| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Win7: Online-Banking, Verdacht auf Tatanga TrojanerWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
18.05.2014, 00:42
| #1 |
 |  Win7: Online-Banking, Verdacht auf Tatanga Trojaner Hallo, heute habe ich ein Problem beim Online-Banking festgestellt. Statt der üblichen Nutzerfläche kam eine Meldung "Zu Ihrer Sicherheit", ein Screenshot davon ist angehängt. Ich habe etwas gegoogelt und gehe davon aus, dass es sich um den Trojaner Tatanga handelt. Leider kann ich momentan Windows nicht neu auf den PC spielen, weil ich erst wieder in ca. einem Monat dazu Zeit haben werde. Bis dahin würde ich gern wenigstens den Trojaner eindämmen oder ihn ganz beseitigen, wenn das möglich wäre. Leider war ich etwas nervös durch die ganze Sache, so dass ich die Reihenfolge der Anleitung nicht ganz beachtet habe. Ich habe zuerst Malwarebytes eingesetzt, FRST und defogger später. GMER hat leider nicht funktioniert. Alle logs hänge ich an. Vielleicht ist ja was zu machen, besten Dank schonmal! Edit: Hier die logs noch als Code: Addition Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-05-2014
Ran by User at 2014-05-18 01:08:20
Running from C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Temporäre Internetdateien\Content.IE5\2K6D14IT
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Microsoft Security Essentials (Enabled - Up to date) {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
AS: Microsoft Security Essentials (Enabled - Up to date) {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
µTorrent (HKLM-x32\...\uTorrent) (Version: 2.0.2 - )
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.7.700.224 - Adobe Systems Incorporated)
Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Reader X (10.1.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.10 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}) (Version: 2.1.7 - Apple Inc.)
Ashampoo Burning Studio 6 FREE (HKLM-x32\...\Ashampoo Burning Studio 6 FREE_is1) (Version: 6.7.5 - ashampoo GmbH & Co. KG)
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.3.350 - Avira)
Cisco Systems VPN Client 5.0.07.0440 (HKLM\...\{5FDC06BF-3D3D-4367-8FFB-4FAFCB61972D}) (Version: 5.0.7 - Cisco Systems, Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{60098CE4-EB16-42D1-9FF6-923488C2AB26}) (Version: - Microsoft)
Digitale Bibliothek 4 (HKLM-x32\...\Digitale Bibliothek 4) (Version: - )
Dropbox (HKCU\...\Dropbox) (Version: 2.4.11 - Dropbox, Inc.)
Fotogalerie (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Fraps (HKLM-x32\...\Fraps) (Version: - )
Google Chrome (HKCU\...\Google Chrome) (Version: 34.0.1847.137 - Google Inc.)
ICQ7.5 (HKLM-x32\...\{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}) (Version: 7.5 - ICQ)
Image to PDF Converter Free 5.0 (HKLM-x32\...\Image to PDF Converter Free_is1) (Version: - PDFArea Software)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.27 - Irfan Skiljan)
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.550 - Oracle)
Java 7 Update 9 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417009FF}) (Version: 7.0.90 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
JDownloader 0.9 (HKLM-x32\...\1489-3350-5074-6281) (Version: 0.9 - AppWork GmbH)
Junk Mail filter update (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Last.fm Scrobbler 2.1.35 (HKLM-x32\...\LastFM_is1) (Version: - Last.fm)
Malwarebytes Anti-Malware Version 2.0.1.1004 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Antimalware Service DE-DE Language Pack (Version: 3.0.8402.2 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2010 Service Pack 1 (SP1) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}) (Version: - Microsoft)
Microsoft Office 2010 Service Pack 1 (SP1) (x32 Version: - Microsoft) Hidden
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.1.0522.0 - Microsoft Corporation) Hidden
Microsoft Security Client DE-DE Language Pack (Version: 2.1.1116.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.1.522.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.1.10329.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 (HKLM-x32\...\{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}) (Version: 9.0.21022.218 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
mIRC (HKLM-x32\...\mIRC) (Version: 7.32 - mIRC Co. Ltd.)
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Firefox (3.6) (HKLM-x32\...\Mozilla Firefox (3.6)) (Version: 3.6 (de) - Mozilla)
Mozilla Firefox 29.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 29.0.1 (x86 de)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mozilla Thunderbird 24.5.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 24.5.0 (x86 de)) (Version: 24.5.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyBib eRoom - Browser (HKCU\...\MyBib eRoom - Browser) (Version: - ImageWare Components GmbH)
NVIDIA 3D Vision Controller-Treiber 310.33 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 310.33 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 310.33 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 310.33 - NVIDIA Corporation)
NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.12.5896 - NVIDIA Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.62.40 - NVIDIA Corporation)
NVIDIA Grafiktreiber 310.33 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 310.33 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.95.599 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.12.0904 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.12.0904 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0904 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.1033 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 310.33 (Version: 310.33 - NVIDIA Corporation) Hidden
NVIDIA Update 1.11.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.11.3 - NVIDIA Corporation) Hidden
Partition Wizard Home Edition 5.0 (HKLM-x32\...\{AA468551-1794-42FE-B504-C41D75EEBDF2}_is1) (Version: - MT Solution Ltd.)
pdfsam (HKLM-x32\...\pdfsam) (Version: 2.2.0 - )
PeerBlock 1.0.0 (r181) (HKLM\...\{015C5B35-B678-451C-9AEE-821E8D69621C}_is1) (Version: 1.0.0.181 - PeerBlock, LLC)
Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Protect Disc License Helper 1.0.118 (HKLM-x32\...\Protect Disc License Helper) (Version: 1.0.118 - Protect Disc)
ProtectDisc Driver, Version 11 (HKLM-x32\...\ProtectDisc Driver 11) (Version: 11.0.0.11 - ProtectDisc Software GmbH)
PVSonyDll (Version: 1.00.0001 - NVIDIA Corporation) Hidden
QuickTime (HKLM-x32\...\{0E64B098-8018-4256-BA23-C316A43AD9B0}) (Version: 7.72.80.56 - Apple Inc.)
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM-x32\...\RealPlayer 12.0) (Version: - RealNetworks)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5859 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Skype™ 6.3 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.3.105 - Skype Technologies S.A.)
Soldat 1.6.0 (HKLM-x32\...\Soldat patch 1.5.0-1.6.0_is1) (Version: 1.6.0 - Michal Marcinkowski)
Soldat 1.6.1 (HKLM-x32\...\Soldat patch 1.6.0-1.6.1_is1) (Version: 1.6.1 - Michal Marcinkowski)
Soldat 1.6.2 (HKLM-x32\...\Soldat patch 1.6.1-1.6.2_is1) (Version: 1.6.2 - Michal Marcinkowski)
Soldat 1.6.5 (HKLM-x32\...\Soldat_is1) (Version: 1.6.5 - Michal Marcinkowski)
Soldat 1.6.6 (HKLM-x32\...\Soldat_SBS_1_is1) (Version: 1.6.6 - Michal Marcinkowski)
Soldat 1.6.7 (HKLM-x32\...\Soldat_SBS_2_is1) (Version: 1.6.7 - Michal Marcinkowski)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.13 - TeamSpeak Systems GmbH)
Trillian (HKLM-x32\...\Trillian) (Version: - Cerulean Studios, LLC)
Uninstall 1.0.0.1 (HKLM-x32\...\Uninstall_is1) (Version: - )
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2010 (KB2494150) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{3FCFD88F-4D13-4F38-8625-ABABEA7F61EA}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2553065) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{A8686D24-1E89-43A1-973E-05A258D2B3F8}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{48E1B6C2-7299-4F3F-AA63-42F0ACE55AA4}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{18B3CF2A-73F7-4716-B1AE-86D68726D408}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{D1688F5A-9A61-42F0-B8D0-2C9DF315A141}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (HKLM-x32\...\{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{32E700B9-1A94-48B4-99E1-CB8BD5F7340A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2566458) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{EFB525A0-E1C0-4E32-9968-FE401BC87363}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ED31DE9A-3E13-4E2C-9106-E0D8AFFB9FA6}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{007CC0F3-15DE-426D-95B5-B019FCEF58CE}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{C4F26A9B-B121-4135-8084-A0D9C780C7C8}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{460FF681-BC66-4C38-99DF-7012E03F1EBA}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{1CBEDB37-C438-473F-8BA0-2535B0D237E2}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{1CBEDB37-C438-473F-8BA0-2535B0D237E2}) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (HKLM-x32\...\{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{0C175ED0-26B9-4B09-AFA9-3F16A03A29B9}) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2687277) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{DFE7321B-F914-4AB5-8C74-1F8CC932B1B0}) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2687277) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DFE7321B-F914-4AB5-8C74-1F8CC932B1B0}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{651EE0E5-C789-48D8-8B91-F79352B783C9}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{326F9E80-FE16-4D2A-827A-4EE1A87B1CE8}) (Version: - Microsoft)
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{81CA2EFA-7250-4B1E-B3A6-E0595224E2CD}) (Version: - Microsoft)
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{BC6DFBFD-16DD-47E1-A7EF-2C062930FA4F}) (Version: - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{5DA2D071-A54C-47C0-83E5-43C63DBFD936}) (Version: - Microsoft)
USB Storage Driver (HKLM-x32\...\GENEUIDE) (Version: - )
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
ViewLit 4.2 - Professional (XP) (HKLM-x32\...\ViewLit 4.2 - Professional (XP)) (Version: - )
VLC media player 1.0.5 (HKLM-x32\...\VLC media player) (Version: 1.0.5 - VideoLAN Team)
Win7codecs (HKLM-x32\...\{8C0CAA7A-3272-4991-A808-2C7559DE3409}) (Version: 2.7.4 - Shark007)
Winamp (HKLM-x32\...\Winamp) (Version: 5.572 - Nullsoft, Inc)
Winamp Anwendungserkennung (HKCU\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
WinDjView 2.0.2 (HKLM\...\WinDjView) (Version: 2.0.2 - Andrew Zhezherun)
Windows Live Communications Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Mobile-Gerätecenter (HKLM\...\{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}) (Version: 6.1.6965.0 - Microsoft Corporation)
WinRAR (HKLM-x32\...\WinRAR archiver) (Version: - )
XviD MPEG-4 Codec (HKLM-x32\...\XviD) (Version: - )
==================== Restore Points =========================
==================== Hosts content: ==========================
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {13482418-1CD9-4E4A-9F62-527418C94776} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1947255758-76080904-1852359020-1002UA => C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2013-02-17] (Google Inc.)
Task: {57AD9D90-3E05-4283-9C16-895DDFCFE472} - \WPD\SqmUpload_S-1-5-21-1947255758-76080904-1852359020-1000 No Task File <==== ATTENTION
Task: {58A0546E-421E-4E80-AC19-3834F9C56831} - System32\Tasks\update-sys => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2013-09-27] ()
Task: {59503A72-11C4-444B-96BF-ADA3E5A1564F} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1947255758-76080904-1852359020-1002Core => C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2013-02-17] (Google Inc.)
Task: {7AAB3D0C-9580-411B-B288-E2AC15FAF73D} - System32\Tasks\{A766BB37-B80D-4272-9C69-C49601C9D541} => I:\SETUP\SETUP.EXE
Task: {82C7FD85-93D7-4C64-9747-79C66CFEE79D} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-1947255758-76080904-1852359020-1002 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2010-11-05] (RealNetworks, Inc.)
Task: {8604E4FE-830A-46B8-9689-1A4BE72B50D8} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-1947255758-76080904-1852359020-1002 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2010-11-05] (RealNetworks, Inc.)
Task: {87C07F41-E089-4194-9C3B-6F5758D0D0C0} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {8AB071C9-7CD7-46C9-BBD1-32990E72EC3C} - System32\Tasks\{878A5E12-7BF9-492E-B8D5-E28411D3EC31} => I:\SETUP\SETUP.EXE
Task: {BEEA351F-B48C-4618-8DFD-3BBFE789F82F} - System32\Tasks\update-S-1-5-21-1947255758-76080904-1852359020-1002 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2013-09-27] ()
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1947255758-76080904-1852359020-1002Core.job => C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1947255758-76080904-1852359020-1002UA.job => C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\update-S-1-5-21-1947255758-76080904-1852359020-1002.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
Task: C:\Windows\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
==================== Loaded Modules (whitelisted) =============
2012-12-04 11:47 - 2012-10-20 02:36 - 00086888 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2010-04-04 20:48 - 2008-06-20 00:41 - 00062464 _____ () C:\Program Files (x86)\WinRAR\rarext64.dll
2014-05-18 00:54 - 2014-05-18 00:54 - 00050477 _____ () C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Temporäre Internetdateien\Content.IE5\M6TKSPVQ\Defogger.exe
2014-05-17 18:49 - 2014-05-17 18:42 - 00394808 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2014-05-17 00:42 - 2014-05-17 00:42 - 00800768 _____ () C:\Users\User\AppData\Local\Eptjtion\AcAxDbTLBres.dll
2011-03-04 12:49 - 2011-03-04 12:49 - 00202752 _____ () D:\Programme\VPN\vpnapi.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
==================== EXE Association (whitelisted) =============
==================== Disabled items from MSCONFIG ==============
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^vpngui.exe.lnk => C:\Windows\pss\vpngui.exe.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^User^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: avgnt => "D:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
MSCONFIG\startupreg: DAEMON Tools Pro Agent => "D:\Programme\DAEMON Tools Pro\DTAgent.exe" -autorun
MSCONFIG\startupreg: DivXUpdate => "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
MSCONFIG\startupreg: Google Update => "C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: LightShot => C:\Users\User\AppData\Local\Skillbrains\lightshot\LightShot.exe Flags: uninsdeletevalue
MSCONFIG\startupreg: MsgCenterExe => "C:\Program Files (x86)\Real\RealPlayer\update\RealOneMessageCenter.exe" -osboot
MSCONFIG\startupreg: NeroFilterCheck => C:\Windows\system32\NeroCheck.exe
MSCONFIG\startupreg: Overwolf => C:\Program Files (x86)\Overwolf\Overwolf.exe -silent
MSCONFIG\startupreg: QuickTime Task => "D:\Programme\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: TkBellExe => "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
MSCONFIG\startupreg: WinampAgent => D:\Programme\Winamp\winampa.exe
==================== Faulty Device Manager Devices =============
Name: Cisco Systems VPN Adapter for 64-bit Windows
Description: Cisco Systems VPN Adapter for 64-bit Windows
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: CVirtA
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: Coprozessor
Description: Coprozessor
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (05/17/2014 06:34:15 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Windows\system32\svchost.exe -k netsvcs; Beschreibung = Windows Update; Fehler = 0x80070422).
Error: (05/17/2014 06:15:55 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Windows\servicing\TrustedInstaller.exe; Beschreibung = Windows Modules Installer; Fehler = 0x80070422).
Error: (05/17/2014 06:09:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 10.0.9200.16521, Zeitstempel: 0x51207618
Name des fehlerhaften Moduls: urlmon.dll, Version: 10.0.9200.16521, Zeitstempel: 0x512077b6
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0003e94f
ID des fehlerhaften Prozesses: 0x1c84
Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0
Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1
Pfad des fehlerhaften Moduls: IEXPLORE.EXE2
Berichtskennung: IEXPLORE.EXE3
Error: (05/17/2014 06:09:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 10.0.9200.16521, Zeitstempel: 0x51207618
Name des fehlerhaften Moduls: urlmon.dll, Version: 10.0.9200.16521, Zeitstempel: 0x512077b6
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0003e94f
ID des fehlerhaften Prozesses: 0x1cac
Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0
Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1
Pfad des fehlerhaften Moduls: IEXPLORE.EXE2
Berichtskennung: IEXPLORE.EXE3
Error: (05/17/2014 06:09:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 10.0.9200.16521, Zeitstempel: 0x51207618
Name des fehlerhaften Moduls: urlmon.dll, Version: 10.0.9200.16521, Zeitstempel: 0x512077b6
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0003e94f
ID des fehlerhaften Prozesses: 0x1e58
Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0
Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1
Pfad des fehlerhaften Moduls: IEXPLORE.EXE2
Berichtskennung: IEXPLORE.EXE3
Error: (05/17/2014 06:09:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 10.0.9200.16521, Zeitstempel: 0x51207618
Name des fehlerhaften Moduls: urlmon.dll, Version: 10.0.9200.16521, Zeitstempel: 0x512077b6
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0003e94f
ID des fehlerhaften Prozesses: 0x18d4
Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0
Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1
Pfad des fehlerhaften Moduls: IEXPLORE.EXE2
Berichtskennung: IEXPLORE.EXE3
Error: (05/17/2014 06:09:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 10.0.9200.16521, Zeitstempel: 0x51207618
Name des fehlerhaften Moduls: urlmon.dll, Version: 10.0.9200.16521, Zeitstempel: 0x512077b6
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0003e94f
ID des fehlerhaften Prozesses: 0x16ec
Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0
Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1
Pfad des fehlerhaften Moduls: IEXPLORE.EXE2
Berichtskennung: IEXPLORE.EXE3
Error: (05/17/2014 06:09:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 10.0.9200.16521, Zeitstempel: 0x51207618
Name des fehlerhaften Moduls: urlmon.dll, Version: 10.0.9200.16521, Zeitstempel: 0x512077b6
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0003e94f
ID des fehlerhaften Prozesses: 0xeac
Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0
Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1
Pfad des fehlerhaften Moduls: IEXPLORE.EXE2
Berichtskennung: IEXPLORE.EXE3
Error: (05/17/2014 06:09:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 10.0.9200.16521, Zeitstempel: 0x51207618
Name des fehlerhaften Moduls: urlmon.dll, Version: 10.0.9200.16521, Zeitstempel: 0x512077b6
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0003e94f
ID des fehlerhaften Prozesses: 0x18dc
Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0
Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1
Pfad des fehlerhaften Moduls: IEXPLORE.EXE2
Berichtskennung: IEXPLORE.EXE3
Error: (05/17/2014 06:09:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 10.0.9200.16521, Zeitstempel: 0x51207618
Name des fehlerhaften Moduls: urlmon.dll, Version: 10.0.9200.16521, Zeitstempel: 0x512077b6
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0003e94f
ID des fehlerhaften Prozesses: 0x1be0
Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0
Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1
Pfad des fehlerhaften Moduls: IEXPLORE.EXE2
Berichtskennung: IEXPLORE.EXE3
System errors:
=============
Error: (05/17/2014 06:09:47 PM) (Source: DCOM) (EventID: 10016) (User: User-PC)
Description: ComputerstandardLokalAktivierung{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}User-PCUserS-1-5-21-1947255758-76080904-1852359020-1002LocalHost (unter Verwendung von LRPC)
Error: (05/17/2014 06:09:47 PM) (Source: DCOM) (EventID: 10016) (User: User-PC)
Description: ComputerstandardLokalAktivierung{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}User-PCUserS-1-5-21-1947255758-76080904-1852359020-1002LocalHost (unter Verwendung von LRPC)
Error: (05/17/2014 06:09:27 PM) (Source: DCOM) (EventID: 10016) (User: User-PC)
Description: ComputerstandardLokalAktivierung{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}User-PCUserS-1-5-21-1947255758-76080904-1852359020-1002LocalHost (unter Verwendung von LRPC)
Error: (05/17/2014 01:14:32 PM) (Source: DCOM) (EventID: 10016) (User: User-PC)
Description: ComputerstandardLokalAktivierung{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}User-PCUserS-1-5-21-1947255758-76080904-1852359020-1002LocalHost (unter Verwendung von LRPC)
Error: (05/17/2014 01:13:52 PM) (Source: DCOM) (EventID: 10016) (User: User-PC)
Description: ComputerstandardLokalAktivierung{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}User-PCUserS-1-5-21-1947255758-76080904-1852359020-1002LocalHost (unter Verwendung von LRPC)
Error: (05/17/2014 01:13:51 PM) (Source: DCOM) (EventID: 10016) (User: User-PC)
Description: ComputerstandardLokalAktivierung{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}User-PCUserS-1-5-21-1947255758-76080904-1852359020-1002LocalHost (unter Verwendung von LRPC)
Error: (05/15/2014 05:25:44 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 107.
Error: (05/15/2014 05:25:41 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 107.
Error: (05/14/2014 08:36:00 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {B801CA65-A1FC-11D0-85AD-444553540000}
Error: (05/10/2014 09:39:40 PM) (Source: DCOM) (EventID: 10016) (User: User-PC)
Description: ComputerstandardLokalAktivierung{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}User-PCUserS-1-5-21-1947255758-76080904-1852359020-1002LocalHost (unter Verwendung von LRPC)
Microsoft Office Sessions:
=========================
Error: (05/17/2014 06:34:15 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Windows\system32\svchost.exe -k netsvcsWindows Update0x80070422
Error: (05/17/2014 06:15:55 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Windows\servicing\TrustedInstaller.exeWindows Modules Installer0x80070422
Error: (05/17/2014 06:09:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE10.0.9200.1652151207618urlmon.dll10.0.9200.16521512077b6c00000050003e94f1c8401cf71ea6ffce3a0C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\syswow64\urlmon.dllae7fb9e0-dddd-11e3-9e75-003018aa9203
Error: (05/17/2014 06:09:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE10.0.9200.1652151207618urlmon.dll10.0.9200.16521512077b6c00000050003e94f1cac01cf71ea70017780C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\syswow64\urlmon.dllae7818c0-dddd-11e3-9e75-003018aa9203
Error: (05/17/2014 06:09:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE10.0.9200.1652151207618urlmon.dll10.0.9200.16521512077b6c00000050003e94f1e5801cf71ea6dc2d220C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\syswow64\urlmon.dllac507dd0-dddd-11e3-9e75-003018aa9203
Error: (05/17/2014 06:09:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE10.0.9200.1652151207618urlmon.dll10.0.9200.16521512077b6c00000050003e94f18d401cf71ea6dbcb7a0C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\syswow64\urlmon.dllac313600-dddd-11e3-9e75-003018aa9203
Error: (05/17/2014 06:09:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE10.0.9200.1652151207618urlmon.dll10.0.9200.16521512077b6c00000050003e94f16ec01cf71ea6bb13030C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\syswow64\urlmon.dllaa42ac70-dddd-11e3-9e75-003018aa9203
Error: (05/17/2014 06:09:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE10.0.9200.1652151207618urlmon.dll10.0.9200.16521512077b6c00000050003e94feac01cf71ea5dedef10C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\syswow64\urlmon.dlla1502d40-dddd-11e3-9e75-003018aa9203
Error: (05/17/2014 06:09:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE10.0.9200.1652151207618urlmon.dll10.0.9200.16521512077b6c00000050003e94f18dc01cf71ea5de897e0C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\syswow64\urlmon.dll9e35f4f0-dddd-11e3-9e75-003018aa9203
Error: (05/17/2014 06:09:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE10.0.9200.1652151207618urlmon.dll10.0.9200.16521512077b6c00000050003e94f1be001cf71ea581755e0C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\syswow64\urlmon.dll96633da0-dddd-11e3-9e75-003018aa9203
Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 00:55 on 18/05/2014 (User)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
SPTD -> Disabled (Service running -> reboot required)
-=E.O.F=-
Code:
ATTFilter OTL Extras logfile created on: 18.05.2014 00:49:15 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\User\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17041)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 1,96 Gb Available Physical Memory | 48,97% Memory free
14,00 Gb Paging File | 11,52 Gb Available in Paging File | 82,31% Paging File free
Paging file location(s): c:\pagefile.sys 0 0d:\pagefile.sys 6144 6144 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 48,83 Gb Total Space | 5,90 Gb Free Space | 12,08% Space Free | Partition Type: NTFS
Drive D: | 231,10 Gb Total Space | 45,77 Gb Free Space | 19,81% Space Free | Partition Type: NTFS
Drive G: | 1863,01 Gb Total Space | 49,00 Gb Free Space | 2,63% Space Free | Partition Type: NTFS
Drive J: | 185,49 Gb Total Space | 0,69 Gb Free Space | 0,37% Space Free | Partition Type: NTFS
Computer Name: USER-PC | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "D:\Programme\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "D:\Programme\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "D:\Programme\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "D:\Programme\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "D:\Programme\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "D:\Programme\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe" = C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe:*:Enabled:Flashget3
"C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe" = C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe:*:Enabled:Flashget3
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{004E81EC-D289-46F6-B805-FA8A4DE1CA06}" = rport=137 | protocol=17 | dir=out | app=system |
"{0D83C0E2-1075-4E6B-BA72-D2DD6C105901}" = lport=139 | protocol=6 | dir=in | app=system |
"{125EB100-D88C-438A-B089-67BFE50EC068}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{35CBF5BC-A7A1-42BA-90AB-A132B21A2C1A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{41A02784-8F4E-4E53-AD46-4C4104044D9F}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{4F3FCA98-CE3A-4001-8AB2-9BFE3A41ABA9}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{565544EE-1BF4-4D15-9598-849413C21FBF}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5BB8E3CB-6F33-4C1D-A557-929897A6B428}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{65F32C58-021C-4B6A-B017-DC020E70281D}" = rport=139 | protocol=6 | dir=out | app=system |
"{901C8ED3-CA75-4873-A7AE-9AAB7F58785F}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{932C5659-3817-4BF3-980E-90C5AAE550E5}" = lport=138 | protocol=17 | dir=in | app=system |
"{93D1FADD-DBED-4251-9008-89A1B0110775}" = lport=2869 | protocol=6 | dir=in | app=system |
"{98346EDA-B67E-4225-AFB0-D6210242D5EB}" = rport=138 | protocol=17 | dir=out | app=system |
"{99DEC30B-7FA9-4EF7-BD16-DA856C20052A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9F0D5C10-E5B1-4A93-8C6C-E739F72A687D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B845C37B-921E-4D72-89FA-C2649FA45A0A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{BC95B378-B3AA-4469-B9CD-F10B44F10318}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{BFC9FC44-531A-40D2-8DB8-A384DF13E2F6}" = rport=10243 | protocol=6 | dir=out | app=system |
"{C1DFB31B-AA36-4D31-8B13-37152CE6D3FD}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C967E072-DBE5-4FAD-8050-FBA57E678F7C}" = lport=10243 | protocol=6 | dir=in | app=system |
"{CE9085E9-B745-48AD-A4B2-F89FA2426C41}" = lport=137 | protocol=17 | dir=in | app=system |
"{D04F1EC1-8C44-4F1C-82F8-3D2823EE8E38}" = rport=445 | protocol=6 | dir=out | app=system |
"{F484A671-AE52-4F4B-AE50-0497D9C2BEE7}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F606942E-BB33-4E17-942A-0F2218849B8C}" = lport=445 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0419CFEA-9373-4044-B269-08349CF3A2D3}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{0B866B04-8A06-42A5-9281-24F728A76CFD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0F8665F1-7E41-4E73-98F4-C080BBCF29DB}" = protocol=6 | dir=in | app=c:\users\user\appdata\roaming\dropbox\bin\dropbox.exe |
"{11126220-D90C-4617-AC75-AFB2E9240BCF}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{2277737C-F614-44D8-B434-3E7CC657F8CC}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{22D53A85-3086-4C15-9364-3266D37CBEBC}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{388F1C7A-D27C-4066-A9FC-9E3C3F1BDD22}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{38CD7D68-0BDA-4F2D-9106-B32BB55075E0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{411743EB-5F38-483A-BF07-819D695A1BB7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{432041C6-1E34-42FB-8EF9-7910D9F2119F}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{4968856C-8BEA-430B-A4FD-7A7EA2A08D70}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{4B7A0B8E-5495-4B7B-8EEC-81F0D9D06191}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{688944FF-3834-4F44-8117-EAA31134FB94}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{68F8BDE2-C0C6-4F3B-A82C-C21759DDE322}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{6A8C58E0-2018-4CA1-886A-35D5F0383894}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{7177E156-D805-4133-AA16-7C229FA9CC01}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{7543BC1B-EAFB-47C4-9ABB-BFCFCB9E1040}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7EE4E6EC-BADB-4B8F-9097-AA54DC077BE5}" = protocol=17 | dir=in | app=c:\users\user\appdata\roaming\dropbox\bin\dropbox.exe |
"{7F922B30-D871-4620-AC21-FE9CCC8D954C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8D344606-2ABE-46E0-8E1F-F0348BC24D49}" = protocol=6 | dir=in | app=d:\programme\icq7.5\icq.exe |
"{8E6B09B8-7441-4E5D-8FD4-8D704CC8FEC1}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{8F06071C-E197-41D0-B7D0-D2AC2A0455B8}" = protocol=6 | dir=out | app=system |
"{92E088E3-4601-4E6B-9D3C-1653629E089B}" = protocol=58 | dir=in | app=system |
"{97929470-7A65-4086-9BD6-C99A82A1C3E9}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{99406921-07C9-48CC-97CE-59D270DC744E}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{9C437EB8-8B57-49EC-817E-964953D98204}" = protocol=17 | dir=in | app=d:\programme\icq7.5\icq.exe |
"{9F8EDB5B-A93F-4EA2-8DAB-E18879A7D5F8}" = protocol=6 | dir=in | app=d:\programme\icq7.5\icq.exe |
"{A9423809-72BF-48B1-8F2E-6622E96A6D2C}" = protocol=17 | dir=in | app=d:\programme\icq7.5\icq.exe |
"{A99E846B-E1BD-41E4-9738-0E16710D86D1}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{B33765B1-A1DB-42F4-BEAF-053803CEA2AE}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{B67BB717-FEC0-4FA3-B710-58AF29E3505F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{BB46C311-3341-433D-A878-F4FCF50357E8}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{BF91B95F-E6BF-4ECA-9D2B-40026EAEEB2C}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{C18367DE-919C-4B45-AEDA-86983D9814A9}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{C1BCA577-5950-49CA-908A-4DE317D5CCE1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D95532DE-B6C7-479F-97A6-F643BF018412}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{DDD2988A-BD61-4CA3-B753-BC6A1E26FCBF}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 |
"{EA124538-A1A3-4745-9EC9-E1156BDD28AD}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{EAE9EDC5-B392-44E5-875A-4A6079457426}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{ED762F8F-AAE3-4285-BD9A-C367BB7DF0F5}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{EED7450F-1633-4D26-B565-963A6F91247C}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"TCP Query User{0165F1EB-C463-44CD-A778-97D509CED927}D:\programme\firefox\plugin-container.exe" = protocol=6 | dir=in | app=d:\programme\firefox\plugin-container.exe |
"TCP Query User{0AC4C717-6432-45FE-8529-BE4EC64578B2}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"TCP Query User{0C4192CF-2E82-44D3-849C-D98A2A510213}C:\program files (x86)\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files (x86)\real\realplayer\realplay.exe |
"TCP Query User{0D413568-2045-48EF-864F-862D5B6B947F}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{1D649423-20B7-4458-839B-8E361332A36D}C:\program files (x86)\torenkey\torenkey.exe" = protocol=6 | dir=in | app=c:\program files (x86)\torenkey\torenkey.exe |
"TCP Query User{241B9665-F8EC-4428-A182-B45B002551B1}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe |
"TCP Query User{249B2F0D-8813-4848-BEC3-2532445ED05F}C:\windows\syswow64\java.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\java.exe |
"TCP Query User{340F2487-F216-44F1-9D02-B2CF60B5EDB1}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"TCP Query User{3BA45901-FA86-4EED-A50B-F83BA6A0FA4D}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{4AA134D7-337A-41CA-A8AB-9CCA71068F19}C:\program files (x86)\flashget network\flashget 3\flashget3.exe" = protocol=6 | dir=in | app=c:\program files (x86)\flashget network\flashget 3\flashget3.exe |
"TCP Query User{4CD33D35-A705-43EA-AA6C-6C0211C90EE7}D:\spiele\soldat\soldat.exe" = protocol=6 | dir=in | app=d:\spiele\soldat\soldat.exe |
"TCP Query User{4E5C42D9-C55F-41DF-8C8C-AC85B34CB604}C:\users\user\appdata\local\microsoft\windows\temporary internet files\temporäre internetdateien\content.ie5\etuoa1wn\streamtorrent.exe" = protocol=6 | dir=in | app=c:\users\user\appdata\local\microsoft\windows\temporary internet files\temporäre internetdateien\content.ie5\etuoa1wn\streamtorrent.exe |
"TCP Query User{5151431A-A7AF-4DF8-8752-1002EE9AAD7A}D:\spiele\soldat 1.6.2\soldat\soldat.exe" = protocol=6 | dir=in | app=d:\spiele\soldat 1.6.2\soldat\soldat.exe |
"TCP Query User{5205A9F7-035C-4719-9E92-D7A32418C906}D:\spiele\soldat 1.6.2\soldat\soldat.exe" = protocol=6 | dir=in | app=d:\spiele\soldat 1.6.2\soldat\soldat.exe |
"TCP Query User{55E5BEDA-CCC2-40D0-9602-5A1742C1CAA5}C:\users\user\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\users\user\mirc\mirc.exe |
"TCP Query User{60FED22C-A783-4A2B-BCF7-B6D93577BE0E}C:\program files (x86)\flashget network\flashget 3\flashget3.exe" = protocol=6 | dir=in | app=c:\program files (x86)\flashget network\flashget 3\flashget3.exe |
"TCP Query User{6664BCE2-F37A-4B3F-82E8-22E5C7754D0F}C:\users\user\appdata\roaming\torrentstream\engine\tsengine.exe" = protocol=6 | dir=in | app=c:\users\user\appdata\roaming\torrentstream\engine\tsengine.exe |
"TCP Query User{6A1AD51F-8741-4459-BFED-5D6823C2AF14}C:\program files (x86)\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\adv\sopadver.exe |
"TCP Query User{84C18C3F-106E-44D6-9565-A60A207A4E97}C:\program files (x86)\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mirc\mirc.exe |
"TCP Query User{85A97E13-7DA0-461C-A5A7-8B014D03F03F}C:\program files (x86)\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe |
"TCP Query User{9896FC9D-F5C5-4BC4-B60E-E3381B5591C2}D:\spiele\soldat 1.6.6\soldat\soldat.exe" = protocol=6 | dir=in | app=d:\spiele\soldat 1.6.6\soldat\soldat.exe |
"TCP Query User{B8515BBE-1921-4D56-BCDC-131360CC696D}D:\programme\winamp\winamp.exe" = protocol=6 | dir=in | app=d:\programme\winamp\winamp.exe |
"TCP Query User{B90964B6-479A-47CE-85D9-99563A4C09DD}C:\users\user\appdata\local\temp\a1da.tmp\kmservice.exe" = protocol=6 | dir=in | app=c:\users\user\appdata\local\temp\a1da.tmp\kmservice.exe |
"TCP Query User{C71D515F-20AE-474A-8629-1149AF83298D}D:\spiele\soldat 1.6.1\soldat\soldat.exe" = protocol=6 | dir=in | app=d:\spiele\soldat 1.6.1\soldat\soldat.exe |
"TCP Query User{C84F5EF7-3C95-4E6A-A4A9-9B38CA683878}D:\programme\trillian\trillian.exe" = protocol=6 | dir=in | app=d:\programme\trillian\trillian.exe |
"TCP Query User{D7988606-C4C6-45DD-8585-0D2B4DA104EC}D:\spiele\soldat 1.6.7\soldat\soldat.exe" = protocol=6 | dir=in | app=d:\spiele\soldat 1.6.7\soldat\soldat.exe |
"TCP Query User{D822A292-03F5-4D5E-B6E4-2B82FEF8EEF9}D:\spiele\soldat\soldat.exe" = protocol=6 | dir=in | app=d:\spiele\soldat\soldat.exe |
"TCP Query User{EA5EEC5B-80BA-4976-8AE8-493AD6170981}C:\program files (x86)\tvuplayer\tvuplayer.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tvuplayer\tvuplayer.exe |
"TCP Query User{ED1E941B-DB05-4E5E-BCF3-C2C87CC2FE7F}C:\users\user\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\user\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{0D6C98F4-A712-497A-BC01-2C62C250AA3D}D:\spiele\soldat 1.6.1\soldat\soldat.exe" = protocol=17 | dir=in | app=d:\spiele\soldat 1.6.1\soldat\soldat.exe |
"UDP Query User{27F7F3DC-5D8F-436D-9A59-C5FF109A27CB}C:\users\user\appdata\local\microsoft\windows\temporary internet files\temporäre internetdateien\content.ie5\etuoa1wn\streamtorrent.exe" = protocol=17 | dir=in | app=c:\users\user\appdata\local\microsoft\windows\temporary internet files\temporäre internetdateien\content.ie5\etuoa1wn\streamtorrent.exe |
"UDP Query User{28F972EE-7C1D-4DF7-B03C-38CA35054AC9}C:\program files (x86)\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\adv\sopadver.exe |
"UDP Query User{302DD6A7-E8D3-421A-9E78-5DC648C5127D}D:\spiele\soldat 1.6.6\soldat\soldat.exe" = protocol=17 | dir=in | app=d:\spiele\soldat 1.6.6\soldat\soldat.exe |
"UDP Query User{3A056C08-15E3-4C65-8AA8-C68195CA9C06}C:\users\user\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\user\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{3DB54B3B-35CB-4757-9F87-7EADE14C406C}D:\programme\trillian\trillian.exe" = protocol=17 | dir=in | app=d:\programme\trillian\trillian.exe |
"UDP Query User{437288A0-BEA7-45E8-9BA7-A59D92942AAF}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{5533D2CA-223A-49F8-B78C-28F4CA8A18D8}D:\spiele\soldat\soldat.exe" = protocol=17 | dir=in | app=d:\spiele\soldat\soldat.exe |
"UDP Query User{560D6343-27BA-49EB-83C1-1CD1A9ED8BC0}C:\users\user\appdata\roaming\torrentstream\engine\tsengine.exe" = protocol=17 | dir=in | app=c:\users\user\appdata\roaming\torrentstream\engine\tsengine.exe |
"UDP Query User{5A534F2F-5E1B-4F09-AB2D-533FE559345F}C:\program files (x86)\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe |
"UDP Query User{5CE7938C-AAF1-4F00-AD28-FDE7AAEC0599}C:\windows\syswow64\java.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\java.exe |
"UDP Query User{61E6A13A-567E-4BE3-89FA-CF7AAF8D4C53}D:\spiele\soldat 1.6.2\soldat\soldat.exe" = protocol=17 | dir=in | app=d:\spiele\soldat 1.6.2\soldat\soldat.exe |
"UDP Query User{7116E217-DC44-4939-8AFB-9283C3F0A5A8}C:\program files (x86)\tvuplayer\tvuplayer.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tvuplayer\tvuplayer.exe |
"UDP Query User{7183E553-5A10-4BDB-9AD7-A99D1287E05F}D:\spiele\soldat 1.6.2\soldat\soldat.exe" = protocol=17 | dir=in | app=d:\spiele\soldat 1.6.2\soldat\soldat.exe |
"UDP Query User{7A6C237F-DC4B-4493-BCB4-F569FCDF86E0}C:\program files (x86)\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files (x86)\real\realplayer\realplay.exe |
"UDP Query User{7EEEB3E0-9F1B-445C-92AB-75D6ABF01546}C:\program files (x86)\torenkey\torenkey.exe" = protocol=17 | dir=in | app=c:\program files (x86)\torenkey\torenkey.exe |
"UDP Query User{8BFA0F8C-EC0C-44D1-9EA1-517576EB9B6A}D:\programme\firefox\plugin-container.exe" = protocol=17 | dir=in | app=d:\programme\firefox\plugin-container.exe |
"UDP Query User{931F17DD-56CC-43C1-883D-82CFB1697F87}C:\program files (x86)\flashget network\flashget 3\flashget3.exe" = protocol=17 | dir=in | app=c:\program files (x86)\flashget network\flashget 3\flashget3.exe |
"UDP Query User{93372FD7-0D56-40A1-939D-9C195EB58044}C:\users\user\appdata\local\temp\a1da.tmp\kmservice.exe" = protocol=17 | dir=in | app=c:\users\user\appdata\local\temp\a1da.tmp\kmservice.exe |
"UDP Query User{A22E8B1A-D3A4-49C8-9565-CA3AB1B987C9}D:\spiele\soldat 1.6.7\soldat\soldat.exe" = protocol=17 | dir=in | app=d:\spiele\soldat 1.6.7\soldat\soldat.exe |
"UDP Query User{B2016EF2-5384-45A8-B018-8DA46E7E3B26}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{B3CAFD8A-90D0-4AD3-B702-3161CB34CAD0}C:\program files (x86)\flashget network\flashget 3\flashget3.exe" = protocol=17 | dir=in | app=c:\program files (x86)\flashget network\flashget 3\flashget3.exe |
"UDP Query User{B866ADF4-C917-406C-B297-361D4E7FDFF2}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{C5967698-3DFE-4121-BA81-6F733501B177}C:\program files (x86)\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mirc\mirc.exe |
"UDP Query User{D56180ED-1128-4C3E-B85D-4A61D39A82EA}D:\programme\winamp\winamp.exe" = protocol=17 | dir=in | app=d:\programme\winamp\winamp.exe |
"UDP Query User{DAA59556-1940-496F-A945-FECFE288B9F6}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe |
"UDP Query User{E11CFED9-8743-468A-9CD0-02EB66847DC8}C:\users\user\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\users\user\mirc\mirc.exe |
"UDP Query User{FC850FF7-7865-49E7-99DF-0F82641A8956}D:\spiele\soldat\soldat.exe" = protocol=17 | dir=in | app=d:\spiele\soldat\soldat.exe |
"UDP Query User{FEF806CD-5D5A-4D4B-8CFF-183FDCE96D3C}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.0.0 (r181)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86417009FF}" = Java 7 Update 9 (64-bit)
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{5EEC477F-8E9B-4420-8829-16E7426227DB}" = Windows Live MIME IFilter
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{5FDC06BF-3D3D-4367-8FFB-4FAFCB61972D}" = Cisco Systems VPN Client 5.0.07.0440
"{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}" = Windows Mobile-Gerätecenter
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 310.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 310.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 310.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 310.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0904
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.11.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{C78D3032-9DFD-41D0-9DE9-58EAE750CBA4}" = Microsoft Security Client
"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
"{DC911ADF-7B60-40F2-A112-FB1EB6402D07}" = Microsoft Security Client DE-DE Language Pack
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Security Client" = Microsoft Security Essentials
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"WinDjView" = WinDjView 2.0.2
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{03D562B5-C4E2-4846-A920-33178788BE00}" = Windows Live Communications Platform
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0F929651-F516-4956-90F2-FFBD2CD5D30E}" = Photo Gallery
"{0FD66C6F-4023-4C74-AF8E-9B8B2053868E}" = Fotogalerie
"{0FF9CC94-EF23-401E-BDBD-37403D1A2B38}" = Windows Live SOXE Definitions
"{22C58DA3-FA02-4DD3-8C5B-23570411E95B}" = Windows Live Writer Resources
"{23B93929-FAD4-40E5-96C6-0E977BB87204}" = Windows Live Essentials
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 55
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{45898170-E68C-4F02-AA35-C2186BF347A3}" = Movie Maker
"{49DC9658-D26A-4AAB-A83A-2655B8033056}" = Photo Common
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{5A0EE0F0-E909-4F3B-B437-AAD9252427CB}" = Windows Live Installer
"{6066D3FE-3692-4449-A3C8-D1EAA2C0E9E7}" = Movie Maker
"{6B6923B9-8719-425B-916C-CD2908F31AAF}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C0CAA7A-3272-4991-A808-2C7559DE3409}" = Win7codecs
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{AA468551-1794-42FE-B504-C41D75EEBDF2}_is1" = Partition Wizard Home Edition 5.0
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.10) - Deutsch
"{C6B0EE9E-2128-4448-B7AE-5E2B46E0F0E7}" = Windows Live Photo Common
"{C963C417-CFE3-4950-8B83-466AED0C1599}" = NVIDIA PhysX
"{CCC7C18E-1BEA-409F-B7A9-6C9740B99119}" = Windows Live UX Platform Language Pack
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D29B0575-C3DE-4746-A893-4FDF0F7D68B2}" = Windows Live Mail
"{D604900F-A275-416C-AF9D-CDEDF58B72DB}" = Windows Live Mail
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3445598-4424-4EE2-B71C-C23325F7FB71}" = Windows Live PIMT Platform
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EFBCA571-617D-484A-9ECA-E301BB6D0750}" = Windows Live Writer
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E58739-2B4C-498F-9B0D-FF0F2FD52B61}" = Windows Live UX Platform
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6F30C28-38AA-4DBA-AE0B-7E30238E61BB}" = Junk Mail filter update
"1489-3350-5074-6281" = JDownloader 0.9
"Adobe Flash Player ActiveX" = Adobe Flash Player 13 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Ashampoo Burning Studio 6 FREE_is1" = Ashampoo Burning Studio 6 FREE
"Avira AntiVir Desktop" = Avira Free Antivirus
"Digitale Bibliothek 4" = Digitale Bibliothek 4
"Fraps" = Fraps
"GENEUIDE" = USB Storage Driver
"Image to PDF Converter Free_is1" = Image to PDF Converter Free 5.0
"IrfanView" = IrfanView (remove only)
"LastFM_is1" = Last.fm Scrobbler 2.1.35
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware Version 2.0.1.1004
"mIRC" = mIRC
"Mozilla Firefox (3.6)" = Mozilla Firefox (3.6)
"Mozilla Firefox 29.0.1 (x86 de)" = Mozilla Firefox 29.0.1 (x86 de)
"Mozilla Thunderbird 24.5.0 (x86 de)" = Mozilla Thunderbird 24.5.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"pdfsam" = pdfsam
"Protect Disc License Helper" = Protect Disc License Helper 1.0.118
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"RealPlayer 12.0" = RealPlayer
"Soldat patch 1.5.0-1.6.0_is1" = Soldat 1.6.0
"Soldat patch 1.6.0-1.6.1_is1" = Soldat 1.6.1
"Soldat patch 1.6.1-1.6.2_is1" = Soldat 1.6.2
"Soldat_is1" = Soldat 1.6.5
"Soldat_SBS_1_is1" = Soldat 1.6.6
"Soldat_SBS_2_is1" = Soldat 1.6.7
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Trillian" = Trillian
"Uninstall_is1" = Uninstall 1.0.0.1
"uTorrent" = µTorrent
"ViewLit 4.2 - Professional (XP)" = ViewLit 4.2 - Professional (XP)
"VLC media player" = VLC media player 1.0.5
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"XviD" = XviD MPEG-4 Codec
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"MyBib eRoom - Browser" = MyBib eRoom - Browser
"Winamp Detect" = Winamp Anwendungserkennung
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 17.05.2014 12:09:14 | Computer Name = User-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 10.0.9200.16521,
Zeitstempel: 0x51207618 Name des fehlerhaften Moduls: urlmon.dll, Version: 10.0.9200.16521,
Zeitstempel: 0x512077b6 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0003e94f ID des fehlerhaften
Prozesses: 0x1be0 Startzeit der fehlerhaften Anwendung: 0x01cf71ea581755e0 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE Pfad
des fehlerhaften Moduls: C:\Windows\syswow64\urlmon.dll Berichtskennung: 96633da0-dddd-11e3-9e75-003018aa9203
Error - 17.05.2014 12:09:27 | Computer Name = User-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 10.0.9200.16521,
Zeitstempel: 0x51207618 Name des fehlerhaften Moduls: urlmon.dll, Version: 10.0.9200.16521,
Zeitstempel: 0x512077b6 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0003e94f ID des fehlerhaften
Prozesses: 0x18dc Startzeit der fehlerhaften Anwendung: 0x01cf71ea5de897e0 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE Pfad
des fehlerhaften Moduls: C:\Windows\syswow64\urlmon.dll Berichtskennung: 9e35f4f0-dddd-11e3-9e75-003018aa9203
Error - 17.05.2014 12:09:32 | Computer Name = User-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 10.0.9200.16521,
Zeitstempel: 0x51207618 Name des fehlerhaften Moduls: urlmon.dll, Version: 10.0.9200.16521,
Zeitstempel: 0x512077b6 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0003e94f ID des fehlerhaften
Prozesses: 0xeac Startzeit der fehlerhaften Anwendung: 0x01cf71ea5dedef10 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE Pfad
des fehlerhaften Moduls: C:\Windows\syswow64\urlmon.dll Berichtskennung: a1502d40-dddd-11e3-9e75-003018aa9203
Error - 17.05.2014 12:09:47 | Computer Name = User-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 10.0.9200.16521,
Zeitstempel: 0x51207618 Name des fehlerhaften Moduls: urlmon.dll, Version: 10.0.9200.16521,
Zeitstempel: 0x512077b6 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0003e94f ID des fehlerhaften
Prozesses: 0x16ec Startzeit der fehlerhaften Anwendung: 0x01cf71ea6bb13030 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE Pfad
des fehlerhaften Moduls: C:\Windows\syswow64\urlmon.dll Berichtskennung: aa42ac70-dddd-11e3-9e75-003018aa9203
Error - 17.05.2014 12:09:50 | Computer Name = User-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 10.0.9200.16521,
Zeitstempel: 0x51207618 Name des fehlerhaften Moduls: urlmon.dll, Version: 10.0.9200.16521,
Zeitstempel: 0x512077b6 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0003e94f ID des fehlerhaften
Prozesses: 0x18d4 Startzeit der fehlerhaften Anwendung: 0x01cf71ea6dbcb7a0 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE Pfad
des fehlerhaften Moduls: C:\Windows\syswow64\urlmon.dll Berichtskennung: ac313600-dddd-11e3-9e75-003018aa9203
Error - 17.05.2014 12:09:50 | Computer Name = User-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 10.0.9200.16521,
Zeitstempel: 0x51207618 Name des fehlerhaften Moduls: urlmon.dll, Version: 10.0.9200.16521,
Zeitstempel: 0x512077b6 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0003e94f ID des fehlerhaften
Prozesses: 0x1e58 Startzeit der fehlerhaften Anwendung: 0x01cf71ea6dc2d220 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE Pfad
des fehlerhaften Moduls: C:\Windows\syswow64\urlmon.dll Berichtskennung: ac507dd0-dddd-11e3-9e75-003018aa9203
Error - 17.05.2014 12:09:54 | Computer Name = User-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 10.0.9200.16521,
Zeitstempel: 0x51207618 Name des fehlerhaften Moduls: urlmon.dll, Version: 10.0.9200.16521,
Zeitstempel: 0x512077b6 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0003e94f ID des fehlerhaften
Prozesses: 0x1cac Startzeit der fehlerhaften Anwendung: 0x01cf71ea70017780 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE Pfad
des fehlerhaften Moduls: C:\Windows\syswow64\urlmon.dll Berichtskennung: ae7818c0-dddd-11e3-9e75-003018aa9203
Error - 17.05.2014 12:09:54 | Computer Name = User-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 10.0.9200.16521,
Zeitstempel: 0x51207618 Name des fehlerhaften Moduls: urlmon.dll, Version: 10.0.9200.16521,
Zeitstempel: 0x512077b6 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0003e94f ID des fehlerhaften
Prozesses: 0x1c84 Startzeit der fehlerhaften Anwendung: 0x01cf71ea6ffce3a0 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE Pfad
des fehlerhaften Moduls: C:\Windows\syswow64\urlmon.dll Berichtskennung: ae7fb9e0-dddd-11e3-9e75-003018aa9203
Error - 17.05.2014 12:15:55 | Computer Name = User-PC | Source = System Restore | ID = 8193
Description =
Error - 17.05.2014 12:34:15 | Computer Name = User-PC | Source = System Restore | ID = 8193
Description =
[ System Events ]
Error - 10.05.2014 15:39:40 | Computer Name = User-PC | Source = DCOM | ID = 10016
Description =
Error - 14.05.2014 14:36:00 | Computer Name = User-PC | Source = DCOM | ID = 10010
Description =
Error - 15.05.2014 11:25:41 | Computer Name = User-PC | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus
lautet: 107.
Error - 15.05.2014 11:25:44 | Computer Name = User-PC | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus
lautet: 107.
Error - 17.05.2014 07:13:51 | Computer Name = User-PC | Source = DCOM | ID = 10016
Description =
Error - 17.05.2014 07:13:52 | Computer Name = User-PC | Source = DCOM | ID = 10016
Description =
Error - 17.05.2014 07:14:32 | Computer Name = User-PC | Source = DCOM | ID = 10016
Description =
Error - 17.05.2014 12:09:27 | Computer Name = User-PC | Source = DCOM | ID = 10016
Description =
Error - 17.05.2014 12:09:47 | Computer Name = User-PC | Source = DCOM | ID = 10016
Description =
Error - 17.05.2014 12:09:47 | Computer Name = User-PC | Source = DCOM | ID = 10016
Description =
< End of report >
Geändert von joanbaez123 (18.05.2014 um 01:42 Uhr) |
|
18.05.2014, 01:44
| #2 |
| | Win7: Online-Banking, Verdacht auf Tatanga Trojaner FRST
__________________FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-05-2014
Ran by User (administrator) on USER-PC on 18-05-2014 01:07:18
Running from C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Temporäre Internetdateien\Content.IE5\2K6D14IT
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Microsoft Corporation) C:\Windows\System32\regsvr32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe
(CrypKey (Canada) Ltd.) C:\Windows\System32\Crypserv.exe
(Cisco Systems, Inc.) D:\Programme\VPN\cvpnd.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
() C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Temporäre Internetdateien\Content.IE5\M6TKSPVQ\Defogger.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7833120 2009-05-24] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] => C:\Program Files\Realtek\Audio\HDA\Skytel.exe [1833504 2009-05-24] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1289704 2012-09-12] (Microsoft Corporation)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-05-17] (Avira Operations GmbH & Co. KG)
HKLM Group Policy restriction on software: C:\Program Files (x86)\Microsoft Security Client <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Microsoft Security Client <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Avira <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware <====== ATTENTION
HKU\S-1-5-21-1947255758-76080904-1852359020-1002\...\Run: [Google Update] => C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-02-17] (Google Inc.)
HKU\S-1-5-21-1947255758-76080904-1852359020-1002\...\Run: [Eptjtion] => regsvr32.exe C:\Users\User\AppData\Local\Eptjtion\AcAxDbTLBres.dll <===== ATTENTION
HKU\S-1-5-21-1947255758-76080904-1852359020-1002\...\Run: [yaeldet] => regsvr32.exe "C:\ProgramData\yaeldet.dat"
==================== Internet (Whitelisted) ====================
ProxyServer: proxy.uni-greifswald.de:8080
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.gmx.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xE0814DC5AB08CB01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
SearchScopes: HKCU - DefaultScope {3EFFE33F-8F6C-41F2-872F-DF0C602DD436} URL = hxxp://www.google.de/search?q={searchTerms}
SearchScopes: HKCU - {3EFFE33F-8F6C-41F2-872F-DF0C602DD436} URL = hxxp://www.google.de/search?q={searchTerms}
SearchScopes: HKCU - {85725DBC-135C-49B5-A699-7C3871A0434B} URL = hxxp://de.wikipedia.org/w/index.php?title=Spezial:Suche&search={searchTerms}
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: HKLM-x32 {4871A87A-BFDD-4106-8153-FFDE2BAC2967} hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.7.cab
DPF: HKLM-x32 {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} hxxp://uploadserver.info/premium/mirror2/uploader/ImageUploader5.cab
DPF: HKLM-x32 {8FEFF364-6A5F-4966-A917-A3AC28411659} hxxp://download.sopcast.com/download/SOPCORE.CAB
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: HKLM-x32 {E4CF4E86-D0DC-4864-8F0E-4F6EA2526334} hxxp://img.ui-portal.de/webde/smartdrive/activex/gmxnet_osupload_2002.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 83.169.185.161 83.169.185.225
FireFox:
========
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\4btqyr9v.default
FF Homepage: www.gmx.de
FF NetworkProxy: "backup.ftp", ""
FF NetworkProxy: "backup.ftp_port", 0
FF NetworkProxy: "backup.gopher", ""
FF NetworkProxy: "backup.gopher_port", 0
FF NetworkProxy: "backup.socks", ""
FF NetworkProxy: "backup.socks_port", 0
FF NetworkProxy: "backup.ssl", ""
FF NetworkProxy: "backup.ssl_port", 0
FF NetworkProxy: "ftp", "proxy.uni-greifswald.de"
FF NetworkProxy: "ftp_port", 8080
FF NetworkProxy: "gopher", "proxy.uni-greifswald.de"
FF NetworkProxy: "gopher_port", 8080
FF NetworkProxy: "http", "proxy.uni-greifswald.de"
FF NetworkProxy: "http_port", 8080
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "proxy.uni-greifswald.de"
FF NetworkProxy: "socks_port", 8080
FF NetworkProxy: "ssl", "proxy.uni-greifswald.de"
FF NetworkProxy: "ssl_port", 8080
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @java.com/DTPlugin,version=10.9.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.9.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pages.tvunetworks.com/WebPlayer - C:\Program Files (x86)\TVUPlayer\npTVUAx.dll No File
FF Plugin-x32: @protectdisc.com/NPPDLicenseHelper - C:\Program Files (x86)\ProtectDisc\License Helper\NPPDLicenseHelper.dll ()
FF Plugin-x32: @real.com/nppl3260;version=12.0.1.609 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprjplug;version=12.0.1.609 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=12.0.1.609 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpjplug;version=12.0.1.609 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\User\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\User\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npnul32.dll (mozilla.org)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPPDLicenseHelper.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprjplug.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
FF Extension: ProxTube - Unblock YouTube - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\4btqyr9v.default\Extensions\ich@maltegoetz.de [2014-01-28]
FF Extension: YouTube Unblocker - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\4btqyr9v.default\Extensions\youtubeunblocker@unblocker.yt [2014-05-05]
FF Extension: ProxTube - Unblock YouTube - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\4btqyr9v.default\Extensions\{2541D29A-DB9E-4c1e-949A-31EFB4AEF4E7} [2013-12-07]
FF Extension: Basic Slideshow Theme - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\4btqyr9v.default\Extensions\{7AEEB28A-EA4E-C605-89D8-027734C5C0AA} [2014-05-17]
FF Extension: DownloadHelper - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\4btqyr9v.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-05-05]
FF Extension: flashget3 Extension - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\4btqyr9v.default\Extensions\{DB9127A2-3381-41ec-82B3-1B6ED4C6F29A} [2011-01-02]
FF Extension: FlashGot - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\4btqyr9v.default\Extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2013-02-09]
FF Extension: Skype Wizard Plus - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\4btqyr9v.default\Extensions\{1a796508-0ef4-4a59-afee-c762898d2b6e}.xpi [2013-11-14]
FF Extension: {a8630f62-3269-4ea7-981b-78e22f908985} - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\4btqyr9v.default\Extensions\{a8630f62-3269-4ea7-981b-78e22f908985}.xpi [2013-11-11]
FF Extension: DownThemAll! - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\4btqyr9v.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2013-02-02]
FF Extension: Greasemonkey - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\4btqyr9v.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2013-03-09]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010-06-13]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010-08-16]
FF StartMenuInternet: FIREFOX.EXE - D:\Programme\Firefox\firefox.exe
Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR StartupUrls: "hxxp://www.gmx.de/"
CHR Plugin: (Shockwave Flash) - C:\Users\User\AppData\Local\Google\Chrome\Application\34.0.1847.131\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\User\AppData\Local\Google\Chrome\Application\34.0.1847.131\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\User\AppData\Local\Google\Chrome\Application\34.0.1847.131\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Protect Disc License Acquisition Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\NPPDLicenseHelper.dll ()
CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll (RealNetworks, Inc.)
CHR Plugin: (Winamp Application Detector) - C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll (Nullsoft, Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (DivX Web Player) - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (TVU Web Player for FireFox) - C:\Program Files (x86)\TVUPlayer\npTVUAx.dll No File
CHR Plugin: (RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (Google Update) - C:\Users\User\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.90.5) - C:\Windows\SysWOW64\npDeployJava1.dll No File
CHR Plugin: (Picasa) - D:\Programme\Picasa\Picasa3\npPicasa3.dll No File
CHR Extension: (Basic Slideshow Theme) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla [2014-05-17]
CHR Extension: (Google Docs) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-02-17]
CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-02-17]
CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-02-17]
CHR Extension: (Google Search) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-02-17]
CHR Extension: (Google Wallet) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-02-17]
==================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-05-17] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-05-17] (Avira Operations GmbH & Co. KG)
R2 Crypkey License; C:\Windows\system32\crypserv.exe [122880 2008-05-08] (CrypKey (Canada) Ltd.)
R2 CVPND; D:\Programme\VPN\cvpnd.exe [1529856 2011-03-04] (Cisco Systems, Inc.)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22072 2012-09-12] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [368896 2012-09-12] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2014-05-17] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2014-05-17] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-05-17] (Avira Operations GmbH & Co. KG)
R3 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [306536 2011-03-04] ()
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [228768 2012-08-30] (Microsoft Corporation)
S3 MTsensor; C:\Windows\system32\DRIVERS\ASACPI.sys [15416 2009-05-14] ()
R1 NetworkX; C:\Windows\system32\ckldrv.sys [28664 2008-03-17] ()
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [128456 2012-08-30] (Microsoft Corporation)
S3 pbfilter; D:\Programme\PeerBlock\PeerBlock\pbfilter.sys [19544 2009-09-28] ()
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19936 2010-04-09] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [13280 2010-04-09] ()
R4 sptd; C:\Windows\System32\Drivers\sptd.sys [828912 2010-06-16] ()
U3 ae89ru5l; C:\Windows\System32\Drivers\ae89ru5l.sys [0 ] (NVIDIA Corporation)
S1 enlkzanf; \??\C:\Windows\system32\drivers\enlkzanf.sys [X]
S1 imrufzce; \??\C:\Windows\system32\drivers\imrufzce.sys [X]
S1 lnukaata; \??\C:\Windows\system32\drivers\lnukaata.sys [X]
S1 mpahzbae; \??\C:\Windows\system32\drivers\mpahzbae.sys [X]
S1 nxdrikra; \??\C:\Windows\system32\drivers\nxdrikra.sys [X]
S1 qezegowc; \??\C:\Windows\system32\drivers\qezegowc.sys [X]
S1 tymtzgpo; \??\C:\Windows\system32\drivers\tymtzgpo.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-05-18 01:07 - 2014-05-18 01:07 - 00000000 ____D () C:\FRST
2014-05-18 00:59 - 2014-05-18 00:59 - 00092546 _____ () C:\Users\User\Desktop\Extras.Txt
2014-05-18 00:58 - 2014-05-18 00:58 - 00126162 _____ () C:\Users\User\Desktop\OTL.Txt
2014-05-18 00:55 - 2014-05-18 00:55 - 00000580 _____ () C:\Users\User\Desktop\defogger_disable.log
2014-05-18 00:55 - 2014-05-18 00:55 - 00000020 _____ () C:\Users\User\defogger_reenable
2014-05-18 00:48 - 2014-05-18 00:48 - 00602112 _____ (OldTimer Tools) C:\Users\User\Desktop\OTL.exe
2014-05-17 21:32 - 2014-05-17 21:32 - 00003506 _____ () C:\Users\User\Desktop\mbam.txt
2014-05-17 21:11 - 2014-05-17 21:11 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-17 21:10 - 2014-05-17 21:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-05-17 21:10 - 2014-05-17 21:10 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-17 21:10 - 2014-05-17 21:10 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-05-17 21:10 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-17 21:10 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-17 21:10 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-17 18:54 - 2014-05-17 18:54 - 00000000 ____D () C:\Users\User\AppData\Roaming\Avira
2014-05-17 18:49 - 2014-05-17 18:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-05-17 18:49 - 2014-05-17 18:49 - 00000000 ____D () C:\ProgramData\Avira
2014-05-17 18:49 - 2014-05-17 18:49 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-05-17 18:49 - 2014-05-17 18:42 - 00131576 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-05-17 18:49 - 2014-05-17 18:42 - 00108440 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-05-17 18:49 - 2014-05-17 18:42 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-05-17 18:41 - 2014-05-17 18:45 - 00000000 ____D () C:\AdwCleaner
2014-05-17 18:41 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-05-17 18:25 - 2014-05-17 18:25 - 00000000 __SHD () C:\Users\User\AppData\Local\EmieUserList
2014-05-17 18:25 - 2014-05-17 18:25 - 00000000 __SHD () C:\Users\User\AppData\Local\EmieSiteList
2014-05-17 18:17 - 2014-05-17 18:17 - 23549440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 17387008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-17 18:17 - 2014-05-17 18:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-17 18:17 - 2014-05-17 18:17 - 02260480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-05-17 18:17 - 2014-05-17 18:17 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-05-17 18:17 - 2014-05-17 18:17 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-05-17 18:17 - 2014-05-17 18:17 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2014-05-17 18:17 - 2014-05-17 18:17 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-05-17 18:17 - 2014-05-17 18:17 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-05-17 18:17 - 2014-05-17 18:17 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-05-17 18:17 - 2014-05-17 18:17 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-05-17 18:17 - 2014-05-17 18:17 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-05-17 18:17 - 2014-05-17 18:17 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2014-05-17 18:17 - 2014-05-17 18:17 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-05-17 18:17 - 2014-05-17 18:17 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2014-05-17 18:17 - 2014-05-17 18:17 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-05-17 18:17 - 2014-05-17 18:17 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-05-17 18:17 - 2014-05-17 18:17 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-05-17 18:17 - 2014-05-17 18:17 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2014-05-17 18:17 - 2014-05-17 18:17 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-05-17 18:17 - 2014-05-17 18:17 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-05-17 18:17 - 2014-05-17 18:17 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2014-05-17 18:17 - 2014-05-17 18:17 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-05-17 18:17 - 2014-05-17 18:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2014-05-17 18:17 - 2014-05-17 18:17 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-05-17 18:17 - 2014-05-17 18:17 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-05-17 18:17 - 2014-05-17 18:17 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-05-17 18:17 - 2014-05-17 18:17 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-05-17 18:17 - 2014-05-17 18:17 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-05-17 18:16 - 2014-05-17 18:16 - 05549504 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-17 18:16 - 2014-05-17 18:16 - 03969472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-05-17 18:16 - 2014-05-17 18:16 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-05-17 18:16 - 2014-05-17 18:16 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-05-17 18:16 - 2014-05-17 18:16 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2014-05-17 18:16 - 2014-05-17 18:16 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2014-05-17 18:16 - 2014-05-17 18:16 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2014-05-17 18:16 - 2014-05-17 18:16 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2014-05-17 18:16 - 2014-05-17 18:16 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2014-05-17 18:16 - 2014-05-17 18:16 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2014-05-17 18:16 - 2014-05-17 18:16 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-05-17 18:16 - 2014-05-17 18:16 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2014-05-17 18:16 - 2014-05-17 18:16 - 00288088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-05-17 18:16 - 2014-05-17 18:16 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-05-17 18:16 - 2014-05-17 18:16 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2014-05-17 18:16 - 2014-05-17 18:16 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2014-05-17 18:16 - 2014-05-17 18:16 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2014-05-17 18:16 - 2014-05-17 18:16 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2014-05-17 18:16 - 2014-05-17 18:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-05-17 18:16 - 2014-05-17 18:16 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-05-17 18:16 - 2014-05-17 18:16 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-05-17 18:16 - 2014-05-17 18:16 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2014-05-17 18:16 - 2014-05-17 18:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-05-17 18:16 - 2014-05-17 18:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-05-17 18:15 - 2014-05-17 18:15 - 01887232 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
2014-05-17 18:15 - 2014-05-17 18:15 - 01505280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2014-05-17 18:14 - 2014-05-17 18:20 - 00010923 _____ () C:\Windows\IE11_main.log
2014-05-17 00:41 - 2014-05-17 00:42 - 00000000 ____D () C:\Users\User\AppData\Local\Eptjtion
2014-05-11 16:40 - 2014-05-11 16:40 - 00283144 _____ (Mozilla) C:\Users\User\Downloads\Firefox Setup Stub 29.0.1.exe
2014-05-03 19:59 - 2014-05-04 12:36 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-04-26 20:58 - 2014-04-26 21:15 - 161670431 _____ () C:\Users\User\Desktop\2013-06-18 Suhm Wissen.mp4
2014-04-26 20:58 - 2014-04-26 21:14 - 158733084 _____ () C:\Users\User\Desktop\2013-04-30 Voland_WEG_Darwin meets Kant.mp4
2014-04-21 13:14 - 2014-04-21 13:14 - 00004253 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_55-b14.log
2014-04-21 13:14 - 2014-04-14 20:13 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-04-21 13:14 - 2014-04-14 20:05 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-04-21 13:14 - 2014-04-14 20:05 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-04-21 13:14 - 2014-04-14 20:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
==================== One Month Modified Files and Folders =======
2014-05-18 01:07 - 2014-05-18 01:07 - 00000000 ____D () C:\FRST
2014-05-18 01:02 - 2013-02-17 07:00 - 00001116 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1947255758-76080904-1852359020-1002UA.job
2014-05-18 00:59 - 2014-05-18 00:59 - 00092546 _____ () C:\Users\User\Desktop\Extras.Txt
2014-05-18 00:58 - 2014-05-18 00:58 - 00126162 _____ () C:\Users\User\Desktop\OTL.Txt
2014-05-18 00:55 - 2014-05-18 00:55 - 00000580 _____ () C:\Users\User\Desktop\defogger_disable.log
2014-05-18 00:55 - 2014-05-18 00:55 - 00000020 _____ () C:\Users\User\defogger_reenable
2014-05-18 00:48 - 2014-05-18 00:48 - 00602112 _____ (OldTimer Tools) C:\Users\User\Desktop\OTL.exe
2014-05-17 23:22 - 2013-06-06 19:19 - 00000386 _____ () C:\Windows\Tasks\update-S-1-5-21-1947255758-76080904-1852359020-1002.job
2014-05-17 22:31 - 2009-07-14 06:45 - 00026016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-17 22:31 - 2009-07-14 06:45 - 00026016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-17 22:28 - 2009-07-14 19:58 - 00654150 _____ () C:\Windows\system32\perfh007.dat
2014-05-17 22:28 - 2009-07-14 19:58 - 00130022 _____ () C:\Windows\system32\perfc007.dat
2014-05-17 22:28 - 2009-07-14 07:13 - 01498742 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-17 22:27 - 2010-04-04 19:40 - 01609112 _____ () C:\Windows\WindowsUpdate.log
2014-05-17 22:23 - 2013-01-20 20:48 - 00058156 _____ () C:\Windows\error.log
2014-05-17 22:23 - 2013-01-20 20:48 - 00013132 _____ () C:\Windows\errord.log
2014-05-17 22:23 - 2012-12-04 11:47 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-05-17 22:23 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-17 22:23 - 2009-07-14 06:51 - 00126017 _____ () C:\Windows\setupact.log
2014-05-17 21:56 - 2013-06-06 19:19 - 00000386 _____ () C:\Windows\Tasks\update-sys.job
2014-05-17 21:36 - 2010-04-04 18:48 - 00170600 _____ () C:\Windows\PFRO.log
2014-05-17 21:36 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system
2014-05-17 21:32 - 2014-05-17 21:32 - 00003506 _____ () C:\Users\User\Desktop\mbam.txt
2014-05-17 21:11 - 2014-05-17 21:11 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-17 21:10 - 2014-05-17 21:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-05-17 21:10 - 2014-05-17 21:10 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-17 21:10 - 2014-05-17 21:10 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-05-17 18:54 - 2014-05-17 18:54 - 00000000 ____D () C:\Users\User\AppData\Roaming\Avira
2014-05-17 18:49 - 2014-05-17 18:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-05-17 18:49 - 2014-05-17 18:49 - 00000000 ____D () C:\ProgramData\Avira
2014-05-17 18:49 - 2014-05-17 18:49 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-05-17 18:45 - 2014-05-17 18:41 - 00000000 ____D () C:\AdwCleaner
2014-05-17 18:45 - 2010-08-09 05:06 - 00000000 ____D () C:\Users\User\AppData\Local\Last.fm
2014-05-17 18:42 - 2014-05-17 18:49 - 00131576 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-05-17 18:42 - 2014-05-17 18:49 - 00108440 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-05-17 18:42 - 2014-05-17 18:49 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-05-17 18:25 - 2014-05-17 18:25 - 00000000 __SHD () C:\Users\User\AppData\Local\EmieUserList
2014-05-17 18:25 - 2014-05-17 18:25 - 00000000 __SHD () C:\Users\User\AppData\Local\EmieSiteList
2014-05-17 18:24 - 2010-06-09 13:59 - 00001421 _____ () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-05-17 18:21 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-05-17 18:20 - 2014-05-17 18:14 - 00010923 _____ () C:\Windows\IE11_main.log
2014-05-17 18:17 - 2014-05-17 18:17 - 23549440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 17387008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-17 18:17 - 2014-05-17 18:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-17 18:17 - 2014-05-17 18:17 - 02260480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-05-17 18:17 - 2014-05-17 18:17 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-05-17 18:17 - 2014-05-17 18:17 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-05-17 18:17 - 2014-05-17 18:17 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2014-05-17 18:17 - 2014-05-17 18:17 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-05-17 18:17 - 2014-05-17 18:17 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-05-17 18:17 - 2014-05-17 18:17 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-05-17 18:17 - 2014-05-17 18:17 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-05-17 18:17 - 2014-05-17 18:17 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-05-17 18:17 - 2014-05-17 18:17 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2014-05-17 18:17 - 2014-05-17 18:17 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-05-17 18:17 - 2014-05-17 18:17 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2014-05-17 18:17 - 2014-05-17 18:17 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-05-17 18:17 - 2014-05-17 18:17 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-05-17 18:17 - 2014-05-17 18:17 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-05-17 18:17 - 2014-05-17 18:17 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2014-05-17 18:17 - 2014-05-17 18:17 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-05-17 18:17 - 2014-05-17 18:17 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-05-17 18:17 - 2014-05-17 18:17 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2014-05-17 18:17 - 2014-05-17 18:17 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-05-17 18:17 - 2014-05-17 18:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2014-05-17 18:17 - 2014-05-17 18:17 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2014-05-17 18:17 - 2014-05-17 18:17 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-05-17 18:17 - 2014-05-17 18:17 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-05-17 18:17 - 2014-05-17 18:17 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-05-17 18:17 - 2014-05-17 18:17 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-05-17 18:17 - 2014-05-17 18:17 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-05-17 18:16 - 2014-05-17 18:16 - 05549504 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-17 18:16 - 2014-05-17 18:16 - 03969472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-05-17 18:16 - 2014-05-17 18:16 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-05-17 18:16 - 2014-05-17 18:16 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-05-17 18:16 - 2014-05-17 18:16 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2014-05-17 18:16 - 2014-05-17 18:16 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2014-05-17 18:16 - 2014-05-17 18:16 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2014-05-17 18:16 - 2014-05-17 18:16 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2014-05-17 18:16 - 2014-05-17 18:16 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2014-05-17 18:16 - 2014-05-17 18:16 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2014-05-17 18:16 - 2014-05-17 18:16 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-05-17 18:16 - 2014-05-17 18:16 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2014-05-17 18:16 - 2014-05-17 18:16 - 00288088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-05-17 18:16 - 2014-05-17 18:16 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-05-17 18:16 - 2014-05-17 18:16 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2014-05-17 18:16 - 2014-05-17 18:16 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2014-05-17 18:16 - 2014-05-17 18:16 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2014-05-17 18:16 - 2014-05-17 18:16 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2014-05-17 18:16 - 2014-05-17 18:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-05-17 18:16 - 2014-05-17 18:16 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-05-17 18:16 - 2014-05-17 18:16 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-05-17 18:16 - 2014-05-17 18:16 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2014-05-17 18:16 - 2014-05-17 18:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-05-17 18:16 - 2014-05-17 18:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-05-17 18:15 - 2014-05-17 18:15 - 01887232 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
2014-05-17 18:15 - 2014-05-17 18:15 - 01505280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2014-05-17 18:12 - 2012-04-03 13:54 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-17 18:12 - 2011-05-18 10:54 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-17 18:10 - 2010-06-10 22:28 - 00000000 ____D () C:\Users\User\AppData\Roaming\uTorrent
2014-05-17 15:02 - 2013-02-17 07:00 - 00001064 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1947255758-76080904-1852359020-1002Core.job
2014-05-17 00:42 - 2014-05-17 00:41 - 00000000 ____D () C:\Users\User\AppData\Local\Eptjtion
2014-05-14 20:36 - 2011-09-11 02:17 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-05-11 18:49 - 2013-01-05 23:32 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-11 17:31 - 2014-05-11 17:31 - 00000000 ____D () C:\Users\User\Desktop\La Sera - Hour of the Dawn (2014)
2014-05-11 16:41 - 2013-03-07 23:31 - 00000726 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-05-11 16:40 - 2014-05-11 16:40 - 00283144 _____ (Mozilla) C:\Users\User\Downloads\Firefox Setup Stub 29.0.1.exe
2014-05-10 01:33 - 2013-05-29 13:10 - 00000000 ____D () C:\Users\User\AppData\Roaming\Dropbox
2014-05-09 14:57 - 2013-02-17 07:00 - 00004084 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1947255758-76080904-1852359020-1002UA
2014-05-09 14:57 - 2013-02-17 07:00 - 00003688 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1947255758-76080904-1852359020-1002Core
2014-05-08 13:08 - 2013-10-27 22:45 - 00000000 ____D () C:\Users\User\AppData\Roaming\mIRC
2014-05-04 12:36 - 2014-05-03 19:59 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-05-03 02:34 - 2010-06-13 22:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Soldat
2014-04-26 21:15 - 2014-04-26 20:58 - 161670431 _____ () C:\Users\User\Desktop\2013-06-18 Suhm Wissen.mp4
2014-04-26 21:14 - 2014-04-26 20:58 - 158733084 _____ () C:\Users\User\Desktop\2013-04-30 Voland_WEG_Darwin meets Kant.mp4
2014-04-22 00:43 - 2010-06-11 15:04 - 00000000 ____D () C:\Users\User\AppData\Roaming\vlc
2014-04-21 13:24 - 2013-10-16 13:34 - 00000000 ____D () C:\ProgramData\Oracle
2014-04-21 13:14 - 2014-04-21 13:14 - 00004253 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_55-b14.log
2014-04-21 13:14 - 2010-06-13 17:03 - 00000000 ____D () C:\Program Files (x86)\Java
Some content of TEMP:
====================
C:\Users\User\AppData\Local\Temp\7z920.exe
C:\Users\User\AppData\Local\Temp\ApnIC.dll
C:\Users\User\AppData\Local\Temp\ApnStub.exe
C:\Users\User\AppData\Local\Temp\ApnToolbarInstaller.exe
C:\Users\User\AppData\Local\Temp\AskSLib.dll
C:\Users\User\AppData\Local\Temp\avgnt.exe
C:\Users\User\AppData\Local\Temp\bi_cleaner.exe
C:\Users\User\AppData\Local\Temp\DivXSetup.exe
C:\Users\User\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exe
C:\Users\User\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe
C:\Users\User\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe
C:\Users\User\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\User\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\User\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\User\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\User\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\User\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\User\AppData\Local\Temp\jre-7u9-windows-i586-iftw.exe
C:\Users\User\AppData\Local\Temp\Last.fm-2.1.30.exe
C:\Users\User\AppData\Local\Temp\mirc732.exe
C:\Users\User\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\User\AppData\Local\Temp\nvStInst.exe
C:\Users\User\AppData\Local\Temp\Quarantine.exe
C:\Users\User\AppData\Local\Temp\utt3C7B.tmp.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-05-09 18:53
==================== End Of Log ============================
|
|
18.05.2014, 01:44
| #3 |
| | Win7: Online-Banking, Verdacht auf Tatanga Trojaner OTL
__________________Code:
ATTFilter OTL logfile created on: 18.05.2014 00:49:15 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\User\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.11.9600.17041) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 1,96 Gb Available Physical Memory | 48,97% Memory free 14,00 Gb Paging File | 11,52 Gb Available in Paging File | 82,31% Paging File free Paging file location(s): c:\pagefile.sys 0 0d:\pagefile.sys 6144 6144 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 48,83 Gb Total Space | 5,90 Gb Free Space | 12,08% Space Free | Partition Type: NTFS Drive D: | 231,10 Gb Total Space | 45,77 Gb Free Space | 19,81% Space Free | Partition Type: NTFS Drive G: | 1863,01 Gb Total Space | 49,00 Gb Free Space | 2,63% Space Free | Partition Type: NTFS Drive J: | 185,49 Gb Total Space | 0,69 Gb Free Space | 0,37% Space Free | Partition Type: NTFS Computer Name: USER-PC | User Name: User | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - File not found PRC - C:\Users\User\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - D:\Programme\VPN\cvpnd.exe (Cisco Systems, Inc.) PRC - C:\Windows\SysWOW64\regsvr32.exe (Microsoft Corporation) ========== Modules (No Company Name) ========== MOD - C:\Users\User\AppData\Local\Eptjtion\AcAxDbTLBres.dll () MOD - C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf () ========== Services (SafeList) ========== SRV:64bit: - (IEEtwCollectorService) -- C:\Windows\SysNative\IEEtwCollector.exe (Microsoft Corporation) SRV:64bit: - (Crypkey License) -- C:\Windows\SysNative\Crypserv.exe (CrypKey (Canada) Ltd.) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (NisSrv) -- C:\Programme\Microsoft Security Client\NisSrv.exe (Microsoft Corporation) SRV - (MsMpSvc) -- C:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (CVPND) -- D:\Programme\VPN\cvpnd.exe (Cisco Systems, Inc.) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation) SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (CVPNDRVA) -- C:\Windows\SysNative\drivers\CVPNDRVA.sys () DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (acedrv11) -- C:\Windows\SysNative\drivers\acedrv11.sys (Protect Software GmbH) DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys () DRV:64bit: - (pwdrvio) -- C:\Windows\SysNative\pwdrvio.sys () DRV:64bit: - (pwdspio) -- C:\Windows\SysNative\pwdspio.sys () DRV:64bit: - (CVirtA) -- C:\Windows\SysNative\drivers\CVirtA64.sys (Cisco Systems, Inc.) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (L1E) -- C:\Windows\SysNative\drivers\L1E62x64.sys (Atheros Communications, Inc.) DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\drivers\nvm62x64.sys (NVIDIA Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys () DRV:64bit: - (NVNET) -- C:\Windows\SysNative\drivers\nvmf6264.sys (NVIDIA Corporation) DRV:64bit: - (DNE) -- C:\Windows\SysNative\drivers\dne64x.sys (Deterministic Networks, Inc.) DRV:64bit: - (NetworkX) -- C:\Windows\SysNative\Ckldrv.sys () DRV:64bit: - (LVUSBS64) -- C:\Windows\SysNative\drivers\LVUSBS64.sys (Logitech Inc.) DRV:64bit: - (PID_PEPI) -- C:\Windows\SysNative\drivers\LV302V64.SYS (Logitech Inc.) DRV:64bit: - (lvpepf64) -- C:\Windows\SysNative\drivers\lv302a64.sys (Logitech Inc.) DRV - (pbfilter) -- D:\Programme\PeerBlock\PeerBlock\pbfilter.sys () DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\User\Desktop IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.gmx.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E0 81 4D C5 AB 08 CB 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {3EFFE33F-8F6C-41F2-872F-DF0C602DD436} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR IE - HKCU\..\SearchScopes\{3EFFE33F-8F6C-41F2-872F-DF0C602DD436}: "URL" = hxxp://www.google.de/search?q={searchTerms} IE - HKCU\..\SearchScopes\{85725DBC-135C-49B5-A699-7C3871A0434B}: "URL" = hxxp://de.wikipedia.org/w/index.php?title=Spezial:Suche&search={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = proxy.uni-greifswald.de:8080 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "www.gmx.de" FF - prefs.js..extensions.enabledAddons: ich%40maltegoetz.de:1.5.5 FF - prefs.js..extensions.enabledAddons: %7B2541D29A-DB9E-4c1e-949A-31EFB4AEF4E7%7D:1.5.5 FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.22 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:29.0.1 FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6 FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.7 FF - prefs.js..extensions.enabledItems: {DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}:1.1 FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.10 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: fdm_ffext@freedownloadmanager.org:1.3.4 FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.2 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}:6.0.33 FF - prefs.js..network.proxy.backup.ftp: "" FF - prefs.js..network.proxy.backup.ftp_port: 0 FF - prefs.js..network.proxy.backup.gopher: "" FF - prefs.js..network.proxy.backup.gopher_port: 0 FF - prefs.js..network.proxy.backup.socks: "" FF - prefs.js..network.proxy.backup.socks_port: 0 FF - prefs.js..network.proxy.backup.ssl: "" FF - prefs.js..network.proxy.backup.ssl_port: 0 FF - prefs.js..network.proxy.ftp: "proxy.uni-greifswald.de" FF - prefs.js..network.proxy.ftp_port: 8080 FF - prefs.js..network.proxy.gopher: "proxy.uni-greifswald.de" FF - prefs.js..network.proxy.gopher_port: 8080 FF - prefs.js..network.proxy.http: "proxy.uni-greifswald.de" FF - prefs.js..network.proxy.http_port: 8080 FF - prefs.js..network.proxy.share_proxy_settings: true FF - prefs.js..network.proxy.socks: "proxy.uni-greifswald.de" FF - prefs.js..network.proxy.socks_port: 8080 FF - prefs.js..network.proxy.ssl: "proxy.uni-greifswald.de" FF - prefs.js..network.proxy.ssl_port: 8080 FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.55.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.55.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3508.0205: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Program Files (x86)\TVUPlayer\npTVUAx.dll File not found FF - HKLM\Software\MozillaPlugins\@protectdisc.com/NPPDLicenseHelper: C:\Program Files (x86)\ProtectDisc\License Helper\NPPDLicenseHelper.dll () FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.609: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.609: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.609: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.609: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\User\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\User\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Components: D:\Programme\Firefox\components [2014.05.05 16:28:51 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Plugins: D:\Programme\Firefox\plugins [2014.05.14 20:36:19 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.26 23:51:14 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014.05.14 20:36:19 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.5.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2014.05.03 19:59:27 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.5.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 24.5.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2014.05.03 19:59:27 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 24.5.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2010.10.16 21:08:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Extensions [2014.05.17 00:41:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\4btqyr9v.default\extensions [2013.12.07 19:58:40 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\4btqyr9v.default\extensions\{2541D29A-DB9E-4c1e-949A-31EFB4AEF4E7} [2014.05.17 00:41:54 | 000,000,000 | ---D | M] (Basic Slideshow Theme) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\4btqyr9v.default\extensions\{7AEEB28A-EA4E-C605-89D8-027734C5C0AA} [2014.05.05 23:08:16 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\4btqyr9v.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2011.01.02 22:42:47 | 000,000,000 | ---D | M] (flashget3 Extension) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\4btqyr9v.default\extensions\{DB9127A2-3381-41ec-82B3-1B6ED4C6F29A} [2014.01.28 02:46:27 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\4btqyr9v.default\extensions\ich@maltegoetz.de [2014.05.05 16:07:39 | 000,000,000 | ---D | M] (YouTube Unblocker) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\4btqyr9v.default\extensions\youtubeunblocker@unblocker.yt [2014.03.18 05:06:36 | 000,383,888 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\4btqyr9v.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2013.11.14 21:55:02 | 000,202,703 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\4btqyr9v.default\extensions\{1a796508-0ef4-4a59-afee-c762898d2b6e}.xpi [2013.11.11 05:26:05 | 000,022,189 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\4btqyr9v.default\extensions\{a8630f62-3269-4ea7-981b-78e22f908985}.xpi [2014.05.05 16:07:41 | 000,731,942 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\4btqyr9v.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2014.03.18 05:06:36 | 000,287,566 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\4btqyr9v.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2010.03.24 11:38:12 | 000,057,418 | ---- | M] (flashget) (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\4btqyr9v.default\extensions\{DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}\components\FlashGetXPI.dll [2008.10.17 11:03:56 | 000,000,205 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\4btqyr9v.default\extensions\{DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}\components\IFlashgetXpi.xpt [2010.08.16 00:44:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2010.06.13 17:04:03 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.08.16 00:44:03 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2008.02.22 17:24:06 | 000,095,832 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\NPPDLicenseHelper.dll [2010.01.12 22:03:50 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2010.01.16 03:15:29 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.01.16 03:15:29 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2010.01.16 03:15:29 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2010.01.16 03:15:29 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2010.01.16 03:15:29 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter}, CHR - plugin: First user (Enabled) = D:\Programme\Picasa\Picasa3\npPicasa3.dll CHR - plugin: Error reading preferences file CHR - Extension: Basic Slideshow Theme = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla\6.0.2\ CHR - Extension: Google Docs = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\ CHR - Extension: Google Drive = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\ CHR - Extension: YouTube = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\ CHR - Extension: Google Search = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\ CHR - Extension: Google Wallet = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\ CHR - Extension: Gmail = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [Skytel] C:\Programme\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.) O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe File not found O4 - HKCU..\Run: [Eptjtion] C:\Windows\SysWow64\regsvr32.exe (Microsoft Corporation) O4 - HKCU..\Run: [yaeldet] C:\Windows\SysWow64\regsvr32.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O8:64bit: - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: 使用快车3下载 - C:\Users\User\AppData\Roaming\FlashGetBHO\GetUrl.htm () O8:64bit: - Extra context menu item: 使用快车3下载全部链接 - C:\Users\User\AppData\Roaming\FlashGetBHO\GetAllUrl.htm () O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: 使用快车3下载 - C:\Users\User\AppData\Roaming\FlashGetBHO\GetUrl.htm () O8 - Extra context menu item: 使用快车3下载全部链接 - C:\Users\User\AppData\Roaming\FlashGetBHO\GetAllUrl.htm () O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - D:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - D:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object) O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.7.cab (DLM Control) O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} hxxp://uploadserver.info/premium/mirror2/uploader/ImageUploader5.cab (Image Uploader Control) O16 - DPF: {8FEFF364-6A5F-4966-A917-A3AC28411659} hxxp://download.sopcast.com/download/SOPCORE.CAB (Reg Error: Key error.) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O16 - DPF: {E4CF4E86-D0DC-4864-8F0E-4F6EA2526334} hxxp://img.ui-portal.de/webde/smartdrive/activex/gmxnet_osupload_2002.cab (UI File Upload Control) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 83.169.185.161 83.169.185.225 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{12362E1A-8D07-471B-B4C2-CDB778191330}: DhcpNameServer = 83.169.185.161 83.169.185.225 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{202FA234-ED96-4911-8C38-CAB428F25663}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{52BEC2AC-6020-4B84-A852-664529CA3477}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010.08.27 13:57:40 | 000,000,000 | RH-D | M] - G:\autorun -- [ NTFS ] O32 - Unable to obtain root file information for disk G:\ O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2014.05.18 00:48:21 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe [2014.05.17 21:11:07 | 000,119,512 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys [2014.05.17 21:10:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware [2014.05.17 21:10:47 | 000,088,280 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys [2014.05.17 21:10:47 | 000,063,192 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys [2014.05.17 21:10:47 | 000,025,816 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2014.05.17 21:10:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ Malwarebytes Anti-Malware [2014.05.17 21:10:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2014.05.17 18:54:58 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Avira [2014.05.17 18:49:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2014.05.17 18:49:34 | 000,028,600 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys [2014.05.17 18:49:33 | 000,131,576 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2014.05.17 18:49:33 | 000,108,440 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys [2014.05.17 18:49:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2014.05.17 18:49:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira [2014.05.17 18:41:57 | 000,536,576 | ---- | C] (SQLite Development Team) -- C:\Windows\SysWow64\sqlite3.dll [2014.05.17 18:41:30 | 000,000,000 | ---D | C] -- C:\AdwCleaner [2014.05.17 18:25:27 | 000,000,000 | -HSD | C] -- C:\Users\User\AppData\Local\EmieUserList [2014.05.17 18:25:26 | 000,000,000 | -HSD | C] -- C:\Users\User\AppData\Local\EmieSiteList [2014.05.17 18:17:45 | 000,940,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe [2014.05.17 18:17:45 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll [2014.05.17 18:17:41 | 000,645,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jsIntl.dll [2014.05.17 18:17:41 | 000,235,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll [2014.05.17 18:17:41 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe [2014.05.17 18:17:40 | 001,967,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2014.05.17 18:17:40 | 000,704,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll [2014.05.17 18:17:40 | 000,616,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat [2014.05.17 18:17:40 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2014.05.17 18:17:40 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec [2014.05.17 18:17:40 | 000,233,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2014.05.17 18:17:40 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll [2014.05.17 18:17:40 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll [2014.05.17 18:17:40 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx [2014.05.17 18:17:40 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll [2014.05.17 18:17:40 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll [2014.05.17 18:17:40 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll [2014.05.17 18:17:40 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll [2014.05.17 18:17:39 | 001,051,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll [2014.05.17 18:17:39 | 000,610,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2014.05.17 18:17:39 | 000,151,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe [2014.05.17 18:17:39 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe [2014.05.17 18:17:39 | 000,127,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll [2014.05.17 18:17:39 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll [2014.05.17 18:17:39 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2014.05.17 18:17:39 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll [2014.05.17 18:17:39 | 000,083,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll [2014.05.17 18:17:39 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2014.05.17 18:17:39 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll [2014.05.17 18:17:39 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll [2014.05.17 18:17:39 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll [2014.05.17 18:17:39 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe [2014.05.17 18:17:38 | 000,942,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jsIntl.dll [2014.05.17 18:17:38 | 000,592,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll [2014.05.17 18:17:38 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll [2014.05.17 18:17:38 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll [2014.05.17 18:17:38 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe [2014.05.17 18:17:38 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll [2014.05.17 18:17:38 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe [2014.05.17 18:17:38 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll [2014.05.17 18:17:37 | 005,784,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2014.05.17 18:17:37 | 000,752,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll [2014.05.17 18:17:37 | 000,574,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2014.05.17 18:17:37 | 000,413,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec [2014.05.17 18:17:37 | 000,131,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll [2014.05.17 18:17:37 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll [2014.05.17 18:17:37 | 000,090,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe [2014.05.17 18:17:37 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx [2014.05.17 18:17:37 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll [2014.05.17 18:17:37 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll [2014.05.17 18:17:37 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe [2014.05.17 18:17:36 | 002,043,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2014.05.17 18:17:36 | 001,228,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll [2014.05.17 18:17:36 | 000,846,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll [2014.05.17 18:17:36 | 000,628,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2014.05.17 18:17:36 | 000,616,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat [2014.05.17 18:17:36 | 000,586,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe [2014.05.17 18:17:36 | 000,548,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2014.05.17 18:17:36 | 000,453,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll [2014.05.17 18:17:36 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll [2014.05.17 18:17:36 | 000,235,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2014.05.17 18:17:36 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe [2014.05.17 18:17:36 | 000,147,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll [2014.05.17 18:17:36 | 000,143,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe [2014.05.17 18:17:36 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2014.05.17 18:17:36 | 000,101,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll [2014.05.17 18:17:36 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2014.05.17 18:17:36 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll [2014.05.17 18:17:36 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll [2014.05.17 18:17:36 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll [2014.05.17 18:17:36 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll [2014.05.17 18:17:36 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll [2014.05.17 18:17:35 | 000,774,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2014.05.17 18:17:35 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll [2014.05.17 18:17:35 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe [2014.05.17 18:17:35 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll [2014.05.17 18:17:35 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll [2014.05.17 18:17:35 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll [2014.05.17 18:17:35 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe [2014.05.17 18:17:35 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll [2014.05.17 18:16:34 | 005,549,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2014.05.17 18:16:34 | 001,732,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll [2014.05.17 18:16:34 | 000,878,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\advapi32.dll [2014.05.17 18:16:34 | 000,859,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdh.dll [2014.05.17 18:16:34 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll [2014.05.17 18:16:34 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll [2014.05.17 18:16:34 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe [2014.05.17 18:16:34 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll [2014.05.17 18:16:34 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll [2014.05.17 18:16:33 | 003,969,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2014.05.17 18:16:33 | 003,914,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2014.05.17 18:16:33 | 000,619,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdh.dll [2014.05.17 18:16:33 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe [2014.05.17 18:16:33 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll [2014.05.17 18:16:33 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe [2014.05.17 18:16:33 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll [2014.05.17 18:16:33 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe [2014.05.17 18:16:11 | 000,288,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS [2014.05.17 18:15:59 | 001,887,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll [2014.05.17 18:15:59 | 001,505,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll [2014.05.17 00:41:54 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Eptjtion [2014.05.15 22:41:04 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\Mary Onettes, The - Portico [2014.05.11 17:31:33 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\La Sera - Hour of the Dawn (2014) [2014.05.03 19:59:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird [2014.04.21 20:40:05 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\PDF Password Remover Output [2014.04.21 13:14:39 | 000,264,616 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2014.04.21 13:14:34 | 000,175,528 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2014.04.21 13:14:34 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2014.04.21 13:14:34 | 000,096,168 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll ========== Files - Modified Within 30 Days ========== [2014.05.18 00:48:26 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe [2014.05.18 00:02:01 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1947255758-76080904-1852359020-1002UA.job [2014.05.17 23:22:00 | 000,000,386 | ---- | M] () -- C:\Windows\tasks\update-S-1-5-21-1947255758-76080904-1852359020-1002.job [2014.05.17 22:31:43 | 000,026,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2014.05.17 22:31:43 | 000,026,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2014.05.17 22:28:10 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2014.05.17 22:28:10 | 000,654,150 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2014.05.17 22:28:10 | 000,616,032 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2014.05.17 22:28:10 | 000,130,022 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2014.05.17 22:28:10 | 000,106,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2014.05.17 22:23:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2014.05.17 22:23:30 | 3220,824,064 | -HS- | M] () -- C:\hiberfil.sys [2014.05.17 21:56:05 | 000,000,386 | ---- | M] () -- C:\Windows\tasks\update-sys.job [2014.05.17 21:11:24 | 000,119,512 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys [2014.05.17 18:42:30 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys [2014.05.17 18:42:29 | 000,131,576 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2014.05.17 18:42:28 | 000,108,440 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys [2014.05.17 18:35:39 | 000,129,422 | ---- | M] () -- C:\Users\User\Desktop\18.30, 17.5.2014.jpg [2014.05.17 18:17:45 | 000,940,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe [2014.05.17 18:17:45 | 000,194,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll [2014.05.17 18:17:41 | 000,645,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jsIntl.dll [2014.05.17 18:17:41 | 000,235,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll [2014.05.17 18:17:41 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe [2014.05.17 18:17:40 | 001,967,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2014.05.17 18:17:40 | 000,704,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll [2014.05.17 18:17:40 | 000,616,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat [2014.05.17 18:17:40 | 000,440,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2014.05.17 18:17:40 | 000,337,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec [2014.05.17 18:17:40 | 000,233,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2014.05.17 18:17:40 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll [2014.05.17 18:17:40 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll [2014.05.17 18:17:40 | 000,062,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx [2014.05.17 18:17:40 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll [2014.05.17 18:17:40 | 000,032,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll [2014.05.17 18:17:40 | 000,032,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll [2014.05.17 18:17:40 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll [2014.05.17 18:17:40 | 000,016,284 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf [2014.05.17 18:17:39 | 001,051,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll [2014.05.17 18:17:39 | 000,610,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2014.05.17 18:17:39 | 000,151,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe [2014.05.17 18:17:39 | 000,139,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe [2014.05.17 18:17:39 | 000,127,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll [2014.05.17 18:17:39 | 000,116,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll [2014.05.17 18:17:39 | 000,112,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2014.05.17 18:17:39 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll [2014.05.17 18:17:39 | 000,083,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll [2014.05.17 18:17:39 | 000,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2014.05.17 18:17:39 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll [2014.05.17 18:17:39 | 000,056,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll [2014.05.17 18:17:39 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll [2014.05.17 18:17:39 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe [2014.05.17 18:17:38 | 000,942,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jsIntl.dll [2014.05.17 18:17:38 | 000,592,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll [2014.05.17 18:17:38 | 000,247,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll [2014.05.17 18:17:38 | 000,195,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll [2014.05.17 18:17:38 | 000,086,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe [2014.05.17 18:17:38 | 000,086,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll [2014.05.17 18:17:38 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe [2014.05.17 18:17:38 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll [2014.05.17 18:17:37 | 005,784,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2014.05.17 18:17:37 | 000,752,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll [2014.05.17 18:17:37 | 000,574,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2014.05.17 18:17:37 | 000,413,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec [2014.05.17 18:17:37 | 000,131,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll [2014.05.17 18:17:37 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll [2014.05.17 18:17:37 | 000,090,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe [2014.05.17 18:17:37 | 000,077,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx [2014.05.17 18:17:37 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll [2014.05.17 18:17:37 | 000,038,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll [2014.05.17 18:17:37 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe [2014.05.17 18:17:36 | 002,043,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2014.05.17 18:17:36 | 001,228,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll [2014.05.17 18:17:36 | 000,846,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll [2014.05.17 18:17:36 | 000,628,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2014.05.17 18:17:36 | 000,616,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat [2014.05.17 18:17:36 | 000,586,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe [2014.05.17 18:17:36 | 000,548,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2014.05.17 18:17:36 | 000,453,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll [2014.05.17 18:17:36 | 000,296,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll [2014.05.17 18:17:36 | 000,235,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2014.05.17 18:17:36 | 000,167,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe [2014.05.17 18:17:36 | 000,147,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll [2014.05.17 18:17:36 | 000,143,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe [2014.05.17 18:17:36 | 000,139,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2014.05.17 18:17:36 | 000,101,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll [2014.05.17 18:17:36 | 000,084,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2014.05.17 18:17:36 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll [2014.05.17 18:17:36 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll [2014.05.17 18:17:36 | 000,062,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll [2014.05.17 18:17:36 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll [2014.05.17 18:17:36 | 000,030,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll [2014.05.17 18:17:36 | 000,016,284 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf [2014.05.17 18:17:35 | 000,774,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2014.05.17 18:17:35 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll [2014.05.17 18:17:35 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe [2014.05.17 18:17:35 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll [2014.05.17 18:17:35 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll [2014.05.17 18:17:35 | 000,048,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll [2014.05.17 18:17:35 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe [2014.05.17 18:17:35 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll [2014.05.17 18:16:34 | 005,549,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2014.05.17 18:16:34 | 001,732,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll [2014.05.17 18:16:34 | 000,878,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\advapi32.dll [2014.05.17 18:16:34 | 000,859,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdh.dll [2014.05.17 18:16:34 | 000,243,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll [2014.05.17 18:16:34 | 000,215,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll [2014.05.17 18:16:34 | 000,112,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe [2014.05.17 18:16:34 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll [2014.05.17 18:16:34 | 000,006,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll [2014.05.17 18:16:33 | 003,969,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2014.05.17 18:16:33 | 003,914,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2014.05.17 18:16:33 | 000,619,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdh.dll [2014.05.17 18:16:33 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe [2014.05.17 18:16:33 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll [2014.05.17 18:16:33 | 000,007,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe [2014.05.17 18:16:33 | 000,005,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll [2014.05.17 18:16:33 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe [2014.05.17 18:16:11 | 000,288,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS [2014.05.17 18:15:59 | 001,887,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll [2014.05.17 18:15:59 | 001,505,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll [2014.05.17 18:12:18 | 000,692,400 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2014.05.17 18:12:18 | 000,070,832 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2014.05.17 15:02:00 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1947255758-76080904-1852359020-1002Core.job [2014.05.05 23:11:22 | 005,812,643 | ---- | M] () -- C:\Users\User\Desktop\uMLzkVY6HCR1.128.mp3 [2014.04.26 21:15:42 | 161,670,431 | ---- | M] () -- C:\Users\User\Desktop\2013-06-18 Suhm Wissen.mp4 [2014.04.26 21:14:42 | 158,733,084 | ---- | M] () -- C:\Users\User\Desktop\2013-04-30 Voland_WEG_Darwin meets Kant.mp4 ========== Files Created - No Company Name ========== [2014.05.17 18:35:39 | 000,129,422 | ---- | C] () -- C:\Users\User\Desktop\18.30, 17.5.2014.jpg [2014.05.17 18:17:40 | 000,016,284 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf [2014.05.17 18:17:36 | 000,016,284 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf [2014.05.05 23:10:08 | 005,812,643 | ---- | C] () -- C:\Users\User\Desktop\uMLzkVY6HCR1.128.mp3 [2014.04.28 03:08:33 | 004,270,148 | ---- | C] () -- C:\Users\User\Desktop\16.pdf [2014.04.26 20:58:31 | 158,733,084 | ---- | C] () -- C:\Users\User\Desktop\2013-04-30 Voland_WEG_Darwin meets Kant.mp4 [2014.04.26 20:58:09 | 161,670,431 | ---- | C] () -- C:\Users\User\Desktop\2013-06-18 Suhm Wissen.mp4 [2013.06.06 19:19:49 | 000,000,059 | ---- | C] () -- C:\Users\User\AppData\Local\UserProducts.xml [2013.01.20 20:48:17 | 000,000,065 | ---- | C] () -- C:\Windows\Crypkey.ini [2013.01.20 20:48:14 | 000,027,648 | R--- | C] () -- C:\Windows\Setup_ck.exe [2013.01.20 20:48:14 | 000,018,432 | ---- | C] () -- C:\Windows\Setup_ck.dll [2013.01.20 20:48:14 | 000,011,776 | ---- | C] () -- C:\Windows\Ckrfresh.exe [2013.01.20 20:48:08 | 000,178,176 | ---- | C] () -- C:\Windows\SysWow64\StellarProfile.dll [2012.04.23 02:02:47 | 000,000,837 | ---- | C] () -- C:\Users\User\AppData\Local\recently-used.xbel [2010.10.11 01:08:58 | 000,025,088 | ---- | C] () -- C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.09.27 08:18:29 | 000,000,013 | ---- | C] () -- C:\Users\User\cvdm.err [2010.06.12 22:14:26 | 000,007,602 | ---- | C] () -- C:\Users\User\AppData\Local\resmon.resmoncfg ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report > Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 17.05.2014 Scan Time: 21:32:37 Logfile: mbam.txt Administrator: Yes Version: 2.00.1.1004 Malware Database: v2014.05.17.10 Rootkit Database: v2014.03.27.01 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Chameleon: Disabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: User Scan Type: Threat Scan Result: Completed Objects Scanned: 298789 Time Elapsed: 20 min, 57 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Shuriken: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 2 Trojan.Ransom.Gend, HKU\S-1-5-21-1947255758-76080904-1852359020-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|yaeldet, regsvr32.exe "C:\ProgramData\yaeldet.dat", , [1a64aca6df9c6ccaf9ac5ab0c1406c94] Backdoor.HMCPol.Gen, HKU\S-1-5-21-1947255758-76080904-1852359020-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|HKCU, C:\Windows\system32\install\winsrv, , [b3cba9a9ccaff83ef72967defb08b64a] Registry Data: 0 (No malicious items detected) Folders: 3 PUP.Optional.Conduit.A, C:\Users\User\AppData\Local\Temp\ct3288691, , [7e009ab8b7c44de9725a4d247c8623dd], PUP.Optional.Conduit.A, C:\Users\User\AppData\Local\Temp\ct3297265, , [9fdfba98e398bf770dbfc0b1f70bc23e], PUP.Optional.Conduit.A, C:\Users\User\AppData\Local\Temp\ct3297861, , [4d31a6acf6855dd92aa24829b44ec040], Files: 15 Trojan.Ransom.Gend, C:\ProgramData\yaeldet.dat, , [1a64aca6df9c6ccaf9ac5ab0c1406c94], Trojan.Zbot, C:\Users\User\AppData\Local\Temp\pmswebprjui.exe, , [bbc355fd1467b6805eae94e8a95808f8], PUP.Optional.QuickShare.A, C:\Users\User\AppData\Local\Temp\QuickShare1.exe, , [2658b9994f2cc86e2c0565b9837d7b85], PUP.Optional.Delta.A, C:\Users\User\AppData\Local\Temp\DeltaTB.exe, , [344adb772259d75f1adaa26412efbe42], PUP.Optional.ScramblePacker.A, C:\Users\User\AppData\Local\Temp\a2zLyrics_1060-8102_v122.exe, , [3f3fa5ad502b7db941da7dfe24dd936d], PUP.Optional.Somoto.A, C:\Users\User\AppData\Local\Temp\appshat-distribution.exe, , [2a547ad81a6187afdb46879b49b7f010], PUP.Optional.MoviesToolBar.A, C:\Users\User\AppData\Local\Temp\MoviesToolbarSetup_Somoto_9_10_2013.exe, , [1f5fde7449322313a5893ce0d9286d93], PUP.Optional.Somoto.A, C:\Users\User\AppData\Local\Temp\UpdateCheckerSetup.exe, , [ed917dd5a7d4e74fb7e736d43dc47e82], Trojan.FakeMS.SVSGen, C:\Users\User\AppData\Local\Temp\Low\0499.dll, , [dca29bb7eb9079bd3408501955ac7f81], PUP.Optional.Conduit.A, C:\Users\User\AppData\Local\Temp\ct3297265\ism.exe, , [fb83232f87f42610b385809f3bc54fb1], Malware.Trace, C:\Users\User\AppData\Roaming\cglogs.dat, , [354972e02a51360048407d4fa75bb14f], PUP.Optional.Conduit.A, C:\Users\User\AppData\Local\Temp\ct3288691\chromeid.txt, , [7e009ab8b7c44de9725a4d247c8623dd], PUP.Optional.Conduit.A, C:\Users\User\AppData\Local\Temp\ct3288691\setup.ini.txt, , [7e009ab8b7c44de9725a4d247c8623dd], PUP.Optional.Conduit.A, C:\Users\User\AppData\Local\Temp\ct3297861\chromeid.txt, , [4d31a6acf6855dd92aa24829b44ec040], PUP.Optional.Conduit.A, C:\Users\User\AppData\Local\Temp\ct3297861\setup.ini.txt, , [4d31a6acf6855dd92aa24829b44ec040], Physical Sectors: 0 (No malicious items detected) (end) |
|
19.05.2014, 13:51
| #4 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Win7: Online-Banking, Verdacht auf Tatanga TrojanerZitat:
Deinstalliere Avira, wird von uns schon lange nicht mehr empfohlen. Bevor du es aber runterhaust, bitte nachschauen in den Protokollen ob es Funde hatte. Wenn ja, alle Logs dazu posten. Siehe http://www.trojaner-board.de/125889-...tml#post941534 Danach sehen wir weiter.
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
19.05.2014, 13:55
| #5 |
| | Win7: Online-Banking, Verdacht auf Tatanga Trojaner Danke für die Antwort, hier die logs von Avira. Ich deinstalliere es, wenn ich dein OK dazu bekomme. Code:
ATTFilter Exportierte Ereignisse:
17.05.2014 21:34 [System-Scanner] Malware gefunden
Die Datei 'C:\ProgramData\yaeldet.dat'
enthielt einen Virus oder unerwünschtes Programm 'TR/Crypt.ZPACK.81288'
[trojan].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '55b81744.qua'
verschoben!
17.05.2014 21:22 [System-Scanner] Malware gefunden
Die Datei 'C:\Users\User\AppData\Local\Temp\pmswebprjui.exe'
enthielt einen Virus oder unerwünschtes Programm 'TR/Crypt.Xpack.66672'
[trojan].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '540b2316.qua'
verschoben!
17.05.2014 21:20 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Users\User\AppData\Local\Temp\pmswebprjui.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.Xpack.66672' [trojan]
gefunden.
Ausgeführte Aktion: Zugriff erlauben
17.05.2014 21:20 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Users\User\AppData\Local\Temp\pmswebprjui.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.Xpack.66672' [trojan]
gefunden.
Ausgeführte Aktion: Zugriff erlauben
17.05.2014 21:20 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Users\User\AppData\Local\Temp\pmswebprjui.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.Xpack.66672' [trojan]
gefunden.
Ausgeführte Aktion: Zugriff erlauben
17.05.2014 21:20 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Users\User\AppData\Local\Temp\pmswebprjui.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.Xpack.66672' [trojan]
gefunden.
Ausgeführte Aktion: Zugriff erlauben
17.05.2014 21:20 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Users\User\AppData\Local\Temp\pmswebprjui.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.Xpack.66672' [trojan]
gefunden.
Ausgeführte Aktion: Zugriff erlauben
17.05.2014 21:20 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Users\User\AppData\Local\Temp\pmswebprjui.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.Xpack.66672' [trojan]
gefunden.
Ausgeführte Aktion: Zugriff erlauben
17.05.2014 21:20 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Users\User\AppData\Local\Temp\pmswebprjui.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.Xpack.66672' [trojan]
gefunden.
Ausgeführte Aktion: Zugriff erlauben
17.05.2014 21:20 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Users\User\AppData\Local\Temp\pmswebprjui.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.Xpack.66672' [trojan]
gefunden.
Ausgeführte Aktion: Zugriff erlauben
17.05.2014 21:20 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Users\User\AppData\Local\Temp\pmswebprjui.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.Xpack.66672' [trojan]
gefunden.
Ausgeführte Aktion: Zugriff erlauben
17.05.2014 21:20 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Users\User\AppData\Local\Temp\pmswebprjui.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.Xpack.66672' [trojan]
gefunden.
Ausgeführte Aktion: Zugriff erlauben
17.05.2014 21:20 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Users\User\AppData\Local\Temp\pmswebprjui.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.Xpack.66672' [trojan]
gefunden.
Ausgeführte Aktion: Zugriff erlauben
17.05.2014 21:20 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Users\User\AppData\Local\Temp\pmswebprjui.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.Xpack.66672' [trojan]
gefunden.
Ausgeführte Aktion: Zugriff erlauben
17.05.2014 21:20 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Users\User\AppData\Local\Temp\pmswebprjui.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.Xpack.66672' [trojan]
gefunden.
Ausgeführte Aktion: Zugriff erlauben
17.05.2014 21:20 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Users\User\AppData\Local\Temp\pmswebprjui.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.Xpack.66672' [trojan]
gefunden.
Ausgeführte Aktion: Zugriff erlauben
17.05.2014 21:20 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Users\User\AppData\Local\Temp\pmswebprjui.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.Xpack.66672' [trojan]
gefunden.
Ausgeführte Aktion: Zugriff erlauben
17.05.2014 21:20 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Users\User\AppData\Local\Temp\pmswebprjui.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.Xpack.66672' [trojan]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
17.05.2014 21:20 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Users\User\AppData\Local\Temp\pmswebprjui.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.Xpack.66672' [trojan]
gefunden.
Ausgeführte Aktion: Zugriff erlauben
17.05.2014 21:20 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Users\User\AppData\Local\Temp\pmswebprjui.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.Xpack.66672' [trojan]
gefunden.
Ausgeführte Aktion: Zugriff erlauben
17.05.2014 21:20 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Users\User\AppData\Local\Temp\pmswebprjui.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.Xpack.66672' [trojan]
gefunden.
Ausgeführte Aktion: Zugriff erlauben
17.05.2014 21:20 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Users\User\AppData\Local\Temp\pmswebprjui.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.Xpack.66672' [trojan]
gefunden.
Ausgeführte Aktion: Zugriff erlauben
17.05.2014 18:57 [System-Scanner] Malware gefunden
Die Datei 'C:\ProgramData\yaeldet.dat'
enthielt einen Virus oder unerwünschtes Programm 'TR/Crypt.ZPACK.81288'
[trojan].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '56043b9e.qua'
verschoben!
|
|
19.05.2014, 14:09
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Win7: Online-Banking, Verdacht auf Tatanga Trojaner Jup, kannste nun runterkloppen. Starte Windows neu wenn es deinstalliert wurde und gib dann Bescheid.
__________________ --> Win7: Online-Banking, Verdacht auf Tatanga Trojaner |
|
19.05.2014, 14:33
| #7 |
| | Win7: Online-Banking, Verdacht auf Tatanga Trojaner Ok, ist runter. |
|
19.05.2014, 14:36
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Win7: Online-Banking, Verdacht auf Tatanga Trojaner Dann bitte jetzt Combofix ausführen: Scan mit Combofix
__________________ Logfiles bitte immer in CODE-Tags posten |
|
19.05.2014, 16:19
| #9 |
| | Win7: Online-Banking, Verdacht auf Tatanga Trojaner Ich bekomme Microsoft Security Essentials leider nicht ausgeschaltet, kannst du mir da Tipps geben? Selbst deinstallieren kann ich es nicht, das lässt Windows nicht zu. Ich habe es aus dem Systemstart genommen, es wird jedoch trotzdem geladen. MsMpSvc lässt sich über den Taskmanager auch nicht deaktivieren. Und während MSE läuft, soll Combofix ja nicht genutzt werden. |
|
20.05.2014, 00:15
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Win7: Online-Banking, Verdacht auf Tatanga Trojaner Dann mach einfach mal so mit CF weiter...
__________________ Logfiles bitte immer in CODE-Tags posten |
WARNUNG an die MITLESER: 
Linear-Darstellung
