PROGRA~2\MICROS~1\Office12\WINWORD.EXE[3372] C:\Windows\syswow64\ole32.dll!OleLoadFromStream 00000000764d6143 5 bytes JMP 00000001602cf68e
.text C:\PROGRA~2\MICROS~1\Office12\WINWORD.EXE[3372] C:\Windows\syswow64\OLEAUT32.dll!SysFreeString 0000000074f93e59 5 bytes JMP 000000015f8310b7
.text C:\PROGRA~2\MICROS~1\Office12\WINWORD.EXE[3372] C:\Windows\syswow64\OLEAUT32.dll!VariantClear 0000000074f93eae 5 bytes JMP 000000015f83b0be
.text C:\PROGRA~2\MICROS~1\Office12\WINWORD.EXE[3372] C:\Windows\syswow64\OLEAUT32.dll!SysAllocStringByteLen 0000000074f94731 5 bytes JMP 000000015f86b5dc
.text C:\PROGRA~2\MICROS~1\Office12\WINWORD.EXE[3372] C:\Windows\syswow64\OLEAUT32.dll!VariantChangeType 0000000074f95dee 5 bytes JMP 000000015f86c50f
---- Processes - GMER 2.1 ----
Library \\?\C:\ProgramData\Microsoft\Windows\DRM\Cache\Indiv_SID_S-1-5-20\Indiv01_64.key (*** suspicious ***) @ C:\Program Files\Windows Media Player\wmpnetwk.exe [2380] (Individualized Black Box DLL/Microsoft Corporation SIGNED)(2014-01-05 16:06:29) 000000000ac00000
Process C:\Users\MICHAEL\AppData\Roaming\Yontoo\YontooDesktop.exe (*** suspicious ***) @ C:\Users\MICHAEL\AppData\Roaming\Yontoo\YontooDesktop.exe [4368] 0000000000bb0000
---- EOF - GMER 2.1 ----
|
| Themen zu Virenverdacht: Ihre Telekom Mobilfunk RechnungOnline für Geschäftskunden 441457467125403501 vom 14.01.2014 |
| administrator, adobe, adobe flash player, avg, avg security toolbar, bingbar, browser, cid, download, e-mail, explorer, flash player, helper.exe, homepage, mobilfunk, mozilla, neustart, newtab, object, realtek, registry, scan, secure search, security, services.exe, software, spyware, svchost.exe, systemabsturz, temp, viren, vtoolbarupdater, winlogon.exe, wmp |
Baum-Darstellung