Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Bank hat Online-Banking gesperrt wegen Verdacht von Trojaner

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Alt 05.06.2014, 19:56   #1
Sonne1801
 
Bank hat Online-Banking gesperrt wegen Verdacht von Trojaner - Ausrufezeichen

Bank hat Online-Banking gesperrt wegen Verdacht von Trojaner



Beim Einloggen zum Online-Banking der Sparkasse erhielt ich die Mitteilung, dass der Zugang gesperrt wurde. Am selben Tag kam noch Post von der Sparkasse, dass die Onlinebanking-Zugangsdaten auf einem von Trojanern genutzem Pishing-Server gefunden wurden und deshalb die Zugangsdaten durch die Sparkasse gesperrt wurden. Bisher ist mir nur aufgefallen, dass ich nicht mehr aus dem Internet Explorer heraus drucken kann, bei den Downloads dauerte die Sicherheitsüberprüfung extrem lange und der PC war zudem sehr langsam. Sonstige Unregelmäßigkeiten konnte ich jedoch nicht feststellen.

Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:02-06-2014
Ran by Sonja (administrator) on SONJA-PC on 05-06-2014 20:12:23
Running from C:\Users\Sonja\Downloads
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\WINDOWS\System32\nvvsvc.exe
(Microsoft Corporation) C:\WINDOWS\System32\SLsvc.exe
(Cherished Technololgy LIMITED) C:\ProgramData\IePluginService\PluginService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
() C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
(Hewlett-Packard Company) C:\Program Files\HP\Common\HPSupportSolutionsFrameworkService.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
() C:\Program Files\SoftwareUpdater\UpdaterService.exe
(TomTom) C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
() C:\Program Files\003\vxlsnyaiet32.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
() C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe
(Ask) C:\Program Files\Ask.com\Updater\Updater.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
(TomTom) C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
() C:\Program Files\SoftwareUpdater\AppsUpdater.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
(Microsoft Corporation) C:\WINDOWS\System32\conime.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-19] (Microsoft Corporation)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [ApnUpdater] => C:\Program Files\Ask.com\Updater\Updater.exe [1573584 2012-10-29] (Ask)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [737872 2014-06-04] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1045800 2008-03-28] (Synaptics, Inc.)
HKLM\...\Run: [QlbCtrl.exe] => C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [323640 2009-11-24] ( Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [NvCplDaemon] => C:\Windows\system32\NvCpl.dll [13601312 2009-06-24] (NVIDIA Corporation)
HKLM\...\Run: [NvMediaCenter] => C:\Windows\system32\NvMcTray.dll [92704 2009-06-24] (NVIDIA Corporation)
HKLM\...\Run: [hpWirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [472776 2007-03-01] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [WAWifiMessage] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe [317128 2007-01-10] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [mobilegeni daemon] => C:\Program Files\Mobogenie\DaemonProcess.exe
HKLM\...\RunOnce: [Launcher] - %WINDIR%\SMINST\launcher.exe [44128 2006-11-08] (soft thinks)
HKLM Group Policy restriction on software: C:\Program Files\Avira <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Kaspersky Lab <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Common Files\Symantec Shared <====== ATTENTION
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-3630345418-880999805-3251746199-1000\...\Run: [ISUSPM Startup] => C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
HKU\S-1-5-21-3630345418-880999805-3251746199-1000\...\Run: [TomTomHOME.exe] => C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe [247768 2012-08-28] (TomTom)
HKU\S-1-5-21-3630345418-880999805-3251746199-1000\...\Run: [svñhîst] => %USERPROFILE%\AppData\Local\Temp\wpbt0.dll <===== ATTENTION
HKU\S-1-5-21-3630345418-880999805-3251746199-1000\...\Run: [utyakwd] => regsvr32.exe "C:\ProgramData\utyakwd.dat"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.qone8.com/web/?type=ds&ts=1398932053&from=adks&uid=395049983_266114_D821E438&q={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.qone8.com/?type=hp&ts=1398932053&from=adks&uid=395049983_266114_D821E438
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://start.qone8.com/?type=hp&ts=1398932053&from=adks&uid=395049983_266114_D821E438
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.qone8.com/web/?type=ds&ts=1398932053&from=adks&uid=395049983_266114_D821E438&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.qone8.com/web/?type=ds&ts=1398932053&from=adks&uid=395049983_266114_D821E438&q={searchTerms}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://start.qone8.com/?type=sc&ts=1398932053&from=adks&uid=395049983_266114_D821E438
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.qone8.com/web/?type=ds&ts=1398932053&from=adks&uid=395049983_266114_D821E438&q={searchTerms}
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.qone8.com/web/?type=ds&ts=1398932053&from=adks&uid=395049983_266114_D821E438&q={searchTerms}
SearchScopes: HKLM - {56256A51-B582-467e-B8D4-7786EDA79AE0} URL = hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=RGxdm204YYDE&ptb=gzHzwjRMwEaBmECfkO2gSg&ind=2010121210&ptnrS=RGxdm204YYDE&si=2845&n=77d003fa&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKLM - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2431245
SearchScopes: HKLM - {FD524BA7-ACF0-49FE-9360-E6BCCDCC5412} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06
SearchScopes: HKCU - DefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www.delta-search.com/?q={searchTerms}&affID=119721&babsrc=SP_ss&mntrId=d821e438000000000000001a73467026
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www.delta-search.com/?q={searchTerms}&affID=119721&babsrc=SP_ss&mntrId=d821e438000000000000001a73467026
SearchScopes: HKCU - {56256A51-B582-467e-B8D4-7786EDA79AE0} URL = hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=RGxdm204YYDE&ptb=gzHzwjRMwEaBmECfkO2gSg&ind=2010121210&ptnrS=RGxdm204YYDE&si=2845&n=77d003fa&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2431245
SearchScopes: HKCU - {FA62F52A-5E85-49EC-85FA-7DDDA0C3EE0D} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10261&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=^AGS&apn_dtid=^YYYYYY^YY^DE&apn_uid=a08f2769-e56e-4474-8086-1fe60438f386&apn_sauid=80E447C6-CC24-4092-9579-6D95E642EB6C
BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: IETabPage Class - {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} - C:\Program Files\SupTab\SupTab.dll (Thinknice Co. Limited)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO: Avira SearchFree Toolbar plus Web Protection - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - No Name - {07B18EA9-A523-4961-B6BB-170DE4475CCA} -  No File
Toolbar: HKLM - Avira SearchFree Toolbar plus Web Protection - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
Toolbar: HKCU - No Name - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} -  No File
Toolbar: HKCU - No Name - {30F9B915-B755-4826-820B-08FBA6BD249D} -  No File
Toolbar: HKCU - No Name - {07B18EA9-A523-4961-B6BB-170DE4475CCA} -  No File
Toolbar: HKCU - Avira SearchFree Toolbar plus Web Protection - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Winsock: Catalog9 01 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 02 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 03 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 04 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 05 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 06 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 07 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 08 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 19 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @mywebsearch.com/Plugin - C:\Program Files\MyWebSearch\bar\2.bin\NPMyWebS.dll (MyWebSearch.com)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdeploytk.dll (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\babylon.xml
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} [2009-09-26]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010-08-14]
FF HKLM\...\Firefox\Extensions: [m3ffxtbr@mywebsearch.com] - C:\Program Files\MyWebSearch\bar\2.bin
FF Extension: My Web Search - C:\Program Files\MyWebSearch\bar\2.bin [2011-04-26]
FF HKLM\...\Firefox\Extensions: [{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}] - C:\Program Files\V-bates\Firefox
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010-08-14]

========================== Services (Whitelisted) =================

S3 AddFiltr; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe [126976 2006-06-26] (Hewlett-Packard Development Company, L.P.)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [430160 2014-06-04] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [430160 2014-06-04] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [1039440 2014-06-04] (Avira Operations GmbH & Co. KG)
R2 CLCapSvc; C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe [270431 2006-11-25] ()
R2 CLSched; C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe [118877 2006-11-25] ()
R2 HP Health Check Service; C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [58984 2006-12-04] (Hewlett-Packard)
R3 hpqcxs08; C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqcxs08.dll [217088 2008-10-16] (Hewlett-Packard Co.)
S2 hpqddsvc; C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqddsvc.dll [135168 2008-03-25] (Hewlett-Packard Co.)
R2 HPSupportSolutionsFrameworkService; C:\Program Files\Hp\Common\HPSupportSolutionsFrameworkService.exe [46904 2013-12-17] (Hewlett-Packard Company)
S3 IDriverT; C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation)
R2 IePluginService; C:\ProgramData\IePluginService\PluginService.exe [705136 2014-04-11] (Cherished Technololgy LIMITED)
R2 SrvUpdater; C:\Program Files\SoftwareUpdater\UpdaterService.exe [31744 2012-12-21] ()
R2 vxlsnyaiet32; C:\Program Files\003\vxlsnyaiet32.exe [541696 2014-05-01] ()
S2 CLTNetCnService; "c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [X]
S2 MyWebSearchService; No ImagePath

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [93528 2014-06-04] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2014-06-04] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-11-25] (Avira Operations GmbH & Co. KG)
S3 HdAudAddService; C:\Windows\System32\drivers\CHDART.sys [145920 2006-11-18] (Conexant Systems Inc.)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2012-08-27] (Avira GmbH)
S3 WinPhlash; C:\SwSetup\sp48125\SWinFlash\PHLASHNT.SYS [31616 2006-09-06] ()
R1 {9edd0ea8-2819-47c2-8320-b007d5996f8a}t; C:\Windows\System32\drivers\{9edd0ea8-2819-47c2-8320-b007d5996f8a}t.sys [55224 2014-04-28] (StdLib)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
U4 eabfiltr; 
S3 HSXHWAZL; system32\DRIVERS\HSXHWAZL.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S1 kl1; system32\DRIVERS\kl1.sys [X]
S3 massfilter; system32\drivers\massfilter.sys [X]
S2 mdmxsdk; system32\DRIVERS\mdmxsdk.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 TSP; system32\DRIVERS\klif.sys [X]
S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X]
S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X]
S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-05 20:12 - 2014-06-05 20:13 - 00018385 _____ () C:\Users\Sonja\Downloads\FRST.txt
2014-06-05 20:12 - 2014-06-05 20:12 - 00000000 ___DC () C:\FRST
2014-06-05 20:11 - 2014-06-05 20:11 - 01059840 _____ (Farbar) C:\Users\Sonja\Downloads\FRST.exe
2014-06-05 20:10 - 2014-06-05 20:11 - 00000472 _____ () C:\Users\Sonja\Downloads\defogger_disable.log
2014-06-05 20:10 - 2014-06-05 20:10 - 00000000 _____ () C:\Users\Sonja\defogger_reenable
2014-06-05 20:08 - 2014-06-05 20:08 - 00050477 _____ () C:\Users\Sonja\Downloads\Defogger.exe
2014-05-16 07:32 - 2014-05-16 07:32 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-05-16 07:29 - 2014-05-06 01:32 - 12347392 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-16 07:29 - 2014-05-06 01:14 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-16 07:29 - 2014-05-06 01:14 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-14 06:43 - 2014-03-25 15:26 - 11587584 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-12 13:31 - 2014-05-12 13:31 - 00279160 _____ (Microsoft Corporation) C:\ProgramData\utyakwd.dat

==================== One Month Modified Files and Folders =======

2014-06-05 20:13 - 2014-06-05 20:12 - 00018385 _____ () C:\Users\Sonja\Downloads\FRST.txt
2014-06-05 20:13 - 2007-06-05 10:24 - 00000000 ____D () C:\Users\Sonja\AppData\Local\Temp
2014-06-05 20:12 - 2014-06-05 20:12 - 00000000 ___DC () C:\FRST
2014-06-05 20:11 - 2014-06-05 20:11 - 01059840 _____ (Farbar) C:\Users\Sonja\Downloads\FRST.exe
2014-06-05 20:11 - 2014-06-05 20:10 - 00000472 _____ () C:\Users\Sonja\Downloads\defogger_disable.log
2014-06-05 20:10 - 2014-06-05 20:10 - 00000000 _____ () C:\Users\Sonja\defogger_reenable
2014-06-05 20:10 - 2007-06-05 10:24 - 00000000 ____D () C:\Users\Sonja
2014-06-05 20:09 - 2007-06-05 20:01 - 01738059 _____ () C:\Windows\WindowsUpdate.log
2014-06-05 20:08 - 2014-06-05 20:08 - 00050477 _____ () C:\Users\Sonja\Downloads\Defogger.exe
2014-06-05 20:03 - 2014-01-11 13:05 - 00074624 _____ () C:\ProgramData\nvModes.001
2014-06-05 20:02 - 2014-05-01 10:32 - 00000282 _____ () C:\Windows\Tasks\FF Watcher {94748EF8-EB34-417D-BE4E-6D92D9D1E18E}.job
2014-06-05 20:00 - 2011-05-10 22:51 - 00241136 _____ () C:\Windows\PFRO.log
2014-06-05 20:00 - 2011-05-10 19:34 - 00000000 ____D () C:\Program Files\Trojan Remover
2014-06-05 20:00 - 2006-11-02 15:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-05 20:00 - 2006-11-02 14:47 - 00003168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-05 20:00 - 2006-11-02 14:47 - 00003168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-05 19:59 - 2006-11-02 15:01 - 00032538 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-06-05 19:38 - 2014-01-11 13:05 - 00074624 _____ () C:\ProgramData\nvModes.dat
2014-06-05 09:30 - 2010-03-30 20:02 - 00000000 ____D () C:\ProgramData\TEMP
2014-06-04 07:41 - 2012-12-18 20:02 - 00136216 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-06-04 07:41 - 2012-12-18 20:02 - 00093528 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-05-27 13:36 - 2011-02-23 21:11 - 00000000 ____D () C:\Users\Sonja\Documents\Sonja
2014-05-17 20:45 - 2011-08-04 20:32 - 00000000 ____D () C:\Users\Sonja\AppData\Local\.elfohilfe
2014-05-17 08:12 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-05-16 07:38 - 2009-01-13 19:01 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-05-16 07:37 - 2013-08-19 11:04 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-16 07:33 - 2006-11-02 12:24 - 90547776 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-05-16 07:32 - 2014-05-16 07:32 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-05-15 12:01 - 2010-04-05 13:28 - 00003300 ____C () C:\fpRedmon.log
2014-05-15 12:01 - 2010-04-05 13:28 - 00000000 ____D () C:\Users\Sonja\AppData\Local\FreePDF_XP
2014-05-13 17:56 - 2011-05-01 13:28 - 00000000 ____D () C:\Users\Sonja\EST
2014-05-12 18:21 - 2007-07-09 21:13 - 00000000 ____D () C:\Program Files\ElsterFormular
2014-05-12 13:31 - 2014-05-12 13:31 - 00279160 _____ (Microsoft Corporation) C:\ProgramData\utyakwd.dat
2014-05-06 01:32 - 2014-05-16 07:29 - 12347392 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-06 01:14 - 2014-05-16 07:29 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-06 01:14 - 2014-05-16 07:29 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

Files to move or delete:
====================
C:\ProgramData\utyakwd.dat


Some content of TEMP:
====================
C:\Users\Sonja\AppData\Local\Temp\avgnt.exe
C:\Users\Sonja\AppData\Local\Temp\BackupSetup.exe
C:\Users\Sonja\AppData\Local\Temp\nsl84A9.tmp.exe
C:\Users\Sonja\AppData\Local\Temp\sqlite3.exe
C:\Users\Sonja\AppData\Local\Temp\System.Data.SQLite.dll
C:\Users\Sonja\AppData\Local\Temp\System.Data.SQLite25314.dll
C:\Users\Sonja\AppData\Local\Temp\System.Data.SQLite99741.dll
C:\Users\Sonja\AppData\Local\Temp\uninst1.exe
C:\Users\Sonja\AppData\Local\Temp\v-bates.exe
C:\Users\Sonja\AppData\Local\Temp\_is3370.exe
C:\Users\Sonja\AppData\Local\Temp\_is3BA8.exe
C:\Users\Sonja\AppData\Local\Temp\_is4865.exe
C:\Users\Sonja\AppData\Local\Temp\_is5D3C.exe
C:\Users\Sonja\AppData\Local\Temp\_isAC74.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-06-05 20:11

==================== End Of Log ============================
         
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version:02-06-2014
Ran by Sonja at 2014-06-05 20:14:17
Running from C:\Users\Sonja\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

 Update for Microsoft Office 2007 (KB2508958) (HKLM\...\{91120000-0013-0000-0000-0000000FF1CE}_BASICR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version:  - Microsoft)
32 Bit HP CIO Components Installer (Version: 2.1.5 - Hewlett-Packard) Hidden
Adobe Flash Player 10 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 10.0.22.87 - Adobe Systems Incorporated)
Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.7.700.202 - Adobe Systems Incorporated)
Adobe Reader 8.1.3 - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-A81300000003}) (Version: 8.1.3 - Adobe Systems Incorporated)
Adobe Shockwave Player (HKLM\...\Adobe Shockwave Player) (Version: 10.3.0.24 - Adobe Systems, Inc.)
Ask Toolbar (HKLM\...\{86D4B82A-ABED-442A-BE86-96357B70F4FE}) (Version: 1.15.11.0 - Ask.com) <==== ATTENTION
ASL_HS_Installer32 (Version: 1.0.9 - Hewlett-Packard) Hidden
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.4.642 - Avira)
Avira SearchFree Toolbar plus Web Protection Updater (HKCU\...\{79A765E1-C399-405B-85AF-466F52E918B0}) (Version: 1.2.3.30498 - Ask.com) <==== ATTENTION
BPM-Studio 4 Profi (HKLM\...\BPM-Studio 4 Profi) (Version:  - )
Broadcom 802.11 Wireless LAN Adapter (HKLM\...\Broadcom 802.11b Network Adapter) (Version: 5.10.38.26 - Broadcom Corporation)
BufferChm (Version: 100.0.170.000 - Hewlett-Packard) Hidden
Conexant HD Audio (HKLM\...\CNXT_HDAUDIO) (Version:  - )
CustomerResearchQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Destination Component (Version: 100.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (Version: 110.0.180.000 - Hewlett-Packard) Hidden
DeviceManagementQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
DHTML Editing Component (HKLM\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
DocMgr (Version: 100.0.201.000 - Hewlett-Packard) Hidden
DocProc (Version: 10.0.0.0 - Hewlett-Packard) Hidden
DocProcQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
ElsterFormular (HKLM\...\ElsterFormular) (Version: 15.1.13904 - Landesfinanzdirektion Thüringen)
ElsterFormular 2006/2007 (HKLM\...\{CBBCBE04-EA5E-4201-A924-E7ED3E8686AE}) (Version: 8.1.0.0 - Steuerverwaltung des Bundes und der Länder)
ElsterFormular 2007/2008 (HKLM\...\{B480BD2A-F1BA-4FE6-8C8E-34C6111B72C9}) (Version: 9.1.0.0 - Steuerverwaltung des Bundes und der Länder)
ElsterFormular 2008/2009 (HKLM\...\{04830D0F-F980-4EC0-89F1-594F2FD2A1B5}) (Version: 10.3.1.0 - Steuerverwaltung des Bundes und der Länder)
eSupportQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
FreePDF (Remove only) (HKLM\...\FreePDF_XP) (Version:  - )
GPBaseService (Version: 100.0.187.000 - Hewlett-Packard) Hidden
GPL Ghostscript 8.71 (HKLM\...\GPL Ghostscript 8.71) (Version:  - )
Hewlett-Packard Active Check (Version: 1.1.4.0 - Hewlett-Packard) Hidden
Hewlett-Packard Asset Agent (Version: 2.0.55.0 - HP) Hidden
HP Active Support Library (Version: 1.0.21 - Hewlett-Packard) Hidden
HP Customer Participation Program 10.0 (HKLM\...\HPExtendedCapabilities) (Version: 10.0 - HP)
HP Document Manager 1.0 (HKLM\...\HP Document Manager) (Version: 1.0 - HP)
HP Easy Setup - Core (HKLM\...\{F94234DB-FD06-42C3-B88D-6FC4DC9F988C}) (Version: 1.00.0000 - Hewlett-Packard)
HP Easy Setup - Frontend (HKLM\...\{40F7AED3-0C7D-4582-99F6-484A515C73F2}) (Version: 5.00.0000 - Hewlett-Packard)
HP Imaging Device Functions 10.0 (HKLM\...\HP Imaging Device Functions) (Version: 10.0 - HP)
HP Photosmart Essential 2.01 (HKLM\...\HP Photosmart Essential) (Version: 2.01 - HP)
HP Photosmart Essential2.01 (Version: 1.01.0000 - Hewlett-Packard) Hidden
HP Quick Launch Buttons (HKLM\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.50.14.1 - Hewlett-Packard Company)
HP QuickPlay 3.0 (HKLM\...\{45D707E9-F3C4-11D9-A373-0050BAE317E1}) (Version:  - )
HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)
HP Solution Center 10.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 10.0 - HP)
HP Support Solutions Framework (HKLM\...\{23CCE784-A812-4647-AEFF-1DCCD4E57478}) (Version: 11.50.0000 - Hewlett-Packard Company)
HP Update (HKLM\...\{DDD5104F-1C44-49EB-9E6B-29EC5D27658B}) (Version: 5.002.007.004 - Hewlett-Packard)
HP User Guide 0041 (HKLM\...\{D5CEFEDA-38DF-4F94-A392-C86163CB9965}) (Version: 1.00.0008 - Ihr Firmenname)
HP Wireless Assistant (HKLM\...\{D32067CD-7409-4792-BFA0-1469BCD8F0C8}) (Version: 3.00 F1 - Hewlett-Packard)
HPDiagnosticAlert (Version: 1.00.0000 - Microsoft) Hidden
HPProductAssistant (Version: 100.0.170.000 - Hewlett-Packard) Hidden
Java(TM) 6 Update 16 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216016FF}) (Version: 6.0.160 - Sun Microsystems, Inc.)
Java(TM) 6 Update 2 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160020}) (Version: 1.6.0.20 - Sun Microsystems, Inc.)
Java(TM) SE Runtime Environment 6 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160000}) (Version: 1.6.0.0 - Sun Microsystems, Inc.)
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Lexware business office pro 2007 (Version: 7.00 - Lexware) Hidden
Lexware business office pro 2008 (Version: 8.00.00.0084 - Lexware) Hidden
Lexware business office pro Aktualisierung Februar 2008, Version 8.20 (Version: 8.20.00.0016 - Lexware) Hidden
Lexware Business office pro Aktualisierung Februar 2009, Version 9.20 (Version: 9.20.00.0024 - Lexware) Hidden
Lexware business office pro Aktualisierung Januar 2008, Version 8.10 (Version: 8.10.00.0021 - Lexware) Hidden
LightScribe  1.4.124.1 (Version: 1.4.124.1 - hxxp://www.lightscribe.com) Hidden
MarketResearch (Version: 100.0.170.000 - Hewlett-Packard) Hidden
Mesh Runtime (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft) Hidden
Microsoft .NET Framework 1.1 German Language Pack (HKLM\...\{E78BFA60-5393-4C38-82AB-E8019E464EB4}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version:  - )
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-0013-0000-0000-0000000FF1CE}_BASICR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Basic 2007 (HKLM\...\BASICR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Basic 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM\...\{95140000-007A-0407-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Outlook MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Shared MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual J# .NET Redistributable Package 1.1 (HKLM\...\{1A655D51-1423-48A3-B748-8F5A0BE294C8}) (Version: 1.1.4322 - Microsoft)
Microsoft Works (HKLM\...\{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}) (Version: 08.05.0822 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Mozilla Thunderbird (3.1.7) (HKLM\...\Mozilla Thunderbird (3.1.7)) (Version: 3.1.7 (de) - Mozilla)
MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.4 - NVIDIA Corporation)
OCR Software by I.R.I.S. 10.0 (HKLM\...\HPOCR) (Version: 10.0 - HP)
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PSSWCORE (Version: 2.01.0000 - Hewlett-Packard) Hidden
QLBCASL (Version: 6.40.17.2 - Hewlett-Packard) Hidden
RedMon - Redirection Port Monitor (HKLM\...\Redirection Port Monitor) (Version:  - )
RENESIS® Player Browser Plugins (HKLM\...\{62B7C52C-CAB6-48B1-8245-52356C141C92}) (Version: 1.1.1 - examotion® GmbH)
Roxio Creator Audio (HKLM\...\{83FFCFC7-88C6-41c6-8752-958A45325C82}) (Version: 3.3.0 - Roxio)
Roxio Creator Basic v9 (HKLM\...\{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}) (Version: 3.3.0 - Roxio)
Roxio Creator Copy (HKLM\...\{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}) (Version: 3.3.0 - Roxio)
Roxio Creator Data (HKLM\...\{0D397393-9B50-4c52-84D5-77E344289F87}) (Version: 3.3.0 - Roxio)
Roxio Creator EasyArchive (HKLM\...\{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}) (Version: 3.3.0 - Roxio)
Roxio Creator Tools (HKLM\...\{0394CDC8-FABD-4ed8-B104-03393876DFDF}) (Version: 3.3.0 - Roxio)
Roxio Express Labeler 3 (HKLM\...\{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}) (Version: 2.1.0 - Roxio)
Roxio MyDVD Basic v9 (HKLM\...\{33C65B6A-5D73-4E3E-A1F9-127C27BD3F72}) (Version: 9.0.114 - Roxio)
Samsung Printer Live Update (HKLM\...\Samsung Printer Live Update) (Version: 1.01.00:04(2013-04-22) - Samsung Electronics Co., Ltd.)
Samsung Scan Assistant (HKLM\...\Samsung Scan Assistant) (Version: 1.05.07 (20.07.2012) - Samsung Electronics Co., Ltd.)
Segoe UI (Version: 15.4.2271.0615 - Microsoft Corp) Hidden
Servicepack Datumsaktualisierung (Version: 1.00.00.0005 - Haufe-Lexware) Hidden
SmartWebPrinting (Version: 140.0.186.000 - Hewlett-Packard) Hidden
SoftwareUpdater (HKLM\...\SoftwareUpdater) (Version:  - )
SolutionCenter (Version: 100.0.175.000 - Hewlett-Packard) Hidden
Sonic Activation Module (Version: 1.0 - Sonic Solutions) Hidden
Status (Version: 110.0.180.000 - Hewlett-Packard) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 11.0.7.0 - Synaptics)
TomTom HOME (HKLM\...\{9017CEAF-BE5A-4F73-8A0E-C87E26971E55}) (Version: 2.9.2 - Ihr Firmenname)
TomTom HOME Visual Studio Merge Modules (HKLM\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
TrayApp (Version: 110.0.180.000 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-0013-0000-0000-0000000FF1CE}_BASICR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{91120000-0013-0000-0000-0000000FF1CE}_BASICR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{91120000-0013-0000-0000-0000000FF1CE}_BASICR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{91120000-0013-0000-0000-0000000FF1CE}_BASICR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM\...\{90120000-001A-0407-0000-0000000FF1CE}_BASICR_{EA54F104-79D2-48CC-9ABC-91A63C43D353}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM\...\{91120000-0013-0000-0000-0000000FF1CE}_BASICR_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2880505) 32-Bit Edition (HKLM\...\{91120000-0013-0000-0000-0000000FF1CE}_BASICR_{2720451F-5D04-43EC-AB1F-26D948FD971B}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_BASICR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM\...\{90120000-001A-0407-0000-0000000FF1CE}_BASICR_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_BASICR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
VideoToolkit01 (Version: 90.0.146.000 - Hewlett-Packard) Hidden
Windows Live Communications Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Essentials (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mail (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX control for remote connections (HKLM\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Messenger Companion Core (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
WinRAR 4.00 (32-Bit) (HKLM\...\WinRAR archiver) (Version: 4.00.0 - win.rar GmbH)

==================== Restore Points  =========================


==================== Hosts content: ==========================

2006-11-02 12:23 - 2006-09-18 23:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {12A18A08-CD69-43C1-9C90-26445111CB65} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {16EE96FF-EEFB-4722-8D9D-C82957CA03D1} - System32\Tasks\FF Watcher {94748EF8-EB34-417D-BE4E-6D92D9D1E18E} => C:\Program Files\V-bates\PrefHelper.exe
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {29DB40C4-DF1C-4BB9-9BA3-A8B2E1C3EA0A} - System32\Tasks\Microsoft\Windows\RestartManager\{DAE54BFC-0BDF-4e52-A9E8-0AF1BE3BE28F} => C:\Windows\system32\rmclient.exe [2006-11-02] (Microsoft Corporation)
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-19] (Microsoft Corporation)
Task: {4C29AA75-F4A7-47FE-9DE5-2D5FD5AD4AA3} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files\Ask.com\UpdateTask.exe [2012-10-29] () <==== ATTENTION
Task: {6635AD3B-DA42-4324-87BB-D58F45C726A5} - System32\Tasks\Hewlett-Packard-Online-Aktualisierungsprogramm => C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2006-12-04] (Hewlett-Packard)
Task: {8F6EBC33-B779-4643-8448-1C4CDE96A393} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {A4918493-EF5D-42BE-81E9-DCC0D9D68A93} - System32\Tasks\APSnotifierPP3 => C:\Program Files\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {A7D784AB-EAEC-467D-BEE0-1D69AD76A2EA} - System32\Tasks\Lexware-Online-Aktualisierungsprogramm => C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe [2008-11-03] (Lexware GmbH & Co. KG)
Task: {D1CD1915-CD34-41DA-B98F-F20D2FB57E79} - System32\Tasks\HP-Online-Aktualisierungsprogramm => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [2011-01-12] (Hewlett-Packard)
Task: {D3ABB18C-61D6-41C8-92BF-AD9976C5618F} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Sonja => C:\Program Files\Windows Calendar\WinCal.exe [2009-04-11] (Microsoft Corporation)
Task: {DA8DC243-8B51-4CE0-9E6D-8D3E204CFAE6} - System32\Tasks\APSnotifierPP2 => C:\Program Files\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-05] ()
Task: {EC3FB6EA-5415-48D9-9B85-DEDAB010ED24} - System32\Tasks\HP Health Check => C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2006-12-04] (Hewlett-Packard)
Task: {F4065F46-CCC2-419E-BF3C-D106F608F04A} - System32\Tasks\APSnotifierPP1 => C:\Program Files\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {F5AB1F0D-9A42-4872-BF87-A1FD9FF6E40D} - System32\Tasks\Sun Microsystems-Online-Aktualisierungsprogramm => C:\Program Files\Java\jre6\bin\jusched.exe [2009-09-26] (Sun Microsystems, Inc.)
Task: {FFCF8DCF-6CF0-41BE-9BFB-7C3759BF6162} - System32\Tasks\InstallShield Software-Online-Aktualisierungsprogramm => C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
Task: C:\Windows\Tasks\APSnotifierPP1.job => C:\Program Files\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP2.job => C:\Program Files\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP3.job => C:\Program Files\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\FF Watcher {94748EF8-EB34-417D-BE4E-6D92D9D1E18E}.job => C:\Program Files\V-bates\PrefHelper.exe

==================== Loaded Modules (whitelisted) =============

2010-04-05 13:27 - 2005-01-06 18:33 - 00116224 _____ () C:\Windows\System32\redmonnt.dll
2011-06-16 05:11 - 2011-06-16 05:11 - 00024064 _____ () C:\Windows\System32\ssn2mlm.dll
2011-06-16 05:10 - 2013-10-22 06:12 - 00889344 _____ () C:\Windows\system32\spool\DRIVERS\W32X86\3\ssn2mdu.dll
2007-01-19 05:44 - 2006-11-25 01:34 - 00270431 _____ () C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
2007-01-19 05:44 - 2006-11-25 01:34 - 00233573 _____ () C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapEngine.dll
2007-01-19 05:44 - 2006-11-25 01:34 - 00032768 _____ () C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvcps.dll
2012-12-21 12:00 - 2012-12-21 12:00 - 00031744 ____C () C:\Program Files\SoftwareUpdater\UpdaterService.exe
2014-05-01 10:17 - 2014-05-01 10:17 - 00541696 ____C () C:\Program Files\003\vxlsnyaiet32.exe
2007-01-19 05:44 - 2006-11-25 01:34 - 00118877 _____ () C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
2007-01-19 05:44 - 2006-11-25 01:34 - 00114783 _____ () C:\Program Files\HP\QuickPlay\Kernel\TV\CLSchMgr.dll
2007-01-19 05:44 - 2006-11-25 01:34 - 00339968 _____ () C:\Program Files\HP\QuickPlay\Kernel\TV\CLTinyDB.dll
2013-01-02 11:06 - 2013-01-02 11:06 - 00099840 ____C () C:\Program Files\SoftwareUpdater\AppsUpdater.exe
2012-12-11 17:05 - 2012-12-11 17:05 - 00091648 ____C () C:\Program Files\SoftwareUpdater\KeyGen.dll
2008-10-15 01:03 - 2008-10-15 01:03 - 03076096 ____C () c:\program files\adobe\reader 8.0\reader\rdlang32.deu
2007-05-11 02:54 - 2007-05-11 02:54 - 00036864 _____ () C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\Spelling.DEU
2007-05-11 02:53 - 2007-05-11 02:53 - 00974848 _____ () C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\PPKLite.DEU
2007-05-11 02:50 - 2007-05-11 02:50 - 00077824 _____ () C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\Accessibility.DEU
2007-05-11 02:50 - 2007-05-11 02:50 - 00811008 _____ () C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\AcroForm.DEU
2007-05-11 02:51 - 2007-05-11 02:51 - 01224704 _____ () C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\Annots.DEU
2007-05-11 02:51 - 2007-05-11 02:51 - 00192512 _____ () C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\Checkers.DEU
2007-05-11 02:51 - 2007-05-11 02:51 - 00221184 _____ () C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\DigSig.DEU
2006-10-23 01:30 - 2006-10-23 01:30 - 00028672 _____ () C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\eBook.DEU
2008-01-11 21:49 - 2008-01-11 21:49 - 00098304 _____ () C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\EScript.DEU
2007-05-11 02:52 - 2007-05-11 02:52 - 00006656 _____ () C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\EWH32.DEU
2006-10-23 01:31 - 2006-10-23 01:31 - 00013312 _____ () C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\HLS.DEU
2007-05-11 02:52 - 2007-05-11 02:52 - 00086016 _____ () C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\MakeAccessible.DEU
2007-05-11 02:52 - 2007-05-11 02:52 - 00159744 _____ () C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\Multimedia.DEU
2006-10-23 01:32 - 2006-10-23 01:32 - 00011264 _____ () C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\PDDom.DEU
2007-05-11 02:53 - 2007-05-11 02:53 - 00013312 _____ () C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\ReadOutLoud.DEU
2006-10-23 01:33 - 2006-10-23 01:33 - 00008192 _____ () C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\reflow.DEU
2007-05-11 02:53 - 2007-05-11 02:53 - 00028672 _____ () C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\SaveAsRTF.DEU
2007-05-11 02:54 - 2007-05-11 02:54 - 00053248 _____ () C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\Search.DEU
2006-10-23 01:33 - 2006-10-23 01:33 - 00012288 _____ () C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\Search5.DEU
2007-05-11 02:54 - 2007-05-11 02:54 - 00026112 _____ () C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\SendMail.DEU
2006-10-23 01:34 - 2006-10-23 01:34 - 00005120 _____ () C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\Updater.DEU
2007-05-11 02:55 - 2007-05-11 02:55 - 00053248 _____ () C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\weblink.DEU
2007-01-13 03:01 - 2007-01-13 03:01 - 00397312 ___RC () C:\Program Files\Adobe\Reader 8.0\Reader\cryptocme2.dll
2007-01-13 03:01 - 2007-01-13 03:01 - 00475136 ___RC () C:\Program Files\Adobe\Reader 8.0\Reader\ccme_base.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Users\Sonja:zylomtest
AlternateDataStreams: C:\Users\Sonja:zylomtr{00013KEU-UKQE-K6V0-9MH3-29NVUQ9IEVVB}
AlternateDataStreams: C:\Users\Sonja:zylomtr{000HQ7FF-AD7A-3FG4-OK39-27NOI1CL8VVO}
AlternateDataStreams: C:\ProgramData\TEMP:0BBF232A
AlternateDataStreams: C:\ProgramData\TEMP:1392F09D
AlternateDataStreams: C:\ProgramData\TEMP:1ECED34B
AlternateDataStreams: C:\ProgramData\TEMP:23834E1E
AlternateDataStreams: C:\ProgramData\TEMP:24C072FF
AlternateDataStreams: C:\ProgramData\TEMP:29629382
AlternateDataStreams: C:\ProgramData\TEMP:29F0CA7D
AlternateDataStreams: C:\ProgramData\TEMP:2AE74FF9
AlternateDataStreams: C:\ProgramData\TEMP:2E3F04BC
AlternateDataStreams: C:\ProgramData\TEMP:3086B95F
AlternateDataStreams: C:\ProgramData\TEMP:32A82570
AlternateDataStreams: C:\ProgramData\TEMP:370E4EFB
AlternateDataStreams: C:\ProgramData\TEMP:397D67BA
AlternateDataStreams: C:\ProgramData\TEMP:3A7527E8
AlternateDataStreams: C:\ProgramData\TEMP:4A448DB2
AlternateDataStreams: C:\ProgramData\TEMP:4A906D4A
AlternateDataStreams: C:\ProgramData\TEMP:4DCAC4BC
AlternateDataStreams: C:\ProgramData\TEMP:4DDE401B
AlternateDataStreams: C:\ProgramData\TEMP:50092C64
AlternateDataStreams: C:\ProgramData\TEMP:5080697C
AlternateDataStreams: C:\ProgramData\TEMP:512E1728
AlternateDataStreams: C:\ProgramData\TEMP:535F54F3
AlternateDataStreams: C:\ProgramData\TEMP:572631AC
AlternateDataStreams: C:\ProgramData\TEMP:5FFC2819
AlternateDataStreams: C:\ProgramData\TEMP:627153F1
AlternateDataStreams: C:\ProgramData\TEMP:697DDE2B
AlternateDataStreams: C:\ProgramData\TEMP:6A4353C3
AlternateDataStreams: C:\ProgramData\TEMP:6F0B6A5A
AlternateDataStreams: C:\ProgramData\TEMP:71612023
AlternateDataStreams: C:\ProgramData\TEMP:74165027
AlternateDataStreams: C:\ProgramData\TEMP:7ADB695A
AlternateDataStreams: C:\ProgramData\TEMP:80F63EC3
AlternateDataStreams: C:\ProgramData\TEMP:848CC150
AlternateDataStreams: C:\ProgramData\TEMP:870649A4
AlternateDataStreams: C:\ProgramData\TEMP:8B4B9596
AlternateDataStreams: C:\ProgramData\TEMP:8E5EA40F
AlternateDataStreams: C:\ProgramData\TEMP:95198126
AlternateDataStreams: C:\ProgramData\TEMP:A02025CE
AlternateDataStreams: C:\ProgramData\TEMP:AECF4772
AlternateDataStreams: C:\ProgramData\TEMP:AED33A42
AlternateDataStreams: C:\ProgramData\TEMP:B0456F0C
AlternateDataStreams: C:\ProgramData\TEMP:B1786630
AlternateDataStreams: C:\ProgramData\TEMP:B5CC7C28
AlternateDataStreams: C:\ProgramData\TEMP:C0893153
AlternateDataStreams: C:\ProgramData\TEMP:C48A983C
AlternateDataStreams: C:\ProgramData\TEMP:CB0AACC9
AlternateDataStreams: C:\ProgramData\TEMP:CC4C59B4
AlternateDataStreams: C:\ProgramData\TEMP:CF61CE5A
AlternateDataStreams: C:\ProgramData\TEMP:D3A89E47
AlternateDataStreams: C:\ProgramData\TEMP:DAE3E5CC
AlternateDataStreams: C:\ProgramData\TEMP:DC0B1070
AlternateDataStreams: C:\ProgramData\TEMP:DE875C30
AlternateDataStreams: C:\ProgramData\TEMP:DE9AC04F
AlternateDataStreams: C:\ProgramData\TEMP:E2CFA9CD
AlternateDataStreams: C:\ProgramData\TEMP:E411AA0D
AlternateDataStreams: C:\ProgramData\TEMP:E7B4296D
AlternateDataStreams: C:\ProgramData\TEMP:EA10407C
AlternateDataStreams: C:\ProgramData\TEMP:ED2998F5
AlternateDataStreams: C:\ProgramData\TEMP:EE39C93C
AlternateDataStreams: C:\ProgramData\TEMP:F792B89F
AlternateDataStreams: C:\ProgramData\TEMP:F8F070C2
AlternateDataStreams: C:\ProgramData\TEMP:FAB64002

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (whitelisted) =============


==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: avupdate => C:\Users\Sonja\AppData\Roaming\jashla.exe
MSCONFIG\startupreg: FreePDF Assistant => C:\Program Files\FreePDF_XP\fpassist.exe
MSCONFIG\startupreg: ISUSPM Startup => C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
MSCONFIG\startupreg: SynTPEnh => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
MSCONFIG\startupreg: SynTPStart => C:\Program Files\Synaptics\SynTP\SynTPStart.exe
MSCONFIG\startupreg: TomTomHOME.exe => "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"

==================== Faulty Device Manager Devices =============

Name: 6TO4 Adapter
Description: Microsoft-6zu4-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Microsoft-ISATAP-Adapter #2
Description: Microsoft-ISATAP-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: isatap.{54590120-21CF-4893-975C-812906F9A42D}
Description: Microsoft-ISATAP-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: isatap.{8767ED90-5E37-4200-B983-85F309D00935}
Description: Microsoft-ISATAP-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (06/05/2014 08:14:22 PM) (Source: VSS) (EventID: 12292) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Erstellen der Schattenkopieanbieter-COM-Klasse mit CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x80070422] ist ein Fehler aufgetreten.


Vorgang:
   Für diesen Anbieter eine aufrufbare Schnittstelle abrufen
   Schnittstellen für alle Anbieter auflisten, die diesen Kontext unterstützen
   Schattenkopien abfragen

Kontext:
   Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
   Klassen-ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}
   Snapshotkontext: 13
   Snapshotkontext: 13
   Ausführungskontext: Coordinator

Error: (06/05/2014 08:14:22 PM) (Source: VSS) (EventID: 40) (User: )
Description: Volumeschattenkopie-Dienst-Fehler: Der Dienst "Microsoft-Softwareschattenkopie-Anbieter" 
(SWPRV) ist deaktiviert. Aktivieren Sie den Dienst, und wiederholen Sie den Vorgang.


Vorgang:
   Für diesen Anbieter eine aufrufbare Schnittstelle abrufen
   Schnittstellen für alle Anbieter auflisten, die diesen Kontext unterstützen
   Schattenkopien abfragen

Kontext:
   Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
   Klassen-ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}
   Snapshotkontext: 13
   Snapshotkontext: 13
   Ausführungskontext: Coordinator

Error: (06/05/2014 07:54:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung IEXPLORE.EXE, Version 9.0.8112.16545, Zeitstempel 0x531a4f73, fehlerhaftes Modul urlmon.dll, Version 9.0.8112.16545, Zeitstempel 0x531a5031, Ausnahmecode 0xc0000005, Fehleroffset 0x00029dba,
Prozess-ID 0xe54, Anwendungsstartzeit IEXPLORE.EXE0.

Error: (06/05/2014 02:45:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung iexplore.exe, Version 9.0.8112.16545, Zeitstempel 0x531a4f73, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000, Ausnahmecode 0xc0000005, Fehleroffset 0x00775467,
Prozess-ID 0x28ac, Anwendungsstartzeit iexplore.exe0.

Error: (06/02/2014 03:35:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung LxUpdateManager.exe, Version 2.61.0.12, Zeitstempel 0x490efad6, fehlerhaftes Modul KERNEL32.dll, Version 6.0.6002.19034, Zeitstempel 0x52f2ec86, Ausnahmecode 0xe0434f4d, Fehleroffset 0x0003fd1e,
Prozess-ID 0x%9, Anwendungsstartzeit LxUpdateManager.exe0.

Error: (05/30/2014 08:54:03 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung iexplore.exe, Version 9.0.8112.16545, Zeitstempel 0x531a4f73, fehlerhaftes Modul ntdll.dll, Version 6.0.6002.18881, Zeitstempel 0x51da3e27, Ausnahmecode 0xc0000005, Fehleroffset 0x0003dd6d,
Prozess-ID 0x1324, Anwendungsstartzeit iexplore.exe0.

Error: (05/26/2014 03:47:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung LxUpdateManager.exe, Version 2.61.0.12, Zeitstempel 0x490efad6, fehlerhaftes Modul KERNEL32.dll, Version 6.0.6002.19034, Zeitstempel 0x52f2ec86, Ausnahmecode 0xe0434f4d, Fehleroffset 0x0003fd1e,
Prozess-ID 0x%9, Anwendungsstartzeit LxUpdateManager.exe0.

Error: (05/23/2014 00:46:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung iexplore.exe, Version 9.0.8112.16545, Zeitstempel 0x531a4f73, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000, Ausnahmecode 0xc0000005, Fehleroffset 0x008a95f6,
Prozess-ID 0x238, Anwendungsstartzeit iexplore.exe0.

Error: (05/16/2014 07:38:52 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts auf dem Volume (Prozess = C:\Windows\servicing\TrustedInstaller.exe; Beschreibung = Windows-Modulinstallation; Hr = 0x8004230f).

Error: (05/16/2014 07:38:52 AM) (Source: VSS) (EventID: 12292) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Erstellen der Schattenkopieanbieter-COM-Klasse mit CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x80070422] ist ein Fehler aufgetreten.


Vorgang:
   Für diesen Anbieter eine aufrufbare Schnittstelle abrufen
   Schnittstellen für alle Anbieter auflisten, die diesen Kontext unterstützen
   Schattenkopien löschen

Kontext:
   Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
   Klassen-ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}
   Snapshotkontext: 0
   Snapshotkontext: 0
   Ausführungskontext: Coordinator


System errors:
=============
Error: (06/05/2014 08:03:11 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Windows Media Player-NetzwerkfreigabedienstUPnP-Gerätehost%%1058

Error: (06/05/2014 08:02:50 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: HP CUE DeviceDiscovery Service%%2147500037

Error: (06/05/2014 08:02:49 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: kl1

Error: (06/05/2014 08:02:49 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Diagnosediensthost

Error: (06/05/2014 08:02:47 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: HP CUE DeviceDiscovery Service

Error: (06/05/2014 08:02:09 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Windows-BilderfassungShellhardwareerkennung%%1058

Error: (06/05/2014 08:02:09 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: My Web Search Service%%3

Error: (06/01/2014 07:09:53 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Windows Media Player-NetzwerkfreigabedienstUPnP-Gerätehost%%1058

Error: (06/01/2014 07:09:44 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: HP CUE DeviceDiscovery Service%%2147500037

Error: (06/01/2014 07:09:43 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: kl1


Microsoft Office Sessions:
=========================

==================== Memory info =========================== 

Percentage of memory in use: 53%
Total physical RAM: 1981.87 MB
Available physical RAM: 912.92 MB
Total Pagefile: 4209.02 MB
Available Pagefile: 2912.62 MB
Total Virtual: 2047.88 MB
Available Virtual: 1905.48 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:106.56 GB) (Free:32.29 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (HP_RECOVERY) (Fixed) (Total:5.23 GB) (Free:1.18 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 112 GB) (Disk ID: EBD671CE)
Partition 1: (Active) - (Size=107 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=5 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         

Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 20:10 on 05/06/2014 (Sonja)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
         
Code:
ATTFilter
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-06-05 20:40:47
Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\00000066 ST912082 rev.7.24 111,79GB
Running: Gmer-19357.exe; Driver: C:\Users\Sonja\AppData\Local\Temp\ugloypow.sys


---- System - GMER 2.1 ----

SSDT            89E5E6E6                                                                                  ZwCreateSection
SSDT            89E5E6F0                                                                                  ZwRequestWaitReplyPort
SSDT            89E5E6EB                                                                                  ZwSetContextThread
SSDT            89E5E6F5                                                                                  ZwSetSecurityObject
SSDT            89E5E6FA                                                                                  ZwSystemDebugControl
SSDT            89E5E687                                                                                  ZwTerminateProcess

---- Kernel code sections - GMER 2.1 ----

.text           ntkrnlpa.exe!KeSetEvent + 215                                                             824ED860 4 Bytes  [E6, E6, E5, 89] {OUT 0xe6, AL; IN EAX, 0x89}
.text           ntkrnlpa.exe!KeSetEvent + 539                                                             824EDB84 4 Bytes  [F0, E6, E5, 89]
.text           ntkrnlpa.exe!KeSetEvent + 56D                                                             824EDBB8 4 Bytes  [EB, E6, E5, 89] {JMP 0xffffffe8; IN EAX, 0x89}
.text           ntkrnlpa.exe!KeSetEvent + 5D1                                                             824EDC1C 4 Bytes  [F5, E6, E5, 89]
.text           ntkrnlpa.exe!KeSetEvent + 619                                                             824EDC64 4 Bytes  [FA, E6, E5, 89]
.text           ...                                                                                       
.text           C:\Windows\system32\DRIVERS\nvlddmkm.sys                                                  section is writeable [0x8BE0E340, 0x3ED9C7, 0xE8000020]

---- User code sections - GMER 2.1 ----

.text           C:\Program Files\Internet Explorer\iexplore.exe[1336] kernel32.dll!CreateThread           777ECBEE 5 Bytes  JMP 688475DB C:\Windows\system32\IEFRAME.dll
.text           C:\Program Files\Internet Explorer\iexplore.exe[1336] USER32.dll!EnableWindow             765CCD8B 5 Bytes  JMP 68889ED4 C:\Windows\system32\IEFRAME.dll
.text           C:\Program Files\Internet Explorer\iexplore.exe[1336] USER32.dll!DefWindowProcA           765CDB88 7 Bytes  JMP 68849805 C:\Windows\system32\IEFRAME.dll
.text           C:\Program Files\Internet Explorer\iexplore.exe[1336] USER32.dll!CreateWindowExA          765CDC2A 5 Bytes  JMP 68853627 C:\Windows\system32\IEFRAME.dll
.text           C:\Program Files\Internet Explorer\iexplore.exe[1336] USER32.dll!CreateWindowExW          765D1305 5 Bytes  JMP 688B040F C:\Windows\system32\IEFRAME.dll
.text           C:\Program Files\Internet Explorer\iexplore.exe[1336] USER32.dll!DefWindowProcW           765E03B4 7 Bytes  JMP 688A8082 C:\Windows\system32\IEFRAME.dll
.text           C:\Program Files\Internet Explorer\iexplore.exe[1336] USER32.dll!DialogBoxParamW          765F10B0 5 Bytes  JMP 687E18B3 C:\Windows\system32\IEFRAME.dll
.text           C:\Program Files\Internet Explorer\iexplore.exe[1336] USER32.dll!DialogBoxIndirectParamW  765F2EF5 5 Bytes  JMP 689D91B6 C:\Windows\system32\IEFRAME.dll
.text           C:\Program Files\Internet Explorer\iexplore.exe[1336] USER32.dll!DialogBoxParamA          76608152 5 Bytes  JMP 689D9151 C:\Windows\system32\IEFRAME.dll
.text           C:\Program Files\Internet Explorer\iexplore.exe[1336] USER32.dll!DialogBoxIndirectParamA  7660847D 5 Bytes  JMP 689D921B C:\Windows\system32\IEFRAME.dll
.text           C:\Program Files\Internet Explorer\iexplore.exe[1336] USER32.dll!MessageBoxIndirectA      7661D4D9 5 Bytes  JMP 689D90D8 C:\Windows\system32\IEFRAME.dll
.text           C:\Program Files\Internet Explorer\iexplore.exe[1336] USER32.dll!MessageBoxIndirectW      7661D5D3 5 Bytes  JMP 689D905F C:\Windows\system32\IEFRAME.dll
.text           C:\Program Files\Internet Explorer\iexplore.exe[1336] USER32.dll!MessageBoxExA            7661D639 5 Bytes  JMP 689D8FFB C:\Windows\system32\IEFRAME.dll
.text           C:\Program Files\Internet Explorer\iexplore.exe[1336] USER32.dll!MessageBoxExW            7661D65D 5 Bytes  JMP 689D8F97 C:\Windows\system32\IEFRAME.dll
.text           C:\Program Files\Internet Explorer\iexplore.exe[1336] ole32.dll!OleLoadFromStream         77921E80 5 Bytes  JMP 689D99A8 C:\Windows\system32\IEFRAME.dll

---- Devices - GMER 2.1 ----

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                   Wdf01000.sys
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1                                                   Wdf01000.sys
AttachedDevice  \Driver\tdx \Device\Tcp                                                                   {9edd0ea8-2819-47c2-8320-b007d5996f8a}t.sys
AttachedDevice  \Driver\tdx \Device\Udp                                                                   {9edd0ea8-2819-47c2-8320-b007d5996f8a}t.sys

---- Disk sectors - GMER 2.1 ----

Disk            \Device\Harddisk0\DR0                                                                     unknown MBR code

---- EOF - GMER 2.1 ----
         

 

Themen zu Bank hat Online-Banking gesperrt wegen Verdacht von Trojaner
0x8007042, 4d36e972-e325-11ce-bfc1-08002be10318, android/mobserv.a, association, device driver, launch, msil/vittalia.a, msil/vittalia.c, pup.optional.adpeak.a, pup.optional.coupondownloader.a, pup.optional.suprasavings.a, pup.optional.suptab.a, pup.optional.vbates, trojan.fakealert, trojan.vundo, trojan.zlob, win32/adware.adpeak.f, win32/elex.ad, win32/mobogenie.a, win32/thinknice.a, win32/thinknice.b, win32/toolbar.mywebsearch, win32/toolbar.mywebsearch.b, win32/toolbar.mywebsearch.d, win32/toolbar.mywebsearch.g, win32/toolbar.mywebsearch.h, win32/toolbar.mywebsearch.i, win32/toolbar.mywebsearch.p, win32/toolkitoffers.a, win64/thinknice.a




Ähnliche Themen: Bank hat Online-Banking gesperrt wegen Verdacht von Trojaner


  1. Danke an COSINUS betr. "Online-Banking-Account gesperrt - Verdacht auf Trojaner"
    Lob, Kritik und Wünsche - 06.09.2015 (1)
  2. Online-Banking-Account gesperrt - Verdacht auf Trojaner
    Plagegeister aller Art und deren Bekämpfung - 06.09.2015 (25)
  3. Sparkasse Online Banking gesperrt wegen Troyaner
    Log-Analyse und Auswertung - 30.09.2014 (19)
  4. Bank sperrt Online-Banking wegen Verdacht auf Trojaner Befall
    Log-Analyse und Auswertung - 04.08.2014 (20)
  5. Online-Banking wegen Trojaner gesperrt, keine Anzeichen, wie System überprüfen?
    Plagegeister aller Art und deren Bekämpfung - 02.10.2012 (1)
  6. JS:Exploit.JS.Agent.AK - Online Banking Deutsche Bank Trojaner (?)
    Log-Analyse und Auswertung - 09.08.2012 (1)
  7. Online-Banking gesperrt wegen torpig-Trojaner
    Plagegeister aller Art und deren Bekämpfung - 09.02.2012 (22)
  8. Online-Banking gesperrt : Verdacht auf Trojaner
    Plagegeister aller Art und deren Bekämpfung - 03.02.2012 (27)
  9. Online Banking gesperrt wegen Viren
    Log-Analyse und Auswertung - 11.09.2011 (22)
  10. Online Banking Volksbank gesperrt, wegen Trojaner !
    Plagegeister aller Art und deren Bekämpfung - 15.07.2011 (1)
  11. Online Banking Gesperrt wegen Verdacht auf Trojaner
    Log-Analyse und Auswertung - 13.07.2011 (7)
  12. online banking gesperrt wegen gozi
    Plagegeister aller Art und deren Bekämpfung - 27.01.2011 (26)
  13. Online-Banking gesperrt wegen Schadsoftware
    Plagegeister aller Art und deren Bekämpfung - 11.12.2010 (13)
  14. Online-Banking wegen Trojaner "gozi" gesperrt
    Plagegeister aller Art und deren Bekämpfung - 04.11.2010 (28)
  15. Bank sperrt Online Banking angeblich Trojaner
    Log-Analyse und Auswertung - 10.10.2010 (3)
  16. TAN Trojaner beim Online Banking der Deutschen Bank :(
    Plagegeister aller Art und deren Bekämpfung - 15.09.2010 (12)
  17. Online Banking gesperrt wegen Phishing und Trojanern
    Log-Analyse und Auswertung - 15.06.2009 (6)

Zum Thema Bank hat Online-Banking gesperrt wegen Verdacht von Trojaner - Beim Einloggen zum Online-Banking der Sparkasse erhielt ich die Mitteilung, dass der Zugang gesperrt wurde. Am selben Tag kam noch Post von der Sparkasse, dass die Onlinebanking-Zugangsdaten auf einem von - Bank hat Online-Banking gesperrt wegen Verdacht von Trojaner...
Archiv
Du betrachtest: Bank hat Online-Banking gesperrt wegen Verdacht von Trojaner auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.