| |
| |||||||
Log-Analyse und Auswertung: Kann Antivir nach Trojanerangriff nicht mehr öffnen.Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
02.05.2014, 15:24
| #1 |
| |  Kann Antivir nach Trojanerangriff nicht mehr öffnen. Hallo Leute, erst einmal hoffe ich dass ich mit meinem Problem hier richtig bin. Meine Frau hat letztens nichtsahnend eine mir verdächtige Mail geöffnet, ich denke mal dass der Angriff dadurch kam. Ich habe den Trojaner bemerkt als ich eine Überweisung von meinem Bankkonto tätigen wollte. Erst wurde mein PC von der Sparkassenseite direkt überprüft und danach kam eine vorbereitete Überweisung wo ich nur noch die TAN angeben sollte. Ohne dies zu machen habe ich mich gleich abgemeldet. Als nächstes holte ich mir zwei verschiedene Scanner, u.a. Trojanhunter. Habe viele gefunden, gelöscht und seit dem sieht alles gut aus. Aber ich werde das Gefühl nicht los dass noch was drauf ist. Mein Antivir Virenscanner lässt sich nicht öffnen: "Dieses Programm wurde durch eine Gruppenrichtlinie geblockt usw." Ich habe mal die Logs alle vorbereitet und hoffe dass mir jemand sagen kann was ich noch zu tun habe oder mir Entwarnung gibt. Habe wichtige Sachen auf dem PC, leider ist die Festplatte draufggegangen wo ich meine Windowssicherung drauf habe, daher wäre es verdammt blöd wenn auch noch dieser PC meine Daten infiziert. Ich weiss nicht ob es richtig war aber viele der Dateien die infiziert waren habe ich entweder gelöscht oder in Quarantäne verschoben.  Trojanhunter hab ich leider schon deinstalliert. Avira hab ich auch, nachdem ich die o.g. Meldung erhalten habe auch deinstalliert und wieder installiert. Aber das Problem ist weiterhin da. Die restlichen Logdatein sind unten. Danke vorab für alle Meldungen und Antworten. Grüßen, Goe-ki.  Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 14:23 on 02/05/2014 (goekky)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
HKCU:DAEMON Tools Lite -> Removed
Checking for services/drivers...
-=E.O.F=-
Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:01-05-2014 Ran by goekky (administrator) on GOEKKY-PC on 02-05-2014 14:25:33 Running from C:\Users\goekky\Downloads Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: German Standard Internet Explorer Version 8 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe (Adobe Systems Incorporated) C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe (APN LLC.) C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe () C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe (Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNService.exe () C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe (Alps Electric Co., Ltd.) C:\Program Files\Apoint\Apoint.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbam.exe (Adobe Sytems Incorporated) C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe (Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Geek Software GmbH) C:\Program Files\PDF24\pdf24.exe (Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApMsgFwd.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe () C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe (APN) C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe (Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe (Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApntEx.exe (ALPS) C:\Program Files\Apoint\Apvfb.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avwebg7.exe (Mozilla Corporation) C:\Program Files\Mozilla Thunderbird\thunderbird.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe (Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe (Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [9177632 2010-09-28] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe [1423904 2010-09-28] (Realtek Semiconductor) HKLM\...\Run: [Apoint] => C:\Program Files\Apoint\Apoint.exe [177448 2010-09-17] (Alps Electric Co., Ltd.) HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-02-09] (Advanced Micro Devices, Inc.) HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.) HKLM\...\Run: [Adobe Version Cue CS2] => c:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe [856064 2005-04-06] (Adobe Sytems Incorporated) HKLM\...\Run: [PDFPrint] => C:\Program Files\PDF24\pdf24.exe [185896 2013-10-28] (Geek Software GmbH) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.) HKLM\...\Run: [HTC Sync Loader] => C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe [659456 2013-09-03] () HKLM\...\Run: [UnlockerAssistant] => "C:\Program Files\Unlocker\UnlockerAssistant.exe" HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [689744 2014-04-30] (Avira Operations GmbH & Co. KG) HKLM\...\Run: [ApnTBMon] => C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1758160 2014-02-13] (APN) HKLM Group Policy restriction on software: C:\Program Files\Avira <====== ATTENTION HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Avira <====== ATTENTION HKU\S-1-5-21-1423429963-998173470-4169035595-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [20922016 2014-02-10] (Skype Technologies S.A.) HKU\S-1-5-21-1423429963-998173470-4169035595-1000\...\Run: [uwzyo.exe] => C:\Users\goekky\AppData\Roaming\Uqwu\uwzyo.exe HKU\S-1-5-21-1423429963-998173470-4169035595-1000\...\MountPoints2: {6e0c23c9-521f-11e3-9254-806e6f6e6963} - E:\setup.exe Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.softonic.com/MOY00621/tb_v1?SearchSource=10&cc=&mi=7ad5822f0000000000000026c783e704 SearchScopes: HKCU - DefaultScope {E66DAE83-E74F-4BA0-AAA7-E7049BF56EFF} URL = hxxp://search.softonic.com/MOY00621/tb_v1?q={searchTerms}&SearchSource=4&cc=&mi=7ad5822f0000000000000026c783e704&r=647 SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKCU - {E66DAE83-E74F-4BA0-AAA7-E7049BF56EFF} URL = hxxp://search.softonic.com/MOY00621/tb_v1?q={searchTerms}&SearchSource=4&cc=&mi=7ad5822f0000000000000026c783e704&r=647 BHO: Avira SearchFree Toolbar - {41564952-412D-5637-4300-7A786E7484D7} - C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7C\Passport.dll (APN LLC.) Toolbar: HKLM - Avira SearchFree Toolbar - {41564952-412D-5637-4300-7A786E7484D7} - C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7C\Passport.dll (APN LLC.) Toolbar: HKCU - No Name - {41564952-412D-5637-00A7-7A786E7484D7} - No File Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1 FireFox: ======== FF ProfilePath: C:\Users\goekky\AppData\Roaming\Mozilla\Firefox\Profiles\uzthgxq3.default-1394789172227 FF user.js: detected! => C:\Users\goekky\AppData\Roaming\Mozilla\Firefox\Profiles\uzthgxq3.default-1394789172227\user.js FF Homepage: hxxp://www.t-online.de/ FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_206.dll () FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml ========================== Services (Whitelisted) ================= R2 Adobe Version Cue CS2; c:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe [163840 2005-04-06] (Adobe Systems Incorporated) R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440400 2014-04-30] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440400 2014-04-30] (Avira Operations GmbH & Co. KG) R2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\avwebg7.exe [1017424 2014-04-30] (Avira Operations GmbH & Co. KG) R2 APNMCP; C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe [166352 2014-02-13] (APN LLC.) R2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation) R2 PassThru Service; C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] () R2 VSNService; C:\Program Files\Sony\VAIO Smart Network\VSNService.exe [704512 2010-06-08] (Sony Corporation) ==================== Drivers (Whitelisted) ==================== R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [90400 2014-04-30] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135648 2014-04-30] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-10-31] (Avira Operations GmbH & Co. KG) R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [69240 2014-04-30] (Avira Operations GmbH & Co. KG) R3 btwampfl; C:\Windows\System32\drivers\btwampfl.sys [294952 2010-09-20] (Broadcom Corporation.) R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [243128 2013-11-21] (Disc Soft Ltd) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-04-03] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [107736 2014-05-02] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51416 2014-04-03] (Malwarebytes Corporation) R3 NETwNs32; C:\Windows\System32\DRIVERS\NETwsn00.sys [10382576 2013-07-25] (Intel Corporation) R2 rimspci; C:\Windows\System32\DRIVERS\rimssne86.sys [73216 2013-11-21] (REDC) R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-10-31] (Avira GmbH) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-05-02 14:25 - 2014-05-02 14:25 - 00011527 _____ () C:\Users\goekky\Downloads\FRST.txt 2014-05-02 14:25 - 2014-05-02 14:25 - 00000000 ____D () C:\FRST 2014-05-02 14:24 - 2014-05-02 14:24 - 01050624 _____ (Farbar) C:\Users\goekky\Downloads\FRST.exe 2014-05-02 14:23 - 2014-05-02 14:23 - 00000544 _____ () C:\Users\goekky\Downloads\defogger_disable.log 2014-05-02 14:23 - 2014-05-02 14:23 - 00000156 _____ () C:\Users\goekky\defogger_reenable 2014-05-02 14:19 - 2014-05-02 14:19 - 00050477 _____ () C:\Users\goekky\Downloads\Defogger.exe 2014-05-02 08:25 - 2014-05-02 08:25 - 00002544 _____ () C:\Windows\diagwrn.xml 2014-05-02 08:25 - 2014-05-02 08:25 - 00001890 _____ () C:\Windows\diagerr.xml 2014-05-01 12:52 - 2014-05-01 12:52 - 00143400 _____ () C:\Windows\Minidump\050114-20685-01.dmp 2014-04-30 17:03 - 2014-05-02 14:06 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-04-30 17:03 - 2014-04-30 17:03 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-04-30 17:03 - 2014-04-30 17:03 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 2014-04-30 17:03 - 2014-04-03 09:51 - 00073432 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-04-30 17:03 - 2014-04-03 09:51 - 00051416 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-04-30 17:03 - 2014-04-03 09:50 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-04-30 17:01 - 2014-04-30 17:03 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\goekky\Downloads\mbam-setup-2.0.1.1004.exe 2014-04-30 16:39 - 2014-04-30 16:39 - 00000000 ____D () C:\ProgramData\AskPartnerNetwork 2014-04-30 16:39 - 2014-04-30 16:39 - 00000000 ____D () C:\Program Files\AskPartnerNetwork 2014-04-30 16:37 - 2014-04-30 17:35 - 00135648 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys 2014-04-30 16:37 - 2014-04-30 17:35 - 00090400 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys 2014-04-30 16:37 - 2014-04-30 17:35 - 00069240 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys 2014-04-30 16:37 - 2014-04-30 16:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2014-04-30 16:37 - 2014-04-30 16:37 - 00000000 ____D () C:\ProgramData\Avira 2014-04-30 16:37 - 2014-04-30 16:37 - 00000000 ____D () C:\Program Files\Avira 2014-04-30 16:37 - 2013-10-31 19:25 - 00037352 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys 2014-04-30 16:37 - 2013-10-31 19:25 - 00028520 _____ (Avira GmbH) C:\Windows\system32\Drivers\ssmdrv.sys 2014-04-30 16:21 - 2014-04-30 16:21 - 00000000 ____D () C:\Windows\system32\appmgmt 2014-04-30 16:12 - 2014-04-30 16:58 - 00000000 ____D () C:\Program Files\Unlocker 2014-04-30 15:42 - 2014-04-30 15:42 - 00000000 ____D () C:\Users\goekky\AppData\Roaming\TrojanHunter 2014-04-30 14:22 - 2014-04-30 16:58 - 00000000 ____D () C:\Program Files\TrojanHunter 5.5 2014-04-30 14:22 - 2014-04-30 14:22 - 05843488 _____ (Mischel Internet Security ) C:\Users\goekky\Downloads\TrojanHunterSetup_5.5_Build_1003.exe 2014-04-30 14:22 - 2014-04-30 14:22 - 00059392 ____R () C:\Windows\system32\streamhlp.dll 2014-04-30 12:26 - 2014-04-30 19:35 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird 2014-04-29 17:41 - 2014-04-29 17:41 - 00000000 ____D () C:\Users\goekky\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1 2014-04-29 17:39 - 2014-05-02 12:55 - 00000000 ____D () C:\Users\goekky\AppData\Local\Htc 2014-04-29 17:38 - 2014-04-29 17:41 - 00000000 ____D () C:\Users\goekky\AppData\Roaming\HTC 2014-04-29 17:38 - 2014-04-29 17:38 - 00001077 _____ () C:\Users\Public\Desktop\HTC Sync.lnk 2014-04-29 17:38 - 2014-04-29 17:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HTC Sync 2014-04-29 17:35 - 2014-04-29 17:35 - 00000000 ____D () C:\Users\goekky\AppData\Local\Downloaded Installations 2014-04-29 17:35 - 2014-04-29 17:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HTC 2014-04-29 17:35 - 2014-04-29 17:35 - 00000000 ____D () C:\Program Files\Spirent Communications 2014-04-29 17:34 - 2014-04-29 17:38 - 00000000 ____D () C:\Program Files\HTC 2014-04-29 17:34 - 2014-04-29 17:34 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia 2014-04-29 17:34 - 2014-04-29 17:34 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia 2014-04-29 17:34 - 2014-04-29 17:34 - 00000000 ____D () C:\Program Files\MSXML 4.0 2014-04-29 17:34 - 2014-04-29 17:34 - 00000000 ____D () C:\Program Files\Common Files\Adobe AIR 2014-04-29 17:31 - 2014-04-29 17:33 - 165708080 _____ (HTC Corporation ) C:\Users\goekky\Downloads\setup_3.3.63.exe 2014-04-29 12:22 - 2014-05-01 12:10 - 00000000 ____D () C:\Users\goekky\AppData\Roaming\Uqwu 2014-04-29 12:22 - 2014-05-01 12:05 - 00000000 ____D () C:\Users\goekky\AppData\Roaming\Waic 2014-04-22 19:51 - 2014-04-22 19:51 - 00208736 _____ () C:\Windows\Minidump\042214-18096-01.dmp 2014-04-11 10:07 - 2014-04-11 10:25 - 00000000 ____D () C:\sn0wbreeze 2014-04-10 17:34 - 2014-04-10 17:34 - 00000000 ____D () C:\Users\Gast\AppData\Roaming\Adobe 2014-04-10 17:34 - 2014-04-10 17:34 - 00000000 ____D () C:\Users\Gast\AppData\Local\Adobe 2014-04-10 17:32 - 2014-04-10 17:32 - 00000000 ____D () C:\Users\Gast\AppData\Local\Apple Computer 2014-04-10 15:36 - 2014-04-10 15:53 - 00000000 ____D () C:\Users\goekky\AppData\Roaming\redsn0w ==================== One Month Modified Files and Folders ======= 2014-05-02 14:25 - 2014-05-02 14:25 - 00011527 _____ () C:\Users\goekky\Downloads\FRST.txt 2014-05-02 14:25 - 2014-05-02 14:25 - 00000000 ____D () C:\FRST 2014-05-02 14:24 - 2014-05-02 14:24 - 01050624 _____ (Farbar) C:\Users\goekky\Downloads\FRST.exe 2014-05-02 14:23 - 2014-05-02 14:23 - 00000544 _____ () C:\Users\goekky\Downloads\defogger_disable.log 2014-05-02 14:23 - 2014-05-02 14:23 - 00000156 _____ () C:\Users\goekky\defogger_reenable 2014-05-02 14:23 - 2013-11-20 22:16 - 00000000 ____D () C:\Users\goekky 2014-05-02 14:19 - 2014-05-02 14:19 - 00050477 _____ () C:\Users\goekky\Downloads\Defogger.exe 2014-05-02 14:18 - 2013-12-11 21:33 - 00000000 ____D () C:\Users\goekky\AppData\Roaming\Skype 2014-05-02 14:06 - 2014-04-30 17:03 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-05-02 14:06 - 2014-01-21 18:48 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-05-02 14:06 - 2013-11-20 22:11 - 00901612 _____ () C:\Windows\WindowsUpdate.log 2014-05-02 13:53 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\LogFiles 2014-05-02 13:03 - 2013-11-20 23:38 - 00000000 ____D () C:\Users\goekky\Desktop\Brotbestellung 2014-05-02 13:03 - 2009-07-14 06:34 - 00021696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-05-02 13:03 - 2009-07-14 06:34 - 00021696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-05-02 12:59 - 2010-11-20 23:01 - 01480602 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-05-02 12:55 - 2014-04-29 17:39 - 00000000 ____D () C:\Users\goekky\AppData\Local\Htc 2014-05-02 12:54 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-05-02 12:54 - 2009-07-14 06:39 - 00001197 _____ () C:\Windows\setupact.log 2014-05-02 08:25 - 2014-05-02 08:25 - 00002544 _____ () C:\Windows\diagwrn.xml 2014-05-02 08:25 - 2014-05-02 08:25 - 00001890 _____ () C:\Windows\diagerr.xml 2014-05-02 08:25 - 2009-07-14 06:39 - 00000000 _____ () C:\Windows\setuperr.log 2014-05-01 20:34 - 2013-11-20 23:38 - 00000000 ____D () C:\Users\goekky\Desktop\Buchhaltung 2014-05-01 12:52 - 2014-05-01 12:52 - 00143400 _____ () C:\Windows\Minidump\050114-20685-01.dmp 2014-05-01 12:52 - 2013-11-30 17:28 - 291483818 _____ () C:\Windows\MEMORY.DMP 2014-05-01 12:52 - 2013-11-30 17:28 - 00000000 ____D () C:\Windows\Minidump 2014-05-01 12:52 - 2013-11-26 13:04 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2014-05-01 12:52 - 2010-11-20 23:48 - 00221952 _____ () C:\Windows\PFRO.log 2014-05-01 12:10 - 2014-04-29 12:22 - 00000000 ____D () C:\Users\goekky\AppData\Roaming\Uqwu 2014-05-01 12:05 - 2014-04-29 12:22 - 00000000 ____D () C:\Users\goekky\AppData\Roaming\Waic 2014-04-30 19:35 - 2014-04-30 12:26 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird 2014-04-30 17:35 - 2014-04-30 16:37 - 00135648 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys 2014-04-30 17:35 - 2014-04-30 16:37 - 00090400 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys 2014-04-30 17:35 - 2014-04-30 16:37 - 00069240 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys 2014-04-30 17:03 - 2014-04-30 17:03 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-04-30 17:03 - 2014-04-30 17:03 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 2014-04-30 17:03 - 2014-04-30 17:01 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\goekky\Downloads\mbam-setup-2.0.1.1004.exe 2014-04-30 16:58 - 2014-04-30 16:12 - 00000000 ____D () C:\Program Files\Unlocker 2014-04-30 16:58 - 2014-04-30 14:22 - 00000000 ____D () C:\Program Files\TrojanHunter 5.5 2014-04-30 16:39 - 2014-04-30 16:39 - 00000000 ____D () C:\ProgramData\AskPartnerNetwork 2014-04-30 16:39 - 2014-04-30 16:39 - 00000000 ____D () C:\Program Files\AskPartnerNetwork 2014-04-30 16:37 - 2014-04-30 16:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2014-04-30 16:37 - 2014-04-30 16:37 - 00000000 ____D () C:\ProgramData\Avira 2014-04-30 16:37 - 2014-04-30 16:37 - 00000000 ____D () C:\Program Files\Avira 2014-04-30 16:31 - 2013-12-05 17:51 - 00000000 _____ () C:\Windows\Explorer.EXE.Z-missing.txt 2014-04-30 16:21 - 2014-04-30 16:21 - 00000000 ____D () C:\Windows\system32\appmgmt 2014-04-30 15:42 - 2014-04-30 15:42 - 00000000 ____D () C:\Users\goekky\AppData\Roaming\TrojanHunter 2014-04-30 15:40 - 2014-01-28 15:42 - 00000000 ____D () C:\Program Files\WinRAR 2014-04-30 14:22 - 2014-04-30 14:22 - 05843488 _____ (Mischel Internet Security ) C:\Users\goekky\Downloads\TrojanHunterSetup_5.5_Build_1003.exe 2014-04-30 14:22 - 2014-04-30 14:22 - 00059392 ____R () C:\Windows\system32\streamhlp.dll 2014-04-29 18:05 - 2013-11-21 11:57 - 00000000 ____D () C:\Users\goekky\Documents\Bluetooth-Exchange-Ordner 2014-04-29 17:41 - 2014-04-29 17:41 - 00000000 ____D () C:\Users\goekky\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1 2014-04-29 17:41 - 2014-04-29 17:38 - 00000000 ____D () C:\Users\goekky\AppData\Roaming\HTC 2014-04-29 17:38 - 2014-04-29 17:38 - 00001077 _____ () C:\Users\Public\Desktop\HTC Sync.lnk 2014-04-29 17:38 - 2014-04-29 17:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HTC Sync 2014-04-29 17:38 - 2014-04-29 17:34 - 00000000 ____D () C:\Program Files\HTC 2014-04-29 17:35 - 2014-04-29 17:35 - 00000000 ____D () C:\Users\goekky\AppData\Local\Downloaded Installations 2014-04-29 17:35 - 2014-04-29 17:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HTC 2014-04-29 17:35 - 2014-04-29 17:35 - 00000000 ____D () C:\Program Files\Spirent Communications 2014-04-29 17:35 - 2013-11-21 13:09 - 00025136 _____ () C:\Windows\DPINST.LOG 2014-04-29 17:34 - 2014-04-29 17:34 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia 2014-04-29 17:34 - 2014-04-29 17:34 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia 2014-04-29 17:34 - 2014-04-29 17:34 - 00000000 ____D () C:\Program Files\MSXML 4.0 2014-04-29 17:34 - 2014-04-29 17:34 - 00000000 ____D () C:\Program Files\Common Files\Adobe AIR 2014-04-29 17:34 - 2013-11-22 23:33 - 00000000 ____D () C:\Users\goekky\AppData\Roaming\Adobe 2014-04-29 17:34 - 2013-11-22 23:32 - 00000000 ____D () C:\Program Files\Adobe 2014-04-29 17:34 - 2013-11-22 23:31 - 00000000 ____D () C:\ProgramData\Adobe 2014-04-29 17:34 - 2013-11-22 23:30 - 00000000 ____D () C:\Users\goekky\AppData\Local\Adobe 2014-04-29 17:33 - 2014-04-29 17:31 - 165708080 _____ (HTC Corporation ) C:\Users\goekky\Downloads\setup_3.3.63.exe 2014-04-28 19:34 - 2013-11-23 00:03 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2014-04-28 19:34 - 2013-11-23 00:03 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2014-04-22 19:51 - 2014-04-22 19:51 - 00208736 _____ () C:\Windows\Minidump\042214-18096-01.dmp 2014-04-22 17:01 - 2013-11-20 23:42 - 00010718 _____ () C:\Users\goekky\Desktop\Geschäftsverlauf.xlsx 2014-04-16 17:03 - 2013-11-20 23:42 - 00011039 _____ () C:\Users\goekky\Desktop\ausgabenliste.xlsx 2014-04-15 12:57 - 2013-11-20 23:39 - 00000000 ____D () C:\Users\goekky\Desktop\Milch & Honig 2014-04-11 10:25 - 2014-04-11 10:07 - 00000000 ____D () C:\sn0wbreeze 2014-04-10 17:34 - 2014-04-10 17:34 - 00000000 ____D () C:\Users\Gast\AppData\Roaming\Adobe 2014-04-10 17:34 - 2014-04-10 17:34 - 00000000 ____D () C:\Users\Gast\AppData\Local\Adobe 2014-04-10 17:33 - 2013-12-10 16:34 - 00000000 ____D () C:\Users\Gast\AppData\Roaming\Apple Computer 2014-04-10 17:32 - 2014-04-10 17:32 - 00000000 ____D () C:\Users\Gast\AppData\Local\Apple Computer 2014-04-10 15:53 - 2014-04-10 15:36 - 00000000 ____D () C:\Users\goekky\AppData\Roaming\redsn0w 2014-04-03 09:51 - 2014-04-30 17:03 - 00073432 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-04-03 09:51 - 2014-04-30 17:03 - 00051416 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-04-03 09:50 - 2014-04-30 17:03 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys Some content of TEMP: ==================== C:\Users\Gast\AppData\Local\Temp\avgnt.exe C:\Users\goekky\AppData\Local\Temp\avgnt.exe C:\Users\goekky\AppData\Local\Temp\BackupSetup.exe C:\Users\goekky\AppData\Local\Temp\Difx64.exe C:\Users\goekky\AppData\Local\Temp\fp_pl_pfs_installer-1.exe C:\Users\goekky\AppData\Local\Temp\fp_pl_pfs_installer.exe C:\Users\goekky\AppData\Local\Temp\iO5cqcC.Difx64.exe C:\Users\goekky\AppData\Local\Temp\jvrtPUW.difxapi.dll C:\Users\goekky\AppData\Local\Temp\ose00000.exe C:\Users\goekky\AppData\Local\Temp\RxXiWYr.difxapi.dll C:\Users\goekky\AppData\Local\Temp\vcredist_x86.exe ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\system32\winlogon.exe => MD5 is legit C:\Windows\system32\wininit.exe => MD5 is legit C:\Windows\system32\svchost.exe => MD5 is legit C:\Windows\system32\services.exe => MD5 is legit C:\Windows\system32\User32.dll => MD5 is legit C:\Windows\system32\userinit.exe => MD5 is legit C:\Windows\system32\rpcss.dll => MD5 is legit C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-04-29 12:38 ==================== End Of Log ============================ Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-05-02 15:02:11
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST9320325AS rev.0006SDM2 298,09GB
Running: Gmer-19357.exe; Driver: C:\Users\goekky\AppData\Local\Temp\uxdiapoc.sys
---- System - GMER 2.1 ----
SSDT 8EE53B2E ZwCreateSection
SSDT 8EE53B38 ZwRequestWaitReplyPort
SSDT 8EE53B33 ZwSetContextThread
SSDT 8EE53B3D ZwSetSecurityObject
SSDT 8EE53B42 ZwSystemDebugControl
SSDT 8EE53ACF ZwTerminateProcess
---- Kernel code sections - GMER 2.1 ----
.text ntkrnlpa.exe!ZwSaveKey + 13C1 82C75339 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82CAED52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 11F7 82CB5EEC 2 Bytes [2E, 3B]
.text ntkrnlpa.exe!KeRemoveQueueEx + 11FA 82CB5EEF 1 Byte [8E]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1553 82CB6248 4 Bytes [38, 3B, E5, 8E] {CMP [EBX], BH; IN EAX, 0x8e}
.text ntkrnlpa.exe!KeRemoveQueueEx + 1597 82CB628C 4 Bytes [33, 3B, E5, 8E] {XOR EDI, [EBX]; IN EAX, 0x8e}
.text ntkrnlpa.exe!KeRemoveQueueEx + 1613 82CB6308 4 Bytes [3D, 3B, E5, 8E]
.text ...
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x9443C000, 0x2C22CE, 0xE8000020]
---- User code sections - GMER 2.1 ----
.text c:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1752] msvcrt.dll!free 76D59894 5 Bytes JMP 0A90D2D0 c:\Program Files\Adobe\Adobe Version Cue CS2\bin\SHSMP.DLL
.text c:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1752] msvcrt.dll!malloc 76D59CEE 5 Bytes JMP 0A90D230 c:\Program Files\Adobe\Adobe Version Cue CS2\bin\SHSMP.DLL
.text c:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1752] msvcrt.dll!??3@YAXPAX@Z 76D5B0B9 5 Bytes JMP 0A90D2D0 c:\Program Files\Adobe\Adobe Version Cue CS2\bin\SHSMP.DLL
.text c:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1752] msvcrt.dll!??2@YAPAXI@Z 76D5B0C9 5 Bytes JMP 0A90D480 c:\Program Files\Adobe\Adobe Version Cue CS2\bin\SHSMP.DLL
.text c:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1752] msvcrt.dll!realloc 76D5B10D 5 Bytes JMP 0A90D2B0 c:\Program Files\Adobe\Adobe Version Cue CS2\bin\SHSMP.DLL
.text c:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1752] msvcrt.dll!calloc 76D5C456 5 Bytes JMP 0A90D270 c:\Program Files\Adobe\Adobe Version Cue CS2\bin\SHSMP.DLL
.text c:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1752] msvcrt.dll!_msize 76D5F43B 5 Bytes JMP 0A90D2E0 c:\Program Files\Adobe\Adobe Version Cue CS2\bin\SHSMP.DLL
.text c:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1752] msvcrt.dll!_aligned_free 76D75942 5 Bytes JMP 0A90D2D0 c:\Program Files\Adobe\Adobe Version Cue CS2\bin\SHSMP.DLL
.text c:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1752] msvcrt.dll!_aligned_malloc 76D8028D 5 Bytes JMP 0A90D3C0 c:\Program Files\Adobe\Adobe Version Cue CS2\bin\SHSMP.DLL
.text c:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1752] msvcrt.dll!_aligned_offset_malloc 76D802A9 5 Bytes JMP 0A90D3E0 c:\Program Files\Adobe\Adobe Version Cue CS2\bin\SHSMP.DLL
.text c:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1752] msvcrt.dll!?set_new_handler@@YAP6AXXZP6AXXZ@Z 76DABFC9 5 Bytes JMP 0A90D500 c:\Program Files\Adobe\Adobe Version Cue CS2\bin\SHSMP.DLL
.text c:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1752] msvcrt.dll!_aligned_offset_realloc 76DABFD9 5 Bytes JMP 0A90D420 c:\Program Files\Adobe\Adobe Version Cue CS2\bin\SHSMP.DLL
.text c:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1752] msvcrt.dll!_aligned_realloc 76DAC163 5 Bytes JMP 0A90D400 c:\Program Files\Adobe\Adobe Version Cue CS2\bin\SHSMP.DLL
.text c:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1752] msvcrt.dll!_expand 76DAC182 5 Bytes JMP 0A90D3A0 c:\Program Files\Adobe\Adobe Version Cue CS2\bin\SHSMP.DLL
.text c:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1752] msvcrt.dll!_heapadd 76DADCFB 5 Bytes JMP 0A90D550 c:\Program Files\Adobe\Adobe Version Cue CS2\bin\SHSMP.DLL
.text c:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1752] msvcrt.dll!_heapchk 76DADD0F 5 Bytes JMP 0A90D560 c:\Program Files\Adobe\Adobe Version Cue CS2\bin\SHSMP.DLL
.text c:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1752] msvcrt.dll!_heapset + 1 76DADE0E 4 Bytes JMP 0A90D581 c:\Program Files\Adobe\Adobe Version Cue CS2\bin\SHSMP.DLL
.text c:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1752] msvcrt.dll!_heapmin 76DADE17 5 Bytes JMP 0A90D650 c:\Program Files\Adobe\Adobe Version Cue CS2\bin\SHSMP.DLL
.text c:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1752] msvcrt.dll!_heapused 76DADEFD 5 Bytes JMP 0A90D620 c:\Program Files\Adobe\Adobe Version Cue CS2\bin\SHSMP.DLL
.text c:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe[1752] msvcrt.dll!_heapwalk 76DADF10 5 Bytes JMP 0A90D590 c:\Program Files\Adobe\Adobe Version Cue CS2\bin\SHSMP.DLL
.text C:\Program Files\Mozilla Firefox\firefox.exe[1880] ntdll.dll!LdrGetProcedureAddress + 26 76E622B3 7 Bytes JMP 63951FD9 C:\Program Files\Mozilla Firefox\mozglue.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[1880] kernel32.dll!K32GetDeviceDriverBaseNameW + 5D 75848996 7 Bytes JMP 5B7C40E1 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[1880] kernel32.dll!GetEnvironmentStringsA + 11 75852FB1 7 Bytes JMP 5B7C4104 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[1880] kernel32.dll!BaseThreadInitThunk + C9 75853CFC 7 Bytes JMP 5AE93255 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[1880] GDI32.dll!GetViewportOrgEx + 26C 757B884B 7 Bytes JMP 5B7C4062 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Thunderbird\thunderbird.exe[4640] ntdll.dll!LdrGetProcedureAddress + 26 76E622B3 7 Bytes JMP 5FC05720 C:\Program Files\Mozilla Thunderbird\xul.dll
.text C:\Program Files\Mozilla Thunderbird\thunderbird.exe[4640] kernel32.dll!K32GetDeviceDriverBaseNameW + 5D 75848996 7 Bytes JMP 608A3624 C:\Program Files\Mozilla Thunderbird\xul.dll
.text C:\Program Files\Mozilla Thunderbird\thunderbird.exe[4640] kernel32.dll!GetEnvironmentStringsA + 11 75852FB1 7 Bytes JMP 608A35DC C:\Program Files\Mozilla Thunderbird\xul.dll
.text C:\Program Files\Mozilla Thunderbird\thunderbird.exe[4640] kernel32.dll!BaseThreadInitThunk + C9 75853CFC 7 Bytes JMP 5FC1650E C:\Program Files\Mozilla Thunderbird\xul.dll
.text C:\Program Files\Mozilla Thunderbird\thunderbird.exe[4640] GDI32.dll!GetViewportOrgEx + 26C 757B884B 7 Bytes JMP 608A364B C:\Program Files\Mozilla Thunderbird\xul.dll
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[4836] USER32.dll!GetWindowInfo 754C4B5E 5 Bytes JMP 5B0C2366 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[4836] USER32.dll!ToUnicodeEx + 71 754D2223 7 Bytes JMP 5B0BBD82 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] ntdll.dll!NtCreateFile + 6 76E455CE 4 Bytes [28, 00, 17, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] ntdll.dll!NtCreateFile + B 76E455D3 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] ntdll.dll!NtCreateKey + 6 76E4560E 4 Bytes [68, 01, 17, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] ntdll.dll!NtCreateKey + B 76E45613 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] ntdll.dll!NtCreateMutant + 6 76E4564E 4 Bytes [68, 02, 17, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] ntdll.dll!NtCreateMutant + B 76E45653 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] ntdll.dll!NtCreateSection + 6 76E456EE 4 Bytes [A8, 02, 17, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] ntdll.dll!NtCreateSection + B 76E456F3 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] ntdll.dll!NtMapViewOfSection + 6 76E45C2E 4 Bytes CALL 75E47337 C:\Windows\system32\SHELL32.dll
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] ntdll.dll!NtMapViewOfSection + B 76E45C33 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] ntdll.dll!NtOpenFile + 6 76E45CDE 4 Bytes [68, 00, 17, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] ntdll.dll!NtOpenFile + B 76E45CE3 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] ntdll.dll!NtOpenKey + 6 76E45D0E 4 Bytes [A8, 01, 17, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] ntdll.dll!NtOpenKey + B 76E45D13 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] ntdll.dll!NtOpenKeyEx + 6 76E45D1E 4 Bytes CALL 75E47424 C:\Windows\system32\SHELL32.dll
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] ntdll.dll!NtOpenKeyEx + B 76E45D23 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] ntdll.dll!NtOpenMutant + 6 76E45D5E 4 Bytes [28, 02, 17, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] ntdll.dll!NtOpenMutant + B 76E45D63 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] ntdll.dll!NtOpenProcess + 6 76E45D8E 1 Byte [68]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] ntdll.dll!NtOpenProcess + 6 76E45D8E 4 Bytes [68, 03, 17, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] ntdll.dll!NtOpenProcess + B 76E45D93 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] ntdll.dll!NtOpenProcessToken + 6 76E45D9E 1 Byte [A8]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] ntdll.dll!NtOpenProcessToken + 6 76E45D9E 4 Bytes [A8, 03, 17, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] ntdll.dll!NtOpenProcessToken + B 76E45DA3 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] ntdll.dll!NtOpenProcessTokenEx + 6 76E45DAE 4 Bytes [68, 04, 17, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] ntdll.dll!NtOpenProcessTokenEx + B 76E45DB3 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] ntdll.dll!NtOpenSection + 6 76E45DCE 4 Bytes CALL 75E474D5 C:\Windows\system32\SHELL32.dll
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] ntdll.dll!NtOpenSection + B 76E45DD3 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] ntdll.dll!NtOpenThread + 6 76E45E0E 1 Byte [28]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] ntdll.dll!NtOpenThread + 6 76E45E0E 4 Bytes [28, 03, 17, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] ntdll.dll!NtOpenThread + B 76E45E13 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] ntdll.dll!NtOpenThreadToken + 6 76E45E1E 4 Bytes [28, 04, 17, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] ntdll.dll!NtOpenThreadToken + B 76E45E23 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] ntdll.dll!NtOpenThreadTokenEx + 6 76E45E2E 4 Bytes [A8, 04, 17, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] ntdll.dll!NtOpenThreadTokenEx + B 76E45E33 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] ntdll.dll!NtQueryAttributesFile + 6 76E45F3E 4 Bytes [A8, 00, 17, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] ntdll.dll!NtQueryAttributesFile + B 76E45F43 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] ntdll.dll!NtQueryFullAttributesFile + 6 76E45FEE 4 Bytes CALL 75E476F3 C:\Windows\system32\SHELL32.dll
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] ntdll.dll!NtQueryFullAttributesFile + B 76E45FF3 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] ntdll.dll!NtSetInformationFile + 6 76E4663E 4 Bytes [28, 01, 17, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] ntdll.dll!NtSetInformationFile + B 76E46643 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] ntdll.dll!NtSetInformationThread + 6 76E4669E 1 Byte [E8]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] ntdll.dll!NtSetInformationThread + 6 76E4669E 4 Bytes CALL 75E47DA6 C:\Windows\system32\SHELL32.dll
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] ntdll.dll!NtSetInformationThread + B 76E466A3 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] ntdll.dll!NtUnmapViewOfSection + 6 76E469BE 4 Bytes [28, 05, 17, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] ntdll.dll!NtUnmapViewOfSection + B 76E469C3 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] kernel32.dll!CreateProcessW 7580204D 5 Bytes JMP 00180030
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] kernel32.dll!CreateProcessA 75802082 5 Bytes JMP 00180070
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] GDI32.dll!DeleteObject 757B5F14 5 Bytes JMP 002301B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] GDI32.dll!SelectObject 757B6640 5 Bytes JMP 002305F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] GDI32.dll!SetTextColor 757B6906 5 Bytes JMP 00230A30
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] GDI32.dll!SetBkMode 757B69B1 5 Bytes JMP 002308F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] GDI32.dll!DeleteDC 757B6EAA 5 Bytes JMP 00230170
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] GDI32.dll!GetDeviceCaps 757B6F7F 5 Bytes JMP 002303B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] GDI32.dll!ExtSelectClipRgn 757B7114 5 Bytes JMP 002302F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] GDI32.dll!SelectClipRgn 757B7242 5 Bytes JMP 002305B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] GDI32.dll!SetStretchBltMode 757B7705 5 Bytes JMP 002306B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] GDI32.dll!GetCurrentObject 757B7917 5 Bytes JMP 00230370
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] GDI32.dll!GetTextMetricsW 757B7B8F 5 Bytes JMP 00230E30
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] GDI32.dll!GetTextAlign 757B7DAF 5 Bytes JMP 00230D70
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] GDI32.dll!IntersectClipRect 757B7DFE 5 Bytes JMP 002303F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] GDI32.dll!ExtTextOutW 757B8192 5 Bytes JMP 00230970
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] GDI32.dll!SetTextAlign 757B828E 5 Bytes JMP 002309F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] GDI32.dll!GetClipBox 757B8525 5 Bytes JMP 00230330
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] GDI32.dll!MoveToEx 757B8C21 5 Bytes JMP 00230470
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] GDI32.dll!StretchDIBits 757BA53E 5 Bytes JMP 00230770
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] GDI32.dll!RestoreDC 757BA67B 5 Bytes JMP 00230530
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] GDI32.dll!SaveDC 757BA74B 5 Bytes JMP 00230570
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] GDI32.dll!GetTextExtentPoint32W 757BB4B5 5 Bytes JMP 00230670
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] GDI32.dll!GetTextFaceW 757BB73A 2 Bytes JMP 00230D30
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] GDI32.dll!GetTextFaceW + 3 757BB73D 2 Bytes [A7, 8A]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] GDI32.dll!GetFontData 757BBCC4 5 Bytes JMP 00230C70
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] GDI32.dll!SetWorldTransform 757BC90A 5 Bytes JMP 002306F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] GDI32.dll!CreateDCA 757BCCA9 5 Bytes JMP 002300B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] GDI32.dll!CreateDCW 757BCF79 5 Bytes JMP 002300F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] GDI32.dll!CreateICW 757BCFD0 5 Bytes JMP 00230130
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] GDI32.dll!GetTextMetricsA 757BD0F2 5 Bytes JMP 00230DF0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] GDI32.dll!Rectangle 757BF1FF 5 Bytes JMP 002309B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] GDI32.dll!LineTo 757BF59B 5 Bytes JMP 00230430
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] GDI32.dll!SetICMMode 757BFAA4 5 Bytes JMP 00230DB0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] GDI32.dll!ExtTextOutA 757C03F9 5 Bytes JMP 00230930
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] GDI32.dll!GetTextExtentPoint32A 757C07B0 5 Bytes JMP 00230630
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] GDI32.dll!ExtEscape 757C2949 5 Bytes JMP 002302B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] GDI32.dll!Escape 757C3939 5 Bytes JMP 00230270
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] GDI32.dll!GetTextFaceA 757C3E6A 5 Bytes JMP 00230CF0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] GDI32.dll!SetPolyFillMode 757CD851 5 Bytes JMP 00230B30
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] GDI32.dll!SetMiterLimit 757CDA0D 5 Bytes JMP 00230B70
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] GDI32.dll!EndPage 757D00D7 5 Bytes JMP 00230230
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] GDI32.dll!ResetDCW 757D050D 5 Bytes JMP 00230AB0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] GDI32.dll!GetGlyphOutlineW 757DC1BA 5 Bytes JMP 00230CB0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] GDI32.dll!CreateScalableFontResourceW 757DE817 5 Bytes JMP 00230BB0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] GDI32.dll!AddFontResourceW 757DEC13 5 Bytes JMP 00230BF0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] GDI32.dll!RemoveFontResourceW 757DF109 5 Bytes JMP 00230C30
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] GDI32.dll!AbortDoc 757E4C63 5 Bytes JMP 00230030
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] GDI32.dll!EndDoc 757E50AA 5 Bytes JMP 002301F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] GDI32.dll!StartPage 757E5195 5 Bytes JMP 00230730
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] GDI32.dll!StartDocW 757E5BB0 5 Bytes JMP 002307F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] GDI32.dll!BeginPath 757E635D 5 Bytes JMP 00230830
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] GDI32.dll!SelectClipPath 757E63B4 5 Bytes JMP 00230AF0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] GDI32.dll!CloseFigure 757E640F 5 Bytes JMP 00230070
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] GDI32.dll!EndPath 757E6466 5 Bytes JMP 00230A70
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] GDI32.dll!StrokePath 757E6699 5 Bytes JMP 002307B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] GDI32.dll!FillPath 757E6726 5 Bytes JMP 00230870
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] GDI32.dll!PolylineTo 757E6B94 5 Bytes JMP 002304F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] GDI32.dll!PolyBezierTo 757E6C25 5 Bytes JMP 002304B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] GDI32.dll!PolyDraw 757E6CD7 5 Bytes JMP 002308B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] USER32.dll!ActivateKeyboardLayout 754B8203 5 Bytes JMP 002404F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] USER32.dll!ScreenToClient 754BA506 7 Bytes JMP 00240670
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] USER32.dll!RegisterClipboardFormatA 754BC091 5 Bytes JMP 002402F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] USER32.dll!RegisterClipboardFormatW 754BDF8D 5 Bytes JMP 002402B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] USER32.dll!SetCursor 754C3075 5 Bytes JMP 00240530
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] USER32.dll!MonitorFromWindow 754C3622 7 Bytes JMP 00240630
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] USER32.dll!PostMessageW 754C447B 5 Bytes JMP 002405F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] USER32.dll!IsWindowVisible 754C4D69 7 Bytes JMP 002406B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] USER32.dll!GetClientRect 754C54DD 7 Bytes JMP 002405B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] USER32.dll!MapWindowPoints 754C5CAA 5 Bytes JMP 00240570
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] USER32.dll!GetParent 754C6029 7 Bytes JMP 002406F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] USER32.dll!EmptyClipboard 754D290C 5 Bytes JMP 00240130
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] USER32.dll!SetClipboardData 754D2962 5 Bytes JMP 00240170
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] USER32.dll!GetClipboardData 754D2BA7 5 Bytes JMP 00240030
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] USER32.dll!GetClipboardFormatNameW 754D5FD2 5 Bytes JMP 00240230
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] USER32.dll!SetClipboardViewer 754D6FF6 5 Bytes JMP 002404B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] USER32.dll!GetClipboardFormatNameA 754D700A 5 Bytes JMP 00240270
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] USER32.dll!ChangeClipboardChain 754E147C 5 Bytes JMP 00240430
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] USER32.dll!GetTopWindow 754E24D9 7 Bytes JMP 00240730
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] USER32.dll!CloseClipboard 754E446C 5 Bytes JMP 002400B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] USER32.dll!OpenClipboard 754E447E 5 Bytes JMP 00240070
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] USER32.dll!IsClipboardFormatAvailable 754E44FF 5 Bytes JMP 002400F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] USER32.dll!GetClipboardSequenceNumber 754E4513 5 Bytes JMP 00240330
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] USER32.dll!GetClipboardOwner 754E4525 5 Bytes JMP 00240370
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] USER32.dll!CountClipboardFormats 754E470A 5 Bytes JMP 002401F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] USER32.dll!EnumClipboardFormats 754E47EC 5 Bytes JMP 002401B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] USER32.dll!GetOpenClipboardWindow 754E480B 5 Bytes JMP 002403F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] USER32.dll!SetCursorPos 754FC1B0 5 Bytes JMP 00240770
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] USER32.dll!GetClipboardViewer 75514AF7 5 Bytes JMP 00240470
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] USER32.dll!GetPriorityClipboardFormat 75514BF9 5 Bytes JMP 002403B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] ole32.dll!OleSetClipboard 76AA0045 5 Bytes JMP 00250030
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] ole32.dll!OleIsCurrentClipboard 76AA36B2 5 Bytes JMP 00250070
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe[5612] ole32.dll!OleGetClipboard 76ACFDCD 5 Bytes JMP 002500B0
---- Devices - GMER 2.1 ----
Device \Driver\BTHUSB \Device\00000073 bthport.sys
Device \Driver\BTHUSB \Device\00000075 bthport.sys
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\c0cb38d919db
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\c0cb38d919db@1cb094fe5795 0xF5 0x65 0x7C 0xBF ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\c0cb38d919db (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\c0cb38d919db@1cb094fe5795 0xF5 0x65 0x7C 0xBF ...
---- EOF - GMER 2.1 ----
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version:01-05-2014
Ran by goekky at 2014-05-02 14:25:55
Running from C:\Users\goekky\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
2007 Microsoft Office Suite Service Pack 1 (SP1) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}) (Version: - Microsoft)
2007 Microsoft Office Suite Service Pack 1 (SP1) (Version: - Microsoft) Hidden
7-Zip 9.20 (HKLM\...\7-Zip) (Version: - )
Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.8.0.870 - Adobe Systems Incorporated)
Adobe AIR (Version: 3.8.0.870 - Adobe Systems Incorporated) Hidden
Adobe Bridge 1.0 (Version: 001.000.001 - Adobe Systems) Hidden
Adobe Common File Installer (Version: 1.00.001 - Adobe System Incorporated) Hidden
Adobe Creative Suite 2 (HKLM\...\{0134A1A1-C283-4A47-91A1-92F19F960372}) (Version: - )
Adobe Flash Player 13 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 13.0.0.206 - Adobe Systems Incorporated)
Adobe Help Center 1.0 (Version: 1.0.1 - Adobe Systems) Hidden
Adobe Illustrator CS2 (Version: 12.000.000 - Adobe Systems Inc.) Hidden
Adobe InDesign CS2 (Version: 004.000.000 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS2 (Version: 9.0 - Adobe Systems, Inc.) Hidden
Adobe Reader XI (11.0.06) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Adobe Stock Photos 1.0 (Version: 1.0.1 - Adobe Systems) Hidden
Adobe SVG Viewer 3.0 (HKLM\...\Adobe SVG Viewer) (Version: 3.0 - Adobe Systems, Inc.)
Adobe Version Cue CS2 (Version: 2.0 - Adobe Systems, Inc.) Hidden
Alps Pointing-device for VAIO (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: - ALPS ELECTRIC CO., LTD.)
Apple Application Support (HKLM\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{18D47FA1-0440-48D3-A7E0-DA09537FF471}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATI Catalyst Install Manager (HKLM\...\{2C659C60-BDF5-33B7-E136-9D1F4D7699AB}) (Version: 3.0.750.0 - ATI Technologies, Inc.)
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.3.350 - Avira)
Avira SearchFree Toolbar (HKLM\...\{41564952-412D-5637-4300-A758B70C0A03}) (Version: 12.10.3.4691 - APN, LLC)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Catalyst Control Center Core Implementation (Version: 2010.0209.16.306 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (Version: 2010.0209.16.306 - ATI) Hidden
Catalyst Control Center Graphics Full New (Version: 2010.0209.16.306 - ATI) Hidden
Catalyst Control Center Graphics Light (Version: 2010.0209.16.306 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (Version: 2010.0209.16.306 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (Version: 2010.0209.16.306 - ATI) Hidden
Catalyst Control Center InstallProxy (Version: 2010.0209.16.306 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (Version: 2010.0209.16.306 - ATI) Hidden
CCC Help Chinese Standard (Version: 2010.0209.0015.306 - ATI) Hidden
CCC Help Chinese Traditional (Version: 2010.0209.0015.306 - ATI) Hidden
CCC Help Czech (Version: 2010.0209.0015.306 - ATI) Hidden
CCC Help Danish (Version: 2010.0209.0015.306 - ATI) Hidden
CCC Help Dutch (Version: 2010.0209.0015.306 - ATI) Hidden
CCC Help English (Version: 2010.0209.0015.306 - ATI) Hidden
CCC Help Finnish (Version: 2010.0209.0015.306 - ATI) Hidden
CCC Help French (Version: 2010.0209.0015.306 - ATI) Hidden
CCC Help German (Version: 2010.0209.0015.306 - ATI) Hidden
CCC Help Greek (Version: 2010.0209.0015.306 - ATI) Hidden
CCC Help Hungarian (Version: 2010.0209.0015.306 - ATI) Hidden
CCC Help Italian (Version: 2010.0209.0015.306 - ATI) Hidden
CCC Help Japanese (Version: 2010.0209.0015.306 - ATI) Hidden
CCC Help Korean (Version: 2010.0209.0015.306 - ATI) Hidden
CCC Help Norwegian (Version: 2010.0209.0015.306 - ATI) Hidden
CCC Help Polish (Version: 2010.0209.0015.306 - ATI) Hidden
CCC Help Portuguese (Version: 2010.0209.0015.306 - ATI) Hidden
CCC Help Russian (Version: 2010.0209.0015.306 - ATI) Hidden
CCC Help Spanish (Version: 2010.0209.0015.306 - ATI) Hidden
CCC Help Swedish (Version: 2010.0209.0015.306 - ATI) Hidden
CCC Help Thai (Version: 2010.0209.0015.306 - ATI) Hidden
CCC Help Turkish (Version: 2010.0209.0015.306 - ATI) Hidden
ccc-core-static (Version: 2010.0209.16.306 - Ihr Firmenname) Hidden
ccc-utility (Version: 2010.0209.16.306 - ATI) Hidden
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 4.48.1.0347 - Disc Soft Ltd)
HTC BMP USB Driver (HKLM\...\{31A559C1-9E4D-423B-9DD3-34A6C5398752}) (Version: 1.0.5375 - HTC)
HTC Driver Installer (HKLM\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.5.0.001 - HTC Corporation)
HTC Sync (HKLM\...\{CBDAE89D-8ABD-4DC5-9309-C2C58696B371}) (Version: 3.3.63 - HTC Corporation)
IPTInstaller (HKLM\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.8 - HTC)
iTunes (HKLM\...\{2F21564D-DE05-4C6D-B21E-08B9D313FAB3}) (Version: 11.1.5.5 - Apple Inc.)
Malwarebytes Anti-Malware Version 2.0.1.1004 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
Microsoft Office Access MUI (German) 2007 (Version: 12.0.6215.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6215.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (Version: 12.0.6215.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2007 (Version: 12.0.6215.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2007 (Version: 12.0.6215.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2007 (Version: 12.0.6215.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2007 (Version: 12.0.6215.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2007 (Version: 12.0.6215.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.6215.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.6213.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6213.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (Version: 12.0.6213.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (Version: 12.0.6213.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2007 (Version: 12.0.6215.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (Version: 12.0.6215.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (Version: 12.0.6215.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20513.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 28.0 (x86 de) (HKLM\...\Mozilla Firefox 28.0 (x86 de)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 24.5.0 - Mozilla)
Mozilla Thunderbird 24.5.0 (x86 de) (HKLM\...\Mozilla Thunderbird 24.5.0 (x86 de)) (Version: 24.5.0 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
PDF24 Creator 6.0.1 (HKLM\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org)
QuickTime (HKLM\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6098 - Realtek Semiconductor Corp.)
Skype™ 6.14 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
Suite Specific (Version: 2.0.0 - Adobe Systems, Incorporated) Hidden
VAIO Smart Network (HKLM\...\{0899D75A-C2FC-42EA-A702-5B9A5F24EAD5}) (Version: 3.3.0.06080 - Sony Corporation)
Wartung Samsung CLX-3180 Series (HKLM\...\Samsung CLX-3180 Series) (Version: - Samsung Electronics Co., Ltd.)
WIDCOMM Bluetooth Software (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.5600 - Broadcom Corporation)
WinRAR 5.01 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
==================== Restore Points =========================
14-03-2014 15:01:03 Geplanter Prüfpunkt
25-03-2014 14:05:23 Geplanter Prüfpunkt
02-04-2014 13:37:48 Geplanter Prüfpunkt
10-04-2014 07:46:58 Geplanter Prüfpunkt
19-04-2014 10:37:55 Geplanter Prüfpunkt
26-04-2014 12:42:11 Windows-Sicherung
26-04-2014 19:19:44 Windows-Sicherung
26-04-2014 20:27:36 Windows-Sicherung
26-04-2014 21:11:58 Windows-Sicherung
29-04-2014 15:38:25 Installed HTC Sync.
==================== Hosts content: ==========================
2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {2FA50F1F-E0E1-451F-B7B8-AED189D61953} - System32\Tasks\Launch HTC Sync Loader => C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe [2013-09-03] ()
Task: {A759D865-176A-4876-AC50-703A422AF444} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {DB376296-55DF-44FE-B189-7135FD5DD51E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-28] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Loaded Modules (whitelisted) =============
2013-11-22 12:40 - 2011-06-22 18:13 - 00024064 _____ () C:\Windows\System32\sst2cl3.dll
2013-11-22 12:40 - 2011-06-22 18:12 - 00540672 _____ () C:\Windows\system32\spool\DRIVERS\W32X86\3\sst2cdu.dll
2014-04-30 16:37 - 2013-10-31 19:25 - 00394808 _____ () C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
2005-04-06 17:52 - 2005-04-06 17:52 - 00028791 _____ () c:\Program Files\Adobe\Adobe Version Cue CS2\jre\bin\hpi.dll
2005-04-06 17:53 - 2005-04-06 17:53 - 00057453 _____ () c:\Program Files\Adobe\Adobe Version Cue CS2\jre\bin\verify.dll
2005-04-06 17:53 - 2005-04-06 17:53 - 00102515 _____ () c:\Program Files\Adobe\Adobe Version Cue CS2\jre\bin\java.dll
2005-04-06 17:53 - 2005-04-06 17:53 - 00053364 _____ () c:\Program Files\Adobe\Adobe Version Cue CS2\jre\bin\zip.dll
2005-04-06 17:53 - 2005-04-06 17:53 - 00057455 _____ () C:\Program Files\Adobe\Adobe Version Cue CS2\jre\bin\net.dll
2005-04-06 17:53 - 2005-04-06 17:53 - 00032880 _____ () C:\Program Files\Adobe\Adobe Version Cue CS2\jre\bin\nio.dll
2005-04-06 17:53 - 2005-04-06 17:53 - 00434255 _____ () c:\Program Files\Adobe\Adobe Version Cue CS2\bin\ps-rw-vc-v8_58.dll
2005-04-06 17:53 - 2005-04-06 17:53 - 01019904 _____ () c:\Program Files\Adobe\Adobe Version Cue CS2\bin\ps-vc-v8_58.dll
2014-02-12 21:58 - 2014-02-12 21:58 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 21:58 - 2014-02-12 21:58 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-04-29 17:35 - 2012-12-07 17:26 - 00167424 _____ () C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
2005-04-06 17:53 - 2005-04-06 17:53 - 03502080 _____ () c:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
2013-09-03 11:58 - 2013-09-03 11:58 - 00659456 _____ () C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe
2013-09-03 11:58 - 2013-09-03 11:58 - 00109056 _____ () C:\Program Files\HTC\HTC Sync 3.0\OutputLog.dll
2013-09-03 11:58 - 2013-09-03 11:58 - 00516599 _____ () C:\Program Files\HTC\HTC Sync 3.0\sqlite3.dll
2013-09-03 11:58 - 2013-09-03 11:58 - 00094208 _____ () C:\Program Files\HTC\HTC Sync 3.0\fdHttpd.dll
2013-09-03 11:58 - 2013-09-03 11:58 - 00405504 _____ () C:\Program Files\HTC\HTC Sync 3.0\HtcDetect.dll
2013-09-03 11:58 - 2013-09-03 11:58 - 00159744 _____ () C:\Program Files\HTC\HTC Sync 3.0\htcDisk.dll
2013-09-03 11:58 - 2013-09-03 11:58 - 00172032 _____ () C:\Program Files\HTC\HTC Sync 3.0\htcDetectLegend.dll
2013-09-03 11:58 - 2013-09-03 11:58 - 00559244 _____ () C:\Program Files\HTC\HTC Sync 3.0\sqlite3.7.dll
2013-09-03 11:58 - 2013-09-03 11:58 - 00010240 _____ () C:\Program Files\HTC\HTC Sync 3.0\ItemSyncLimit.dll
2013-09-03 11:58 - 2013-09-03 11:58 - 01515520 _____ () C:\Program Files\HTC\HTC Sync 3.0\Maps\R66Api.dll
2013-11-21 13:20 - 2013-11-21 13:20 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2014-04-30 12:26 - 2014-04-30 12:26 - 03019888 _____ () C:\Program Files\Mozilla Thunderbird\mozjs.dll
2014-04-30 12:26 - 2014-04-30 12:26 - 00158832 _____ () C:\Program Files\Mozilla Thunderbird\NSLDAP32V60.dll
2014-04-30 12:26 - 2014-04-30 12:26 - 00023152 _____ () C:\Program Files\Mozilla Thunderbird\NSLDAPPR32V60.dll
2014-03-19 21:23 - 2014-03-19 21:23 - 03642480 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2014-04-28 19:34 - 2014-04-28 19:34 - 16351920 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_206.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
==================== Disabled items from MSCONFIG ==============
==================== Faulty Device Manager Devices =============
Name: Marvell Yukon 88E8059 PCI-E Gigabit Ethernet Controller
Description: Marvell Yukon 88E8059 PCI-E Gigabit Ethernet Controller
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Marvell
Service: yukonw7
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (05/02/2014 00:56:29 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/02/2014 00:55:20 PM) (Source: Bonjour Service) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding 17 108.2.168.192.in-addr.arpa. PTR goekky-PC.local.
Error: (05/02/2014 00:55:20 PM) (Source: Bonjour Service) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.2.108:5353 19 108.2.168.192.in-addr.arpa. PTR goekky-PC-2.local.
Error: (05/02/2014 11:47:25 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/02/2014 11:45:58 AM) (Source: Bonjour Service) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding 17 108.2.168.192.in-addr.arpa. PTR goekky-PC.local.
Error: (05/02/2014 11:45:58 AM) (Source: Bonjour Service) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.2.108:5353 19 108.2.168.192.in-addr.arpa. PTR goekky-PC-2.local.
Error: (05/02/2014 10:10:12 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2543
Error: (05/02/2014 10:10:12 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2543
Error: (05/02/2014 10:10:12 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (05/02/2014 02:50:49 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4212
System errors:
=============
Error: (05/02/2014 02:06:44 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst VSNService erreicht.
Error: (05/02/2014 11:44:29 AM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst VSNService erreicht.
Error: (05/02/2014 02:50:35 AM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst VSNService erreicht.
Error: (05/01/2014 08:33:53 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst VSNService erreicht.
Error: (05/01/2014 00:52:52 PM) (Source: BugCheck) (User: )
Description: 0x00000019 (0x00000020, 0x88f0f2b0, 0x88f0f2c8, 0x08030017)C:\Windows\MEMORY.DMP050114-20685-01
Error: (05/01/2014 00:52:47 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am 01.05.2014 um 12:51:45 unerwartet heruntergefahren.
Error: (05/01/2014 01:35:43 AM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst VSNService erreicht.
Error: (04/30/2014 07:32:36 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst VSNService erreicht.
Error: (04/30/2014 06:01:30 PM) (Source: DCOM) (User: )
Description: {1A1F4206-0688-4E7F-BE03-D82EC69DF9A5}
Error: (04/30/2014 05:33:03 PM) (Source: DCOM) (User: )
Description: {51FA2736-5DEE-11D4-98E8-006008BF430C}
Microsoft Office Sessions:
=========================
==================== Memory info ===========================
Percentage of memory in use: 37%
Total physical RAM: 3566.11 MB
Available physical RAM: 2217.33 MB
Total Pagefile: 7130.5 MB
Available Pagefile: 5195.37 MB
Total Virtual: 2047.88 MB
Available Virtual: 1898.25 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:200.34 GB) (Free:99.77 GB) NTFS
Drive d: () (Fixed) (Total:97.66 GB) (Free:96.03 GB) NTFS
Drive e: (GSP1RMCPRFREO_DE_DVD) (CDROM) (Total:2.34 GB) (Free:0 GB) UDF
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 9788BCBB)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=200 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=98 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 30.04.2014 Scan Time: 17:28:27 Logfile: mbam.txt Administrator: Yes Version: 2.00.1.1004 Malware Database: v2014.04.30.07 Rootkit Database: v2014.03.27.01 License: Trial Malware Protection: Enabled Malicious Website Protection: Enabled Chameleon: Disabled OS: Windows 7 Service Pack 1 CPU: x86 File System: NTFS User: goekky Scan Type: Threat Scan Result: Completed Objects Scanned: 260549 Time Elapsed: 23 min, 6 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Shuriken: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 1 PUP.Optional.Softonic.A, HKU\S-1-5-21-1423429963-998173470-4169035595-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\softonicToolbar, Delete-on-Reboot, [3f400f2181fa50e6b086611a8979619f], Registry Values: 2 Trojan.Ransom.Gend, HKU\S-1-5-21-1423429963-998173470-4169035595-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|bhcwzj, regsvr32.exe "C:\ProgramData\bhcwzj.dat", Delete-on-Reboot, [017e5dd332490e288a5abb4ce71a8f71] Trojan.Ransom.Gend, HKU\S-1-5-21-1423429963-998173470-4169035595-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|bhcwzj, regsvr32.exe "C:\ProgramData\bhcwzj.dat", Quarantined, [017e5dd332490e288a5abb4ce71a8f71] Registry Data: 0 (No malicious items detected) Folders: 7 PUP.Optional.OpenCandy, C:\Users\goekky\AppData\Roaming\OpenCandy, Quarantined, [94eb43ed84f7c175a4672244d62c5ca4], PUP.Optional.OpenCandy, C:\Users\goekky\AppData\Roaming\OpenCandy\E7D5A0CF28DC40179FE1B8950C497D91, Quarantined, [94eb43ed84f7c175a4672244d62c5ca4], PUP.Optional.Softonic.A, C:\Users\goekky\AppData\Local\Google\Chrome\User Data\default\extensions\elchiiiejkobdbblfejjkbphbddgmljf, Quarantined, [6e113df3c6b5b0868b56a5c8a062916f], PUP.Optional.Softonic.A, C:\Users\goekky\AppData\Local\Google\Chrome\User Data\default\extensions\elchiiiejkobdbblfejjkbphbddgmljf\1.0_0, Quarantined, [6e113df3c6b5b0868b56a5c8a062916f], PUP.Optional.Softonic.A, C:\Users\goekky\AppData\Local\Temp\mt_ffx\Softonic, Quarantined, [57283cf40d6e5bdb9a49b3ba8e7415eb], PUP.Optional.Softonic.A, C:\Users\goekky\AppData\Local\Temp\mt_ffx\Softonic\Softonic, Quarantined, [57283cf40d6e5bdb9a49b3ba8e7415eb], PUP.Optional.Softonic.A, C:\Users\goekky\AppData\Local\Temp\mt_ffx\Softonic\Softonic\1.8.21.14, Quarantined, [57283cf40d6e5bdb9a49b3ba8e7415eb], Files: 22 Trojan.Ransom.Gend, C:\ProgramData\bhcwzj.dat, Quarantined, [017e5dd332490e288a5abb4ce71a8f71], PUP.Optional.OpenCandy.A, C:\Users\goekky\AppData\Roaming\OpenCandy\E7D5A0CF28DC40179FE1B8950C497D91\Setupsft_chr_p1v7.exe, Quarantined, [ea95aa86077425118717a483e1235ea2], Trojan.Agent.EF, C:\Users\goekky\AppData\Local\Temp\Rar$EXa0.498\vertrag_16.08.2013-signed_8D18939261524451E.exe, Quarantined, [2c533000106b0630540be942aa5a32ce], Backdoor.Bot, C:\Users\goekky\AppData\Local\Temp\Rar$EXa0.702\fax_FC63589826333C70656B.exe, Quarantined, [7e0177b998e31a1ce60c0f4037ca926e], PUP.Optional.OpenCandy, C:\Users\goekky\Downloads\DTLite4481-0347.exe, Quarantined, [9ae52010a3d865d158ea3029df25a45c], PUP.Optional.Babylon.A, C:\Users\goekky\Downloads\Unlocker1.9.2.exe, Quarantined, [6f10ee420d6ea88e07b424de05fcec14], PUP.Optional.Spigot.A, C:\Users\goekky\Downloads\YTD471Setup.exe, Quarantined, [f788230d42395bdbeb928e98ce329868], PUP.Optional.Softonic.A, C:\Users\goekky\AppData\Local\Google\Chrome\User Data\default\extensions\elchiiiejkobdbblfejjkbphbddgmljf\1.0_0\appCntrl.js, Quarantined, [6e113df3c6b5b0868b56a5c8a062916f], PUP.Optional.Softonic.A, C:\Users\goekky\AppData\Local\Google\Chrome\User Data\default\extensions\elchiiiejkobdbblfejjkbphbddgmljf\1.0_0\bg.html, Quarantined, [6e113df3c6b5b0868b56a5c8a062916f], PUP.Optional.Softonic.A, C:\Users\goekky\AppData\Local\Google\Chrome\User Data\default\extensions\elchiiiejkobdbblfejjkbphbddgmljf\1.0_0\bg.js, Quarantined, [6e113df3c6b5b0868b56a5c8a062916f], PUP.Optional.Softonic.A, C:\Users\goekky\AppData\Local\Google\Chrome\User Data\default\extensions\elchiiiejkobdbblfejjkbphbddgmljf\1.0_0\chMntz.dll, Quarantined, [6e113df3c6b5b0868b56a5c8a062916f], PUP.Optional.Softonic.A, C:\Users\goekky\AppData\Local\Google\Chrome\User Data\default\extensions\elchiiiejkobdbblfejjkbphbddgmljf\1.0_0\CrmAdpt.dll, Quarantined, [6e113df3c6b5b0868b56a5c8a062916f], PUP.Optional.Softonic.A, C:\Users\goekky\AppData\Local\Google\Chrome\User Data\default\extensions\elchiiiejkobdbblfejjkbphbddgmljf\1.0_0\ct.js, Quarantined, [6e113df3c6b5b0868b56a5c8a062916f], PUP.Optional.Softonic.A, C:\Users\goekky\AppData\Local\Google\Chrome\User Data\default\extensions\elchiiiejkobdbblfejjkbphbddgmljf\1.0_0\CTB.dll, Quarantined, [6e113df3c6b5b0868b56a5c8a062916f], PUP.Optional.Softonic.A, C:\Users\goekky\AppData\Local\Google\Chrome\User Data\default\extensions\elchiiiejkobdbblfejjkbphbddgmljf\1.0_0\dpk.js, Quarantined, [6e113df3c6b5b0868b56a5c8a062916f], PUP.Optional.Softonic.A, C:\Users\goekky\AppData\Local\Google\Chrome\User Data\default\extensions\elchiiiejkobdbblfejjkbphbddgmljf\1.0_0\hprtkMsg.htm, Quarantined, [6e113df3c6b5b0868b56a5c8a062916f], PUP.Optional.Softonic.A, C:\Users\goekky\AppData\Local\Google\Chrome\User Data\default\extensions\elchiiiejkobdbblfejjkbphbddgmljf\1.0_0\hprtkMsg.js, Quarantined, [6e113df3c6b5b0868b56a5c8a062916f], PUP.Optional.Softonic.A, C:\Users\goekky\AppData\Local\Google\Chrome\User Data\default\extensions\elchiiiejkobdbblfejjkbphbddgmljf\1.0_0\json2.min.js, Quarantined, [6e113df3c6b5b0868b56a5c8a062916f], PUP.Optional.Softonic.A, C:\Users\goekky\AppData\Local\Google\Chrome\User Data\default\extensions\elchiiiejkobdbblfejjkbphbddgmljf\1.0_0\logo.png, Quarantined, [6e113df3c6b5b0868b56a5c8a062916f], PUP.Optional.Softonic.A, C:\Users\goekky\AppData\Local\Google\Chrome\User Data\default\extensions\elchiiiejkobdbblfejjkbphbddgmljf\1.0_0\manifest.json, Quarantined, [6e113df3c6b5b0868b56a5c8a062916f], PUP.Optional.Softonic.A, C:\Users\goekky\AppData\Local\Google\Chrome\User Data\default\extensions\elchiiiejkobdbblfejjkbphbddgmljf\1.0_0\pref.json, Quarantined, [6e113df3c6b5b0868b56a5c8a062916f], PUP.Optional.Softonic.A, C:\Users\goekky\AppData\Local\Temp\mt_ffx\Softonic\Softonic\1.8.21.14\softonic.xpi, Quarantined, [57283cf40d6e5bdb9a49b3ba8e7415eb], Physical Sectors: 0 (No malicious items detected) (end) |
|
02.05.2014, 15:31
| #2 |
| /// TB-Ausbilder   | Kann Antivir nach Trojanerangriff nicht mehr öffnen. Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen. Bitte beachte folgende Hinweise:
Alle Tools auf dem Deskto abspeichern und von dort starten! Scan mit Combofix
|
|
02.05.2014, 16:39
| #3 |
| | Kann Antivir nach Trojanerangriff nicht mehr öffnen. Ok. Hab Combofix ausgeführt aber Antivir Desktop kann ich nicht ausschalten da ich das Programm nicht einmal ausführen kann. Es kommt immer die gleiche Meldung.
__________________Hier die Combofix ergebnisse: Code:
ATTFilter ComboFix 14-04-30.01 - goekky 02.05.2014 17:18:00.1.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.3566.2354 [GMT 2:00]
ausgeführt von:: c:\users\goekky\Desktop\ComboFix.exe
AV: Avira Desktop *Enabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Enabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((( Dateien erstellt von 2014-04-02 bis 2014-05-02 ))))))))))))))))))))))))))))))
.
.
2014-05-02 15:25 . 2014-05-02 15:25 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-05-02 15:25 . 2014-05-02 15:25 -------- d-----w- c:\users\Gast\AppData\Local\temp
2014-05-02 12:25 . 2014-05-02 12:26 -------- d-----w- C:\FRST
2014-04-30 15:03 . 2014-05-02 13:56 107736 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-04-30 15:03 . 2014-04-30 15:03 -------- d-----w- c:\program files\ Malwarebytes Anti-Malware
2014-04-30 15:03 . 2014-04-30 15:03 -------- d-----w- c:\programdata\Malwarebytes
2014-04-30 15:03 . 2014-04-03 07:51 51416 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-04-30 15:03 . 2014-04-03 07:51 73432 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-04-30 15:03 . 2014-04-03 07:50 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-04-30 14:39 . 2014-04-30 14:39 -------- d-----w- c:\programdata\AskPartnerNetwork
2014-04-30 14:39 . 2014-04-30 14:39 -------- d-----w- c:\program files\AskPartnerNetwork
2014-04-30 14:37 . 2014-04-30 15:35 69240 ----a-w- c:\windows\system32\drivers\avnetflt.sys
2014-04-30 14:37 . 2014-04-30 15:35 90400 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2014-04-30 14:37 . 2014-04-30 15:35 135648 ----a-w- c:\windows\system32\drivers\avipbb.sys
2014-04-30 14:37 . 2013-10-31 17:25 37352 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2014-04-30 14:37 . 2014-04-30 14:37 -------- d-----w- c:\programdata\Avira
2014-04-30 14:37 . 2014-04-30 14:37 -------- d-----w- c:\program files\Avira
2014-04-30 14:12 . 2014-04-30 14:58 -------- d-----w- c:\program files\Unlocker
2014-04-30 13:42 . 2014-04-30 13:42 -------- d-----w- c:\users\goekky\AppData\Roaming\TrojanHunter
2014-04-30 12:22 . 2014-04-30 14:58 -------- d-----w- c:\program files\TrojanHunter 5.5
2014-04-30 10:26 . 2014-04-30 17:35 -------- d-----w- c:\program files\Mozilla Thunderbird
2014-04-29 15:39 . 2014-05-02 10:55 -------- d-----w- c:\users\goekky\AppData\Local\Htc
2014-04-29 15:38 . 2014-04-29 15:41 -------- d-----w- c:\users\goekky\AppData\Roaming\HTC
2014-04-29 15:35 . 2014-04-29 15:35 -------- d-----w- c:\users\goekky\AppData\Local\Downloaded Installations
2014-04-29 15:35 . 2014-04-29 15:35 -------- d-----w- c:\program files\Spirent Communications
2014-04-29 15:34 . 2014-04-29 15:38 -------- d-----w- c:\program files\HTC
2014-04-29 15:34 . 2014-04-29 15:34 -------- d-----w- c:\program files\Common Files\Adobe AIR
2014-04-29 15:34 . 2014-04-29 15:34 -------- d-----w- c:\program files\MSXML 4.0
2014-04-29 10:22 . 2014-05-01 10:10 -------- d-----w- c:\users\goekky\AppData\Roaming\Uqwu
2014-04-29 10:22 . 2014-05-01 10:05 -------- d-----w- c:\users\goekky\AppData\Roaming\Waic
2014-04-11 08:07 . 2014-04-11 08:25 -------- d-----w- C:\sn0wbreeze
2014-04-10 15:34 . 2014-04-10 15:34 -------- d-----w- c:\users\Gast\AppData\Local\Adobe
2014-04-10 15:32 . 2014-04-10 15:32 -------- d-----w- c:\users\Gast\AppData\Local\Apple Computer
2014-04-10 13:36 . 2014-04-10 13:53 -------- d-----w- c:\users\goekky\AppData\Roaming\redsn0w
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-04-28 17:34 . 2013-11-22 22:03 692400 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-04-28 17:34 . 2013-11-22 22:03 70832 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{41564952-412D-5637-4300-7A786E7484D7}]
2014-02-13 05:22 12240 ----a-w- c:\program files\AskPartnerNetwork\Toolbar\AVIRA-V7C\Passport.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{41564952-412D-5637-4300-7A786E7484D7}"= "c:\program files\AskPartnerNetwork\Toolbar\AVIRA-V7C\Passport.dll" [2014-02-13 12240]
.
[HKEY_CLASSES_ROOT\clsid\{41564952-412d-5637-4300-7a786e7484d7}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2014-02-10 20922016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-02-12 43848]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-09-28 9177632]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RtHDVBg.exe" [2010-09-28 1423904]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2010-09-17 177448]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-09 98304]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2013-05-01 421888]
"Adobe Version Cue CS2"="c:\program files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe" [2005-04-06 856064]
"PDFPrint"="c:\program files\PDF24\pdf24.exe" [2013-10-28 185896]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2014-02-21 152392]
"HTC Sync Loader"="c:\program files\HTC\HTC Sync 3.0\htcUPCTLoader.exe" [2013-09-03 659456]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2014-04-30 689744]
"ApnTBMon"="c:\program files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe" [2014-02-13 1758160]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-6-9 828704]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-10-23 172192]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [2012-12-07 23040]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl.sys [2012-03-26 18432]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2010-09-20 322848]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2013-10-31 37352]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2013-11-21 243128]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-09-14 172032]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2014-04-30 440400]
S2 AntiVirWebService;Avira Browser-Schutz;c:\program files\Avira\AntiVir Desktop\avwebg7.exe [2014-04-30 1017424]
S2 APNMCP;Ask Aktualisierungsdienst;c:\program files\AskPartnerNetwork\Toolbar\apnmcp.exe [2014-02-13 166352]
S2 avnetflt;avnetflt;c:\windows\system32\DRIVERS\avnetflt.sys [2014-04-30 69240]
S2 MBAMService;MBAMService;c:\program files\ Malwarebytes Anti-Malware \mbamservice.exe [2014-04-03 857912]
S2 PassThru Service;Internet Pass-Through Service;c:\program files\HTC\Internet Pass-Through\PassThruSvr.exe [2012-12-07 167424]
S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimssne86.sys [2013-11-21 73216]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2009-07-12 5120]
S2 VSNService;VSNService;c:\program files\Sony\VAIO Smart Network\VSNService.exe [2010-06-08 704512]
S3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [2010-09-20 294952]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-09-20 33320]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2014-04-03 23256]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2014-05-02 107736]
S3 NETwNs32;___ Intel(R) Wireless WiFi Link der Serie 5000 Adaptertreiber für Windows 7 32-Bit;c:\windows\system32\DRIVERS\NETwsn00.sys [2013-07-25 10382576]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [2007-08-03 9344]
S4 MBAMScheduler;MBAMScheduler;c:\program files\ Malwarebytes Anti-Malware \mbamscheduler.exe [2014-04-03 1809720]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - MBAMSWISSARMY
*NewlyCreated* - UXDIAPOC
*Deregistered* - MBAMWebAccessControl
*Deregistered* - uxdiapoc
.
Inhalt des "geplante Tasks" Ordners
.
2014-05-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-11-22 17:34]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://search.softonic.com/MOY00621/tb_v1?SearchSource=10&cc=&mi=7ad5822f0000000000000026c783e704
uInternet Settings,ProxyOverride = *.local
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1 192.168.2.1
FF - ProfilePath - c:\users\goekky\AppData\Roaming\Mozilla\Firefox\Profiles\uzthgxq3.default-1394789172227\
FF - prefs.js: browser.startup.homepage - hxxp://www.t-online.de/
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
FF - user.js: security.warn_entering_secure - false
FF - user.js: security.warn_entering_weak - false
FF - user.js: security.warn_leaving_secure - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
WebBrowser-{41564952-412D-5637-00A7-7A786E7484D7} - (no file)
HKCU-Run-uwzyo.exe - c:\users\goekky\AppData\Roaming\Uqwu\uwzyo.exe
HKLM-Run-UnlockerAssistant - c:\program files\Unlocker\UnlockerAssistant.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(6456)
c:\program files\WIDCOMM\Bluetooth Software\btmmhook.dll
.
Zeit der Fertigstellung: 2014-05-02 17:32:29
ComboFix-quarantined-files.txt 2014-05-02 15:32
.
Vor Suchlauf: 16 Verzeichnis(se), 108.148.228.096 Bytes frei
Nach Suchlauf: 20 Verzeichnis(se), 152.544.468.992 Bytes frei
.
- - End Of File - - AFCCAFDC650AF37025E23AE666BC39C7
A36C5E4F47E84449FF07ED3517B43A31
|
|
02.05.2014, 16:44
| #4 |
| /// TB-Ausbilder | Kann Antivir nach Trojanerangriff nicht mehr öffnen. Schritt 1 Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter start
HKLM Group Policy restriction on software: C:\Program Files\Avira <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Avira <====== ATTENTION
HKU\S-1-5-21-1423429963-998173470-4169035595-1000\...\Run: [uwzyo.exe] => C:\Users\goekky\AppData\Roaming\Uqwu\uwzyo.exe
C:\Users\goekky\AppData\Roaming\Uqwu
C:\Users\goekky\AppData\Roaming\Waic
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.softonic.com/MOY00621/tb_v1?SearchSource=10&cc=&mi=7ad5822f0000000000000026c783e704
SearchScopes: HKCU - DefaultScope {E66DAE83-E74F-4BA0-AAA7-E7049BF56EFF} URL = hxxp://search.softonic.com/MOY00621/tb_v1?q={searchTerms}&SearchSource=4&cc=&mi=7ad5822f0000000000000026c783e704&r=647
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {E66DAE83-E74F-4BA0-AAA7-E7049BF56EFF} URL = hxxp://search.softonic.com/MOY00621/tb_v1?q={searchTerms}&SearchSource=4&cc=&mi=7ad5822f0000000000000026c783e704&r=647
Toolbar: HKCU - No Name - {41564952-412D-5637-00A7-7A786E7484D7} - No File
end
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Schritt 2 Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Schritt 3 Bitte lade dir zoek.exe von hier: http://hijackthis.nl/smeenk/
Schritt 4 Kontrollscan mit FRST Führe wie zuvor beschrieben einen Scan mit FRST aus. Setze dazu einen Haken bei Addition.txt rechts unten und klicke auf Scan. Es werden zwei Logdateien erzeugt. Poste mir diese. Bitte poste mit deiner nächsten Antwort
|
|
03.05.2014, 10:46
| #5 |
| | Kann Antivir nach Trojanerangriff nicht mehr öffnen. Danke. Läuft schon mal gut. Danke.  AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v3.205 - Bericht erstellt am 03/05/2014 um 10:38:00
# Aktualisiert 28/04/2014 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (32 bits)
# Benutzername : goekky - GOEKKY-PC
# Gestartet von : C:\Users\goekky\Desktop\adwcleaner.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\Program Files\GreenTree Applications
Ordner Gelöscht : C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\pe71j7l3.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
Datei Gelöscht : C:\Users\goekky\AppData\Roaming\Mozilla\Firefox\Profiles\uzthgxq3.default-1394789172227\user.js
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{7ABBFE1C-E485-44AA-8F36-353751B4124D}
Schlüssel Gelöscht : HKLM\Software\Driver-Soft
***** [ Browser ] *****
-\\ Internet Explorer v8.0.7601.17514
-\\ Mozilla Firefox v28.0 (de)
[ Datei : C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\pe71j7l3.default\prefs.js ]
[ Datei : C:\Users\goekky\AppData\Roaming\Mozilla\Firefox\Profiles\uzthgxq3.default-1394789172227\prefs.js ]
*************************
AdwCleaner[R0].txt - [1649 octets] - [03/05/2014 10:36:37]
AdwCleaner[S0].txt - [1570 octets] - [03/05/2014 10:38:00]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1630 octets] ##########
[/CODE] Code:
ATTFilter Zoek.exe v5.0.0.0 Updated 14-April-2014
Tool run by goekky on 03.05.2014 at 11:02:05,34.
Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\goekky\AppData\Local\Temp\Rar$DIa0.484\zoek.com [Scan all users] [Script inserted]
==== System Restore Info ======================
03.05.2014 11:03:31 Zoek.exe System Restore Point Created Succesfully.
==== Deleting CLSID Registry Keys ======================
HKEY_CLASSES_ROOT\CLSID\{41564952-412D-5637-4300-7A786E7484D7} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{41564952-412D-5637-4300-7A786E7484D7} deleted successfully
==== Deleting CLSID Registry Values ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{41564952-412D-5637-4300-7A786E7484D7} deleted successfully
==== Deleting Services ======================
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\APNMCP deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\APNMCP deleted successfully
==== FireFox Fix ======================
Deleted from C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\pe71j7l3.default\prefs.js:
user_pref("browser.startup.homepage", "www.google.de");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
Added to C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\pe71j7l3.default\prefs.js:
user_pref("browser.startup.homepage", "hxxp://www.google.com");
user_pref("browser.search.defaulturl", "hxxp://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "hxxp://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "hxxp://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);
Deleted from C:\Users\goekky\AppData\Roaming\Mozilla\Firefox\Profiles\uzthgxq3.default-1394789172227\prefs.js:
user_pref("browser.startup.homepage", "hxxp://www.t-online.de/");
Added to C:\Users\goekky\AppData\Roaming\Mozilla\Firefox\Profiles\uzthgxq3.default-1394789172227\prefs.js:
user_pref("browser.startup.homepage", "hxxp://www.google.com");
user_pref("browser.search.defaulturl", "hxxp://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "hxxp://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "hxxp://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);
Deleted from C:\Users\goekky\AppData\Roaming\Thunderbird\Profiles\myk9di8e.default\prefs.js:
Added to C:\Users\goekky\AppData\Roaming\Thunderbird\Profiles\myk9di8e.default\prefs.js:
user_pref("browser.startup.homepage", "hxxp://www.google.com");
user_pref("browser.search.defaulturl", "hxxp://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "hxxp://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "hxxp://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);
==== Deleting Files \ Folders ======================
C:\PROGRA~2\AskPartnerNetwork deleted
C:\PROGRA~2\APN deleted
"C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe" deleted
"C:\Program Files\AskPartnerNetwork" deleted
"C:\Program Files\AskPartnerNetwork\Toolbar" deleted
"C:\Program Files\AskPartnerNetwork\Toolbar\Updater" deleted
==== Firefox Extensions ======================
AppDir: C:\Program Files\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
==== Firefox Plugins ======================
Profilepath: C:\Users\goekky\AppData\Roaming\Mozilla\Firefox\Profiles\uzthgxq3.default-1394789172227
9FD6A1990289B9290563CA069CB74EF9 - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_206.dll - Shockwave Flash
49CFBB2130C682FFDF2CEBEE9A2D556E - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll - iTunes Application Detector
AC987EE8037531807C5D7E6217A23501 - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll - Adobe Acrobat
EB41064BC07017F5694CF16B4DEF6B10 - C:\Program Files\Adobe\Reader 11.0\Reader\browser\nppdf32.dll - Adobe Acrobat
871C7A4B3466ED1B1D1D7588D14EC816 - C:\Program Files\QuickTime\Plugins\npqtplugin5.dll - QuickTime Plug-in 7.7.4
53B55AB0CF4872F9C420D78D92C1033B - C:\Program Files\QuickTime\Plugins\npqtplugin4.dll - QuickTime Plug-in 7.7.4
3A6EBB668DB997B1874981F153403B46 - C:\Program Files\QuickTime\Plugins\npqtplugin3.dll - QuickTime Plug-in 7.7.4
0805C33F24F45B11EE2CFCCD8F9C6693 - C:\Program Files\QuickTime\Plugins\npqtplugin2.dll - QuickTime Plug-in 7.7.4
5F63DC3C36366FF4A90AEAA334509BE8 - C:\Program Files\QuickTime\Plugins\npqtplugin.dll - QuickTime Plug-in 7.7.4
F045DF7AF127DC4BCC53421850114E15 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll - Silverlight Plug-In
7D28153B7D586330678AD522B71D89CB - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrlui.dll - Microsoft® Silverlight
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"
==== Reset Google Chrome ======================
Nothing found to reset
==== Empty IE Cache ======================
C:\Users\Gast\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\goekky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\goekky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EOZ088F6 will be deleted at reboot
C:\Users\goekky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
==== Empty FireFox Cache ======================
C:\Users\Gast\AppData\Local\Mozilla\Firefox\Profiles\pe71j7l3.default\Cache emptied successfully
C:\Users\goekky\AppData\Local\Mozilla\Firefox\Profiles\uzthgxq3.default-1394789172227\Cache emptied successfully
==== Empty Chrome Cache ======================
No Chrome User Data found
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
No Java Cache Found
==== C:\zoek_backup content ======================
C:\zoek_backup (files=50 folders=36 13718357 bytes)
==== Empty Temp Folders ======================
C:\Users\Default\AppData\Local\temp emptied successfully
C:\Users\Default User\AppData\Local\temp emptied successfully
C:\Users\Gast\AppData\Local\temp emptied successfully
C:\Users\goekky\AppData\Local\Temp will be emptied at reboot
C:\Users\Public\AppData\Local\temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\goekky\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== Deleting Files / Folders ======================
"C:\Users\goekky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found
"C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found
"C:\Users\goekky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EOZ088F6" not found
==== EOF on 03.05.2014 at 11:20:29,83 ======================
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:01-05-2014
Ran by goekky (administrator) on GOEKKY-PC on 03-05-2014 11:23:40
Running from C:\Users\goekky\Desktop
Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
() C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
() C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\Apoint.exe
(Adobe Sytems Incorporated) C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
(Geek Software GmbH) C:\Program Files\PDF24\pdf24.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
() C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApMsgFwd.exe
(ALPS) C:\Program Files\Apoint\Apvfb.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApntEx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avwebg7.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [9177632 2010-09-28] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe [1423904 2010-09-28] (Realtek Semiconductor)
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint\Apoint.exe [177448 2010-09-17] (Alps Electric Co., Ltd.)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-02-09] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [Adobe Version Cue CS2] => c:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe [856064 2005-04-06] (Adobe Sytems Incorporated)
HKLM\...\Run: [PDFPrint] => C:\Program Files\PDF24\pdf24.exe [185896 2013-10-28] (Geek Software GmbH)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM\...\Run: [HTC Sync Loader] => C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe [659456 2013-09-03] ()
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [689744 2014-04-30] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [ApnTBMon] => "C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe"
HKU\S-1-5-21-1423429963-998173470-4169035595-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [20922016 2014-02-10] (Skype Technologies S.A.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\goekky\AppData\Roaming\Mozilla\Firefox\Profiles\uzthgxq3.default-1394789172227
FF NewTab: hxxp://www.google.com/
FF SearchEngineOrder.1: Google
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.google.com
FF Keyword.URL: hxxp://www.google.com/search?btnG=Google+Search&q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_206.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
========================== Services (Whitelisted) =================
R2 Adobe Version Cue CS2; c:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe [163840 2005-04-06] (Adobe Systems Incorporated)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440400 2014-04-30] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440400 2014-04-30] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\avwebg7.exe [1017424 2014-04-30] (Avira Operations GmbH & Co. KG)
S4 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)
R2 PassThru Service; C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] ()
R2 VSNService; C:\Program Files\Sony\VAIO Smart Network\VSNService.exe [704512 2010-06-08] (Sony Corporation)
==================== Drivers (Whitelisted) ====================
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [90400 2014-04-30] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135648 2014-04-30] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-10-31] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [69240 2014-04-30] (Avira Operations GmbH & Co. KG)
R3 btwampfl; C:\Windows\System32\drivers\btwampfl.sys [294952 2010-09-20] (Broadcom Corporation.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [243128 2013-11-21] (Disc Soft Ltd)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-04-03] (Malwarebytes Corporation)
R3 NETwNs32; C:\Windows\System32\DRIVERS\NETwsn00.sys [10382576 2013-07-25] (Intel Corporation)
R2 rimspci; C:\Windows\System32\DRIVERS\rimssne86.sys [73216 2013-11-21] (REDC)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-10-31] (Avira GmbH)
S3 catchme; \??\C:\Users\goekky\AppData\Local\Temp\catchme.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-05-03 11:20 - 2014-05-03 11:20 - 00009897 _____ () C:\Users\goekky\Desktop\zoek-results.txt
2014-05-03 11:17 - 2014-02-13 23:59 - 00024064 _____ () C:\Windows\zoek-delete.exe
2014-05-03 11:03 - 2014-05-03 11:20 - 00009897 _____ () C:\zoek-results.log
2014-05-03 11:02 - 2014-05-03 11:14 - 00000000 ____D () C:\zoek_backup
2014-05-03 10:44 - 2014-05-03 10:44 - 00000000 ____D () C:\Users\goekky\AppData\Roaming\Avira
2014-05-03 10:41 - 2014-05-03 10:42 - 01277920 _____ () C:\Users\goekky\Desktop\zoek.exe
2014-05-03 10:40 - 2014-05-03 10:40 - 00001710 _____ () C:\Users\goekky\Desktop\AdwCleaner[S0].txt
2014-05-03 10:36 - 2014-05-03 10:38 - 00000000 ____D () C:\AdwCleaner
2014-05-03 10:32 - 2014-05-03 10:32 - 01310621 _____ () C:\Users\goekky\Desktop\adwcleaner.exe
2014-05-02 17:32 - 2014-05-02 17:32 - 00011502 _____ () C:\ComboFix.txt
2014-05-02 17:16 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-05-02 17:16 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-05-02 17:16 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-05-02 17:16 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-05-02 17:16 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-05-02 17:16 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-05-02 17:16 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-05-02 17:16 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-05-02 17:15 - 2014-05-02 17:32 - 00000000 ____D () C:\Qoobox
2014-05-02 17:15 - 2014-05-02 17:29 - 00000000 ____D () C:\Windows\erdnt
2014-05-02 17:14 - 2014-05-02 17:14 - 05197895 ____R (Swearware) C:\Users\goekky\Desktop\ComboFix.exe
2014-05-02 16:02 - 2014-05-02 16:02 - 00006578 _____ () C:\Users\goekky\Desktop\mbam.txt
2014-05-02 15:02 - 2014-05-02 15:02 - 00032991 _____ () C:\Users\goekky\Desktop\Gmer.txt
2014-05-02 14:33 - 2014-05-02 14:33 - 00380416 _____ () C:\Users\goekky\Downloads\Gmer-19357.exe
2014-05-02 14:25 - 2014-05-03 11:24 - 00009879 _____ () C:\Users\goekky\Desktop\FRST.txt
2014-05-02 14:25 - 2014-05-03 11:23 - 00000000 ____D () C:\FRST
2014-05-02 14:25 - 2014-05-02 14:26 - 00019881 _____ () C:\Users\goekky\Desktop\Addition.txt
2014-05-02 14:24 - 2014-05-02 14:24 - 01050624 _____ (Farbar) C:\Users\goekky\Desktop\FRST.exe
2014-05-02 14:23 - 2014-05-02 14:23 - 00000544 _____ () C:\Users\goekky\Desktop\defogger_disable.log
2014-05-02 14:23 - 2014-05-02 14:23 - 00000156 _____ () C:\Users\goekky\defogger_reenable
2014-05-02 14:19 - 2014-05-02 14:19 - 00050477 _____ () C:\Users\goekky\Downloads\Defogger.exe
2014-05-02 08:25 - 2014-05-02 08:25 - 00002544 _____ () C:\Windows\diagwrn.xml
2014-05-02 08:25 - 2014-05-02 08:25 - 00001890 _____ () C:\Windows\diagerr.xml
2014-05-01 12:52 - 2014-05-01 12:52 - 00143400 _____ () C:\Windows\Minidump\050114-20685-01.dmp
2014-04-30 17:03 - 2014-05-02 15:56 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-30 17:03 - 2014-04-30 17:03 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-30 17:03 - 2014-04-30 17:03 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware
2014-04-30 17:03 - 2014-04-03 09:51 - 00073432 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-30 17:03 - 2014-04-03 09:51 - 00051416 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-30 17:03 - 2014-04-03 09:50 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-30 17:01 - 2014-04-30 17:03 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\goekky\Downloads\mbam-setup-2.0.1.1004.exe
2014-04-30 16:37 - 2014-04-30 17:35 - 00135648 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-04-30 16:37 - 2014-04-30 17:35 - 00090400 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-04-30 16:37 - 2014-04-30 17:35 - 00069240 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-04-30 16:37 - 2014-04-30 16:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-04-30 16:37 - 2014-04-30 16:37 - 00000000 ____D () C:\ProgramData\Avira
2014-04-30 16:37 - 2014-04-30 16:37 - 00000000 ____D () C:\Program Files\Avira
2014-04-30 16:37 - 2013-10-31 19:25 - 00037352 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-04-30 16:37 - 2013-10-31 19:25 - 00028520 _____ (Avira GmbH) C:\Windows\system32\Drivers\ssmdrv.sys
2014-04-30 16:21 - 2014-04-30 16:21 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-04-30 16:12 - 2014-04-30 16:58 - 00000000 ____D () C:\Program Files\Unlocker
2014-04-30 15:42 - 2014-04-30 15:42 - 00000000 ____D () C:\Users\goekky\AppData\Roaming\TrojanHunter
2014-04-30 14:22 - 2014-04-30 16:58 - 00000000 ____D () C:\Program Files\TrojanHunter 5.5
2014-04-30 14:22 - 2014-04-30 14:22 - 05843488 _____ (Mischel Internet Security ) C:\Users\goekky\Downloads\TrojanHunterSetup_5.5_Build_1003.exe
2014-04-30 14:22 - 2014-04-30 14:22 - 00059392 ____R () C:\Windows\system32\streamhlp.dll
2014-04-30 12:26 - 2014-04-30 19:35 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2014-04-29 17:41 - 2014-04-29 17:41 - 00000000 ____D () C:\Users\goekky\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
2014-04-29 17:39 - 2014-05-03 11:20 - 00000000 ____D () C:\Users\goekky\AppData\Local\Htc
2014-04-29 17:38 - 2014-04-29 17:41 - 00000000 ____D () C:\Users\goekky\AppData\Roaming\HTC
2014-04-29 17:38 - 2014-04-29 17:38 - 00001077 _____ () C:\Users\Public\Desktop\HTC Sync.lnk
2014-04-29 17:38 - 2014-04-29 17:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HTC Sync
2014-04-29 17:35 - 2014-04-29 17:35 - 00000000 ____D () C:\Users\goekky\AppData\Local\Downloaded Installations
2014-04-29 17:35 - 2014-04-29 17:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HTC
2014-04-29 17:35 - 2014-04-29 17:35 - 00000000 ____D () C:\Program Files\Spirent Communications
2014-04-29 17:34 - 2014-04-29 17:38 - 00000000 ____D () C:\Program Files\HTC
2014-04-29 17:34 - 2014-04-29 17:34 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia
2014-04-29 17:34 - 2014-04-29 17:34 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia
2014-04-29 17:34 - 2014-04-29 17:34 - 00000000 ____D () C:\Program Files\MSXML 4.0
2014-04-29 17:34 - 2014-04-29 17:34 - 00000000 ____D () C:\Program Files\Common Files\Adobe AIR
2014-04-29 17:31 - 2014-04-29 17:33 - 165708080 _____ (HTC Corporation ) C:\Users\goekky\Downloads\setup_3.3.63.exe
2014-04-22 19:51 - 2014-04-22 19:51 - 00208736 _____ () C:\Windows\Minidump\042214-18096-01.dmp
2014-04-11 10:07 - 2014-04-11 10:25 - 00000000 ____D () C:\sn0wbreeze
2014-04-10 17:34 - 2014-04-10 17:34 - 00000000 ____D () C:\Users\Gast\AppData\Roaming\Adobe
2014-04-10 17:34 - 2014-04-10 17:34 - 00000000 ____D () C:\Users\Gast\AppData\Local\Adobe
2014-04-10 17:32 - 2014-04-10 17:32 - 00000000 ____D () C:\Users\Gast\AppData\Local\Apple Computer
2014-04-10 15:36 - 2014-04-10 15:53 - 00000000 ____D () C:\Users\goekky\AppData\Roaming\redsn0w
==================== One Month Modified Files and Folders =======
2014-05-03 11:24 - 2014-05-02 14:25 - 00009879 _____ () C:\Users\goekky\Desktop\FRST.txt
2014-05-03 11:23 - 2014-05-02 14:25 - 00000000 ____D () C:\FRST
2014-05-03 11:23 - 2013-11-20 22:11 - 00909907 _____ () C:\Windows\WindowsUpdate.log
2014-05-03 11:21 - 2013-12-11 21:33 - 00000000 ____D () C:\Users\goekky\AppData\Roaming\Skype
2014-05-03 11:20 - 2014-05-03 11:20 - 00009897 _____ () C:\Users\goekky\Desktop\zoek-results.txt
2014-05-03 11:20 - 2014-05-03 11:03 - 00009897 _____ () C:\zoek-results.log
2014-05-03 11:20 - 2014-04-29 17:39 - 00000000 ____D () C:\Users\goekky\AppData\Local\Htc
2014-05-03 11:20 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-03 11:20 - 2009-07-14 06:39 - 00001309 _____ () C:\Windows\setupact.log
2014-05-03 11:19 - 2010-11-20 23:48 - 00223034 _____ () C:\Windows\PFRO.log
2014-05-03 11:14 - 2014-05-03 11:02 - 00000000 ____D () C:\zoek_backup
2014-05-03 10:46 - 2009-07-14 06:34 - 00021696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-03 10:46 - 2009-07-14 06:34 - 00021696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-03 10:44 - 2014-05-03 10:44 - 00000000 ____D () C:\Users\goekky\AppData\Roaming\Avira
2014-05-03 10:43 - 2010-11-20 23:01 - 01480602 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-03 10:42 - 2014-05-03 10:41 - 01277920 _____ () C:\Users\goekky\Desktop\zoek.exe
2014-05-03 10:40 - 2014-05-03 10:40 - 00001710 _____ () C:\Users\goekky\Desktop\AdwCleaner[S0].txt
2014-05-03 10:38 - 2014-05-03 10:36 - 00000000 ____D () C:\AdwCleaner
2014-05-03 10:32 - 2014-05-03 10:32 - 01310621 _____ () C:\Users\goekky\Desktop\adwcleaner.exe
2014-05-03 10:29 - 2014-01-21 18:48 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-02 17:32 - 2014-05-02 17:32 - 00011502 _____ () C:\ComboFix.txt
2014-05-02 17:32 - 2014-05-02 17:15 - 00000000 ____D () C:\Qoobox
2014-05-02 17:32 - 2009-07-14 04:37 - 00000000 __RHD () C:\Users\Default
2014-05-02 17:32 - 2009-07-14 04:37 - 00000000 ___RD () C:\Users\Public
2014-05-02 17:29 - 2014-05-02 17:15 - 00000000 ____D () C:\Windows\erdnt
2014-05-02 17:25 - 2009-07-14 04:04 - 00000215 _____ () C:\Windows\system.ini
2014-05-02 17:14 - 2014-05-02 17:14 - 05197895 ____R (Swearware) C:\Users\goekky\Desktop\ComboFix.exe
2014-05-02 16:02 - 2014-05-02 16:02 - 00006578 _____ () C:\Users\goekky\Desktop\mbam.txt
2014-05-02 15:56 - 2014-04-30 17:03 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-02 15:02 - 2014-05-02 15:02 - 00032991 _____ () C:\Users\goekky\Desktop\Gmer.txt
2014-05-02 14:33 - 2014-05-02 14:33 - 00380416 _____ () C:\Users\goekky\Downloads\Gmer-19357.exe
2014-05-02 14:26 - 2014-05-02 14:25 - 00019881 _____ () C:\Users\goekky\Desktop\Addition.txt
2014-05-02 14:24 - 2014-05-02 14:24 - 01050624 _____ (Farbar) C:\Users\goekky\Desktop\FRST.exe
2014-05-02 14:23 - 2014-05-02 14:23 - 00000544 _____ () C:\Users\goekky\Desktop\defogger_disable.log
2014-05-02 14:23 - 2014-05-02 14:23 - 00000156 _____ () C:\Users\goekky\defogger_reenable
2014-05-02 14:23 - 2013-11-20 22:16 - 00000000 ____D () C:\Users\goekky
2014-05-02 14:19 - 2014-05-02 14:19 - 00050477 _____ () C:\Users\goekky\Downloads\Defogger.exe
2014-05-02 13:53 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\LogFiles
2014-05-02 13:03 - 2013-11-20 23:38 - 00000000 ____D () C:\Users\goekky\Desktop\Brotbestellung
2014-05-02 08:25 - 2014-05-02 08:25 - 00002544 _____ () C:\Windows\diagwrn.xml
2014-05-02 08:25 - 2014-05-02 08:25 - 00001890 _____ () C:\Windows\diagerr.xml
2014-05-02 08:25 - 2009-07-14 06:39 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-01 20:34 - 2013-11-20 23:38 - 00000000 ____D () C:\Users\goekky\Desktop\Buchhaltung
2014-05-01 12:52 - 2014-05-01 12:52 - 00143400 _____ () C:\Windows\Minidump\050114-20685-01.dmp
2014-05-01 12:52 - 2013-11-30 17:28 - 291483818 _____ () C:\Windows\MEMORY.DMP
2014-05-01 12:52 - 2013-11-30 17:28 - 00000000 ____D () C:\Windows\Minidump
2014-05-01 12:52 - 2013-11-26 13:04 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-04-30 19:35 - 2014-04-30 12:26 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2014-04-30 17:35 - 2014-04-30 16:37 - 00135648 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-04-30 17:35 - 2014-04-30 16:37 - 00090400 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-04-30 17:35 - 2014-04-30 16:37 - 00069240 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-04-30 17:03 - 2014-04-30 17:03 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-30 17:03 - 2014-04-30 17:03 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware
2014-04-30 17:03 - 2014-04-30 17:01 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\goekky\Downloads\mbam-setup-2.0.1.1004.exe
2014-04-30 16:58 - 2014-04-30 16:12 - 00000000 ____D () C:\Program Files\Unlocker
2014-04-30 16:58 - 2014-04-30 14:22 - 00000000 ____D () C:\Program Files\TrojanHunter 5.5
2014-04-30 16:37 - 2014-04-30 16:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-04-30 16:37 - 2014-04-30 16:37 - 00000000 ____D () C:\ProgramData\Avira
2014-04-30 16:37 - 2014-04-30 16:37 - 00000000 ____D () C:\Program Files\Avira
2014-04-30 16:31 - 2013-12-05 17:51 - 00000000 _____ () C:\Windows\Explorer.EXE.Z-missing.txt
2014-04-30 16:21 - 2014-04-30 16:21 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-04-30 15:42 - 2014-04-30 15:42 - 00000000 ____D () C:\Users\goekky\AppData\Roaming\TrojanHunter
2014-04-30 15:40 - 2014-01-28 15:42 - 00000000 ____D () C:\Program Files\WinRAR
2014-04-30 14:22 - 2014-04-30 14:22 - 05843488 _____ (Mischel Internet Security ) C:\Users\goekky\Downloads\TrojanHunterSetup_5.5_Build_1003.exe
2014-04-30 14:22 - 2014-04-30 14:22 - 00059392 ____R () C:\Windows\system32\streamhlp.dll
2014-04-29 18:05 - 2013-11-21 11:57 - 00000000 ____D () C:\Users\goekky\Documents\Bluetooth-Exchange-Ordner
2014-04-29 17:41 - 2014-04-29 17:41 - 00000000 ____D () C:\Users\goekky\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
2014-04-29 17:41 - 2014-04-29 17:38 - 00000000 ____D () C:\Users\goekky\AppData\Roaming\HTC
2014-04-29 17:38 - 2014-04-29 17:38 - 00001077 _____ () C:\Users\Public\Desktop\HTC Sync.lnk
2014-04-29 17:38 - 2014-04-29 17:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HTC Sync
2014-04-29 17:38 - 2014-04-29 17:34 - 00000000 ____D () C:\Program Files\HTC
2014-04-29 17:35 - 2014-04-29 17:35 - 00000000 ____D () C:\Users\goekky\AppData\Local\Downloaded Installations
2014-04-29 17:35 - 2014-04-29 17:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HTC
2014-04-29 17:35 - 2014-04-29 17:35 - 00000000 ____D () C:\Program Files\Spirent Communications
2014-04-29 17:35 - 2013-11-21 13:09 - 00025136 _____ () C:\Windows\DPINST.LOG
2014-04-29 17:34 - 2014-04-29 17:34 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia
2014-04-29 17:34 - 2014-04-29 17:34 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia
2014-04-29 17:34 - 2014-04-29 17:34 - 00000000 ____D () C:\Program Files\MSXML 4.0
2014-04-29 17:34 - 2014-04-29 17:34 - 00000000 ____D () C:\Program Files\Common Files\Adobe AIR
2014-04-29 17:34 - 2013-11-22 23:33 - 00000000 ____D () C:\Users\goekky\AppData\Roaming\Adobe
2014-04-29 17:34 - 2013-11-22 23:32 - 00000000 ____D () C:\Program Files\Adobe
2014-04-29 17:34 - 2013-11-22 23:31 - 00000000 ____D () C:\ProgramData\Adobe
2014-04-29 17:34 - 2013-11-22 23:30 - 00000000 ____D () C:\Users\goekky\AppData\Local\Adobe
2014-04-29 17:33 - 2014-04-29 17:31 - 165708080 _____ (HTC Corporation ) C:\Users\goekky\Downloads\setup_3.3.63.exe
2014-04-28 19:34 - 2013-11-23 00:03 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-04-28 19:34 - 2013-11-23 00:03 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-04-22 19:51 - 2014-04-22 19:51 - 00208736 _____ () C:\Windows\Minidump\042214-18096-01.dmp
2014-04-22 17:01 - 2013-11-20 23:42 - 00010718 _____ () C:\Users\goekky\Desktop\Geschäftsverlauf.xlsx
2014-04-16 17:03 - 2013-11-20 23:42 - 00011039 _____ () C:\Users\goekky\Desktop\ausgabenliste.xlsx
2014-04-15 12:57 - 2013-11-20 23:39 - 00000000 ____D () C:\Users\goekky\Desktop\Milch & Honig
2014-04-11 10:25 - 2014-04-11 10:07 - 00000000 ____D () C:\sn0wbreeze
2014-04-10 17:34 - 2014-04-10 17:34 - 00000000 ____D () C:\Users\Gast\AppData\Roaming\Adobe
2014-04-10 17:34 - 2014-04-10 17:34 - 00000000 ____D () C:\Users\Gast\AppData\Local\Adobe
2014-04-10 17:33 - 2013-12-10 16:34 - 00000000 ____D () C:\Users\Gast\AppData\Roaming\Apple Computer
2014-04-10 17:32 - 2014-04-10 17:32 - 00000000 ____D () C:\Users\Gast\AppData\Local\Apple Computer
2014-04-10 15:53 - 2014-04-10 15:36 - 00000000 ____D () C:\Users\goekky\AppData\Roaming\redsn0w
2014-04-03 09:51 - 2014-04-30 17:03 - 00073432 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-03 09:51 - 2014-04-30 17:03 - 00051416 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-03 09:50 - 2014-04-30 17:03 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
Some content of TEMP:
====================
C:\Users\goekky\AppData\Local\Temp\avgnt.exe
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-04-29 12:38
==================== End Of Log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version:01-05-2014
Ran by goekky at 2014-05-03 11:24:27
Running from C:\Users\goekky\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
2007 Microsoft Office Suite Service Pack 1 (SP1) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}) (Version: - Microsoft)
2007 Microsoft Office Suite Service Pack 1 (SP1) (Version: - Microsoft) Hidden
7-Zip 9.20 (HKLM\...\7-Zip) (Version: - )
Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.8.0.870 - Adobe Systems Incorporated)
Adobe AIR (Version: 3.8.0.870 - Adobe Systems Incorporated) Hidden
Adobe Bridge 1.0 (Version: 001.000.001 - Adobe Systems) Hidden
Adobe Common File Installer (Version: 1.00.001 - Adobe System Incorporated) Hidden
Adobe Creative Suite 2 (HKLM\...\{0134A1A1-C283-4A47-91A1-92F19F960372}) (Version: - )
Adobe Flash Player 13 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 13.0.0.206 - Adobe Systems Incorporated)
Adobe Help Center 1.0 (Version: 1.0.1 - Adobe Systems) Hidden
Adobe Illustrator CS2 (Version: 12.000.000 - Adobe Systems Inc.) Hidden
Adobe InDesign CS2 (Version: 004.000.000 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS2 (Version: 9.0 - Adobe Systems, Inc.) Hidden
Adobe Reader XI (11.0.06) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Adobe Stock Photos 1.0 (Version: 1.0.1 - Adobe Systems) Hidden
Adobe SVG Viewer 3.0 (HKLM\...\Adobe SVG Viewer) (Version: 3.0 - Adobe Systems, Inc.)
Adobe Version Cue CS2 (Version: 2.0 - Adobe Systems, Inc.) Hidden
Alps Pointing-device for VAIO (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: - ALPS ELECTRIC CO., LTD.)
Apple Application Support (HKLM\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{18D47FA1-0440-48D3-A7E0-DA09537FF471}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATI Catalyst Install Manager (HKLM\...\{2C659C60-BDF5-33B7-E136-9D1F4D7699AB}) (Version: 3.0.750.0 - ATI Technologies, Inc.)
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.3.350 - Avira)
Avira SearchFree Toolbar (HKLM\...\{41564952-412D-5637-4300-A758B70C0A03}) (Version: 12.10.3.4691 - APN, LLC)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Catalyst Control Center Core Implementation (Version: 2010.0209.16.306 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (Version: 2010.0209.16.306 - ATI) Hidden
Catalyst Control Center Graphics Full New (Version: 2010.0209.16.306 - ATI) Hidden
Catalyst Control Center Graphics Light (Version: 2010.0209.16.306 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (Version: 2010.0209.16.306 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (Version: 2010.0209.16.306 - ATI) Hidden
Catalyst Control Center InstallProxy (Version: 2010.0209.16.306 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (Version: 2010.0209.16.306 - ATI) Hidden
CCC Help Chinese Standard (Version: 2010.0209.0015.306 - ATI) Hidden
CCC Help Chinese Traditional (Version: 2010.0209.0015.306 - ATI) Hidden
CCC Help Czech (Version: 2010.0209.0015.306 - ATI) Hidden
CCC Help Danish (Version: 2010.0209.0015.306 - ATI) Hidden
CCC Help Dutch (Version: 2010.0209.0015.306 - ATI) Hidden
CCC Help English (Version: 2010.0209.0015.306 - ATI) Hidden
CCC Help Finnish (Version: 2010.0209.0015.306 - ATI) Hidden
CCC Help French (Version: 2010.0209.0015.306 - ATI) Hidden
CCC Help German (Version: 2010.0209.0015.306 - ATI) Hidden
CCC Help Greek (Version: 2010.0209.0015.306 - ATI) Hidden
CCC Help Hungarian (Version: 2010.0209.0015.306 - ATI) Hidden
CCC Help Italian (Version: 2010.0209.0015.306 - ATI) Hidden
CCC Help Japanese (Version: 2010.0209.0015.306 - ATI) Hidden
CCC Help Korean (Version: 2010.0209.0015.306 - ATI) Hidden
CCC Help Norwegian (Version: 2010.0209.0015.306 - ATI) Hidden
CCC Help Polish (Version: 2010.0209.0015.306 - ATI) Hidden
CCC Help Portuguese (Version: 2010.0209.0015.306 - ATI) Hidden
CCC Help Russian (Version: 2010.0209.0015.306 - ATI) Hidden
CCC Help Spanish (Version: 2010.0209.0015.306 - ATI) Hidden
CCC Help Swedish (Version: 2010.0209.0015.306 - ATI) Hidden
CCC Help Thai (Version: 2010.0209.0015.306 - ATI) Hidden
CCC Help Turkish (Version: 2010.0209.0015.306 - ATI) Hidden
ccc-core-static (Version: 2010.0209.16.306 - Ihr Firmenname) Hidden
ccc-utility (Version: 2010.0209.16.306 - ATI) Hidden
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 4.48.1.0347 - Disc Soft Ltd)
HTC BMP USB Driver (HKLM\...\{31A559C1-9E4D-423B-9DD3-34A6C5398752}) (Version: 1.0.5375 - HTC)
HTC Driver Installer (HKLM\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.5.0.001 - HTC Corporation)
HTC Sync (HKLM\...\{CBDAE89D-8ABD-4DC5-9309-C2C58696B371}) (Version: 3.3.63 - HTC Corporation)
IPTInstaller (HKLM\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.8 - HTC)
iTunes (HKLM\...\{2F21564D-DE05-4C6D-B21E-08B9D313FAB3}) (Version: 11.1.5.5 - Apple Inc.)
Malwarebytes Anti-Malware Version 2.0.1.1004 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
Microsoft Office Access MUI (German) 2007 (Version: 12.0.6215.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6215.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (Version: 12.0.6215.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2007 (Version: 12.0.6215.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2007 (Version: 12.0.6215.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2007 (Version: 12.0.6215.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2007 (Version: 12.0.6215.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2007 (Version: 12.0.6215.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.6215.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.6213.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6213.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (Version: 12.0.6213.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (Version: 12.0.6213.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2007 (Version: 12.0.6215.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (Version: 12.0.6215.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (Version: 12.0.6215.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20513.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 28.0 (x86 de) (HKLM\...\Mozilla Firefox 28.0 (x86 de)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 24.5.0 - Mozilla)
Mozilla Thunderbird 24.5.0 (x86 de) (HKLM\...\Mozilla Thunderbird 24.5.0 (x86 de)) (Version: 24.5.0 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
PDF24 Creator 6.0.1 (HKLM\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org)
QuickTime (HKLM\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6098 - Realtek Semiconductor Corp.)
Skype™ 6.14 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
Suite Specific (Version: 2.0.0 - Adobe Systems, Incorporated) Hidden
VAIO Smart Network (HKLM\...\{0899D75A-C2FC-42EA-A702-5B9A5F24EAD5}) (Version: 3.3.0.06080 - Sony Corporation)
Wartung Samsung CLX-3180 Series (HKLM\...\Samsung CLX-3180 Series) (Version: - Samsung Electronics Co., Ltd.)
WIDCOMM Bluetooth Software (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.5600 - Broadcom Corporation)
WinRAR 5.01 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
==================== Restore Points =========================
25-03-2014 14:05:23 Geplanter Prüfpunkt
02-04-2014 13:37:48 Geplanter Prüfpunkt
10-04-2014 07:46:58 Geplanter Prüfpunkt
19-04-2014 10:37:55 Geplanter Prüfpunkt
26-04-2014 12:42:11 Windows-Sicherung
26-04-2014 19:19:44 Windows-Sicherung
26-04-2014 20:27:36 Windows-Sicherung
26-04-2014 21:11:58 Windows-Sicherung
29-04-2014 15:38:25 Installed HTC Sync.
02-05-2014 15:16:41 ComboFix created restore point
03-05-2014 09:03:21 zoek.exe restore point
==================== Hosts content: ==========================
2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {2FA50F1F-E0E1-451F-B7B8-AED189D61953} - System32\Tasks\Launch HTC Sync Loader => C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe [2013-09-03] ()
Task: {A759D865-176A-4876-AC50-703A422AF444} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {DB376296-55DF-44FE-B189-7135FD5DD51E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-28] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Loaded Modules (whitelisted) =============
2013-11-22 12:40 - 2011-06-22 18:13 - 00024064 _____ () C:\Windows\System32\sst2cl3.dll
2013-11-22 12:40 - 2011-06-22 18:12 - 00540672 _____ () C:\Windows\system32\spool\DRIVERS\W32X86\3\sst2cdu.dll
2014-04-30 16:37 - 2013-10-31 19:25 - 00394808 _____ () C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
2005-04-06 17:52 - 2005-04-06 17:52 - 00028791 _____ () c:\Program Files\Adobe\Adobe Version Cue CS2\jre\bin\hpi.dll
2005-04-06 17:53 - 2005-04-06 17:53 - 00057453 _____ () c:\Program Files\Adobe\Adobe Version Cue CS2\jre\bin\verify.dll
2005-04-06 17:53 - 2005-04-06 17:53 - 00102515 _____ () c:\Program Files\Adobe\Adobe Version Cue CS2\jre\bin\java.dll
2005-04-06 17:53 - 2005-04-06 17:53 - 00053364 _____ () c:\Program Files\Adobe\Adobe Version Cue CS2\jre\bin\zip.dll
2005-04-06 17:53 - 2005-04-06 17:53 - 00057455 _____ () C:\Program Files\Adobe\Adobe Version Cue CS2\jre\bin\net.dll
2005-04-06 17:53 - 2005-04-06 17:53 - 00032880 _____ () C:\Program Files\Adobe\Adobe Version Cue CS2\jre\bin\nio.dll
2005-04-06 17:53 - 2005-04-06 17:53 - 00434255 _____ () c:\Program Files\Adobe\Adobe Version Cue CS2\bin\ps-rw-vc-v8_58.dll
2005-04-06 17:53 - 2005-04-06 17:53 - 01019904 _____ () c:\Program Files\Adobe\Adobe Version Cue CS2\bin\ps-vc-v8_58.dll
2014-02-12 21:58 - 2014-02-12 21:58 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 21:58 - 2014-02-12 21:58 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-04-29 17:35 - 2012-12-07 17:26 - 00167424 _____ () C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
2005-04-06 17:53 - 2005-04-06 17:53 - 03502080 _____ () c:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
2013-09-03 11:58 - 2013-09-03 11:58 - 00659456 _____ () C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe
2013-09-03 11:58 - 2013-09-03 11:58 - 00109056 _____ () C:\Program Files\HTC\HTC Sync 3.0\OutputLog.dll
2013-09-03 11:58 - 2013-09-03 11:58 - 00516599 _____ () C:\Program Files\HTC\HTC Sync 3.0\sqlite3.dll
2013-09-03 11:58 - 2013-09-03 11:58 - 00094208 _____ () C:\Program Files\HTC\HTC Sync 3.0\fdHttpd.dll
2013-09-03 11:58 - 2013-09-03 11:58 - 00405504 _____ () C:\Program Files\HTC\HTC Sync 3.0\HtcDetect.dll
2013-09-03 11:58 - 2013-09-03 11:58 - 00159744 _____ () C:\Program Files\HTC\HTC Sync 3.0\htcDisk.dll
2013-09-03 11:58 - 2013-09-03 11:58 - 00172032 _____ () C:\Program Files\HTC\HTC Sync 3.0\htcDetectLegend.dll
2013-09-03 11:58 - 2013-09-03 11:58 - 00559244 _____ () C:\Program Files\HTC\HTC Sync 3.0\sqlite3.7.dll
2013-09-03 11:58 - 2013-09-03 11:58 - 00010240 _____ () C:\Program Files\HTC\HTC Sync 3.0\ItemSyncLimit.dll
2013-09-03 11:58 - 2013-09-03 11:58 - 01515520 _____ () C:\Program Files\HTC\HTC Sync 3.0\Maps\R66Api.dll
2013-11-21 13:20 - 2013-11-21 13:20 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2014-03-19 21:23 - 2014-03-19 21:23 - 03642480 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2014-04-28 19:34 - 2014-04-28 19:34 - 16351920 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_206.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
==================== Disabled items from MSCONFIG ==============
==================== Faulty Device Manager Devices =============
Name: Marvell Yukon 88E8059 PCI-E Gigabit Ethernet Controller
Description: Marvell Yukon 88E8059 PCI-E Gigabit Ethernet Controller
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Marvell
Service: yukonw7
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (05/03/2014 11:21:51 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/03/2014 11:20:25 AM) (Source: Bonjour Service) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding 17 108.2.168.192.in-addr.arpa. PTR goekky-PC.local.
Error: (05/03/2014 11:20:25 AM) (Source: Bonjour Service) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.2.108:5353 19 108.2.168.192.in-addr.arpa. PTR goekky-PC-2.local.
Error: (05/03/2014 10:40:52 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/03/2014 10:39:24 AM) (Source: Bonjour Service) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding 17 108.2.168.192.in-addr.arpa. PTR goekky-PC.local.
Error: (05/03/2014 10:39:24 AM) (Source: Bonjour Service) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.2.108:5353 19 108.2.168.192.in-addr.arpa. PTR goekky-PC-2.local.
Error: (05/02/2014 00:56:29 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/02/2014 00:55:20 PM) (Source: Bonjour Service) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding 17 108.2.168.192.in-addr.arpa. PTR goekky-PC.local.
Error: (05/02/2014 00:55:20 PM) (Source: Bonjour Service) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.2.108:5353 19 108.2.168.192.in-addr.arpa. PTR goekky-PC-2.local.
Error: (05/02/2014 11:47:25 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
System errors:
=============
Error: (05/03/2014 11:14:23 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error: (05/03/2014 11:14:22 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error: (05/03/2014 11:14:22 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error: (05/03/2014 11:14:21 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error: (05/03/2014 11:14:20 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error: (05/03/2014 11:14:19 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error: (05/03/2014 11:14:19 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error: (05/03/2014 11:14:18 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error: (05/03/2014 11:14:17 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error: (05/03/2014 11:14:16 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Microsoft Office Sessions:
=========================
==================== Memory info ===========================
Percentage of memory in use: 37%
Total physical RAM: 3566.11 MB
Available physical RAM: 2215.71 MB
Total Pagefile: 7130.5 MB
Available Pagefile: 5386.54 MB
Total Virtual: 2047.88 MB
Available Virtual: 1917.85 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:200.34 GB) (Free:141.78 GB) NTFS
Drive d: () (Fixed) (Total:97.66 GB) (Free:96.03 GB) NTFS
Drive e: (GSP1RMCPRFREO_DE_DVD) (CDROM) (Total:2.34 GB) (Free:0 GB) UDF
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 9788BCBB)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=200 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=98 GB) - (Type=07 NTFS)
==================== End Of Log ============================
|
|
03.05.2014, 11:51
| #6 |
| /// TB-Ausbilder | Kann Antivir nach Trojanerangriff nicht mehr öffnen. Es fehlt die Logdatei des FRST-Fix (Schritt 1), bitte nachreichen.  |
|
03.05.2014, 13:08
| #7 |
| | Kann Antivir nach Trojanerangriff nicht mehr öffnen.Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:01-05-2014
Ran by goekky at 2014-05-03 10:27:40 Run:1
Running from C:\Users\goekky\Desktop
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
start
HKLM Group Policy restriction on software: C:\Program Files\Avira <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Avira <====== ATTENTION
HKU\S-1-5-21-1423429963-998173470-4169035595-1000\...\Run: [uwzyo.exe] => C:\Users\goekky\AppData\Roaming\Uqwu\uwzyo.exe
C:\Users\goekky\AppData\Roaming\Uqwu
C:\Users\goekky\AppData\Roaming\Waic
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.softonic.com/MOY00621/tb_v1?SearchSource=10&cc=&mi=7ad5822f0000000000000026c783e704
SearchScopes: HKCU - DefaultScope {E66DAE83-E74F-4BA0-AAA7-E7049BF56EFF} URL = hxxp://search.softonic.com/MOY00621/tb_v1?q={searchTerms}&SearchSource=4&cc=&mi=7ad5822f0000000000000026c783e704&r=647
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {E66DAE83-E74F-4BA0-AAA7-E7049BF56EFF} URL = hxxp://search.softonic.com/MOY00621/tb_v1?q={searchTerms}&SearchSource=4&cc=&mi=7ad5822f0000000000000026c783e704&r=647
Toolbar: HKCU - No Name - {41564952-412D-5637-00A7-7A786E7484D7} - No File
end
*****************
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKU\S-1-5-21-1423429963-998173470-4169035595-1000\Software\Microsoft\Windows\CurrentVersion\Run\\uwzyo.exe => Value not found.
C:\Users\goekky\AppData\Roaming\Uqwu => Moved successfully.
C:\Users\goekky\AppData\Roaming\Waic => Moved successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E66DAE83-E74F-4BA0-AAA7-E7049BF56EFF} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{E66DAE83-E74F-4BA0-AAA7-E7049BF56EFF} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{41564952-412D-5637-00A7-7A786E7484D7} => Value not found.
HKCR\CLSID\{41564952-412D-5637-00A7-7A786E7484D7} => Key not found.
==== End of Fixlog ====
|
|
03.05.2014, 13:11
| #8 |
| /// TB-Ausbilder | Kann Antivir nach Trojanerangriff nicht mehr öffnen. Wir kontrollieren nochmal alles. ESET kann länger (> 2 h) dauern. Im Anschluss daran räumen wir auf und ich gebe dir noch ein paar Tipps mit auf den Weg. Schritt 1 ESET Online Scanner
Schritt 2 Downloade Dir bitte  SecurityCheck und:
Bitte poste mit deiner nächsten Antwort
|
|
03.05.2014, 14:32
| #9 |
| | Kann Antivir nach Trojanerangriff nicht mehr öffnen. Code:
ATTFilter Results of screen317's Security Check version 0.99.82
Windows 7 Service Pack 1 x86 (UAC is disabled!)
``````````````Antivirus/Firewall Check:``````````````
Avira Desktop
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
Adobe Flash Player 13.0.0.206
Adobe Reader XI
Mozilla Firefox (28.0)
Mozilla Thunderbird (24.5.0)
````````Process Check: objlist.exe by Laurent````````
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````
Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=d4d911a03251214ea8a4e235dd33fb10
# engine=18123
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-05-03 01:05:55
# local_time=2014-05-03 03:05:55 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 95 16870 15885637 9630 0
# compatibility_mode=5893 16776574 66 85 95715357 150753546 0 0
# scanned=90176
# found=0
# cleaned=0
# scan_time=2114
|
|
03.05.2014, 15:15
| #10 |
| /// TB-Ausbilder | Kann Antivir nach Trojanerangriff nicht mehr öffnen. Wenn du keine Probleme mehr hast, dann sind wir hier fertig. Deine Logdateien sind sauber.  Zum Schluss müssen wir noch ein paar abschließende Schritte unternehmen, um deinen Pc aufzuräumen und abzusichern. Schritt 1
Prüfe bitte auch (regelmässig) ob folgende Links fehlende Updates bei deinen Plugins zeigen: Schritt 2 Die Reihenfolge ist hier entscheidend.
Schritt 3 Abschließend habe ich noch ein paar Tipps zur Absicherung deines Systems. Ich kann gar nicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti-Viren-Programm und zusätzlicher Schutz
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden. Mozilla Firefox
Performance
Was du vermeiden solltest:
Nun bleibt mir nur noch dir viel Spaß beim sicheren Surfen zu wünschen... ... und vielleicht möchtest du ja das Trojaner-Board unterstützen? Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so dass ich dieses Thema aus meinen Abos löschen kann. |
|
04.05.2014, 10:10
| #11 |
| | Kann Antivir nach Trojanerangriff nicht mehr öffnen. Alles clean!!! Super. Freu ich mich sehr und bedanke mich herzlichst! Lg.  |
|
04.05.2014, 11:19
| #12 |
| /// TB-Ausbilder | Kann Antivir nach Trojanerangriff nicht mehr öffnen. Ich bin froh, dass wir helfen konnten In diesem Forum kannst du eine kurze Rückmeldung zur Bereinigung abgeben, sofern du das möchtest: Lob, Kritik und Wünsche Klicke dazu auf den Button "NEUES THEMA" und poste ein kleines Feedback. Vielen Dank! Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Solltest Du das Thema erneut brauchen, schicke mir bitte eine PM. Jeder andere bitte hier klicken und einen eigenen Thread erstellen. |
|
| Themen zu Kann Antivir nach Trojanerangriff nicht mehr öffnen. |
| 4d36e972-e325-11ce-bfc1-08002be10318, avira, backdoor.bot, cursor, dieses programm wurde durch eine gruppenrichtlinie geblockt, festplatte, flash player, google, homepage, launch, nicht öffnen, problem, programm, pup.optional.babylon.a, pup.optional.opencandy, pup.optional.opencandy.a, pup.optional.softonic.a, pup.optional.spigot.a, registry, software, svchost.exe, trojan.agent.ef, trojan.ransom.gend, trojaner, vcredist, verdächtige mail |
WARNUNG an die MITLESER: 
Linear-Darstellung
