| |
| |||||||
Log-Analyse und Auswertung: Bank hat Online-Banking gesperrt wegen Verdacht von TrojanerWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
05.06.2014, 19:56
| #1 |
 |  Bank hat Online-Banking gesperrt wegen Verdacht von Trojaner Beim Einloggen zum Online-Banking der Sparkasse erhielt ich die Mitteilung, dass der Zugang gesperrt wurde. Am selben Tag kam noch Post von der Sparkasse, dass die Onlinebanking-Zugangsdaten auf einem von Trojanern genutzem Pishing-Server gefunden wurden und deshalb die Zugangsdaten durch die Sparkasse gesperrt wurden. Bisher ist mir nur aufgefallen, dass ich nicht mehr aus dem Internet Explorer heraus drucken kann, bei den Downloads dauerte die Sicherheitsüberprüfung extrem lange und der PC war zudem sehr langsam. Sonstige Unregelmäßigkeiten konnte ich jedoch nicht feststellen. Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:02-06-2014
Ran by Sonja (administrator) on SONJA-PC on 05-06-2014 20:12:23
Running from C:\Users\Sonja\Downloads
Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\WINDOWS\System32\nvvsvc.exe
(Microsoft Corporation) C:\WINDOWS\System32\SLsvc.exe
(Cherished Technololgy LIMITED) C:\ProgramData\IePluginService\PluginService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
() C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
(Hewlett-Packard Company) C:\Program Files\HP\Common\HPSupportSolutionsFrameworkService.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
() C:\Program Files\SoftwareUpdater\UpdaterService.exe
(TomTom) C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
() C:\Program Files\003\vxlsnyaiet32.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
() C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe
(Ask) C:\Program Files\Ask.com\Updater\Updater.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
(TomTom) C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
() C:\Program Files\SoftwareUpdater\AppsUpdater.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
(Microsoft Corporation) C:\WINDOWS\System32\conime.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-19] (Microsoft Corporation)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [ApnUpdater] => C:\Program Files\Ask.com\Updater\Updater.exe [1573584 2012-10-29] (Ask)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [737872 2014-06-04] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1045800 2008-03-28] (Synaptics, Inc.)
HKLM\...\Run: [QlbCtrl.exe] => C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [323640 2009-11-24] ( Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [NvCplDaemon] => C:\Windows\system32\NvCpl.dll [13601312 2009-06-24] (NVIDIA Corporation)
HKLM\...\Run: [NvMediaCenter] => C:\Windows\system32\NvMcTray.dll [92704 2009-06-24] (NVIDIA Corporation)
HKLM\...\Run: [hpWirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [472776 2007-03-01] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [WAWifiMessage] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe [317128 2007-01-10] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [mobilegeni daemon] => C:\Program Files\Mobogenie\DaemonProcess.exe
HKLM\...\RunOnce: [Launcher] - %WINDIR%\SMINST\launcher.exe [44128 2006-11-08] (soft thinks)
HKLM Group Policy restriction on software: C:\Program Files\Avira <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Kaspersky Lab <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Common Files\Symantec Shared <====== ATTENTION
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-3630345418-880999805-3251746199-1000\...\Run: [ISUSPM Startup] => C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
HKU\S-1-5-21-3630345418-880999805-3251746199-1000\...\Run: [TomTomHOME.exe] => C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe [247768 2012-08-28] (TomTom)
HKU\S-1-5-21-3630345418-880999805-3251746199-1000\...\Run: [svñhîst] => %USERPROFILE%\AppData\Local\Temp\wpbt0.dll <===== ATTENTION
HKU\S-1-5-21-3630345418-880999805-3251746199-1000\...\Run: [utyakwd] => regsvr32.exe "C:\ProgramData\utyakwd.dat"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.qone8.com/web/?type=ds&ts=1398932053&from=adks&uid=395049983_266114_D821E438&q={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.qone8.com/?type=hp&ts=1398932053&from=adks&uid=395049983_266114_D821E438
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://start.qone8.com/?type=hp&ts=1398932053&from=adks&uid=395049983_266114_D821E438
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.qone8.com/web/?type=ds&ts=1398932053&from=adks&uid=395049983_266114_D821E438&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.qone8.com/web/?type=ds&ts=1398932053&from=adks&uid=395049983_266114_D821E438&q={searchTerms}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://start.qone8.com/?type=sc&ts=1398932053&from=adks&uid=395049983_266114_D821E438
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.qone8.com/web/?type=ds&ts=1398932053&from=adks&uid=395049983_266114_D821E438&q={searchTerms}
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.qone8.com/web/?type=ds&ts=1398932053&from=adks&uid=395049983_266114_D821E438&q={searchTerms}
SearchScopes: HKLM - {56256A51-B582-467e-B8D4-7786EDA79AE0} URL = hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=RGxdm204YYDE&ptb=gzHzwjRMwEaBmECfkO2gSg&ind=2010121210&ptnrS=RGxdm204YYDE&si=2845&n=77d003fa&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKLM - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2431245
SearchScopes: HKLM - {FD524BA7-ACF0-49FE-9360-E6BCCDCC5412} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06
SearchScopes: HKCU - DefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www.delta-search.com/?q={searchTerms}&affID=119721&babsrc=SP_ss&mntrId=d821e438000000000000001a73467026
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www.delta-search.com/?q={searchTerms}&affID=119721&babsrc=SP_ss&mntrId=d821e438000000000000001a73467026
SearchScopes: HKCU - {56256A51-B582-467e-B8D4-7786EDA79AE0} URL = hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=RGxdm204YYDE&ptb=gzHzwjRMwEaBmECfkO2gSg&ind=2010121210&ptnrS=RGxdm204YYDE&si=2845&n=77d003fa&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2431245
SearchScopes: HKCU - {FA62F52A-5E85-49EC-85FA-7DDDA0C3EE0D} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10261&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=^AGS&apn_dtid=^YYYYYY^YY^DE&apn_uid=a08f2769-e56e-4474-8086-1fe60438f386&apn_sauid=80E447C6-CC24-4092-9579-6D95E642EB6C
BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: IETabPage Class - {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} - C:\Program Files\SupTab\SupTab.dll (Thinknice Co. Limited)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO: Avira SearchFree Toolbar plus Web Protection - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - No Name - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - No File
Toolbar: HKLM - Avira SearchFree Toolbar plus Web Protection - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
Toolbar: HKCU - No Name - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - No File
Toolbar: HKCU - No Name - {30F9B915-B755-4826-820B-08FBA6BD249D} - No File
Toolbar: HKCU - No Name - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - No File
Toolbar: HKCU - Avira SearchFree Toolbar plus Web Protection - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Winsock: Catalog9 01 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 02 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 03 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 04 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 05 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 06 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 07 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 08 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 19 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @mywebsearch.com/Plugin - C:\Program Files\MyWebSearch\bar\2.bin\NPMyWebS.dll (MyWebSearch.com)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdeploytk.dll (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\babylon.xml
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} [2009-09-26]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010-08-14]
FF HKLM\...\Firefox\Extensions: [m3ffxtbr@mywebsearch.com] - C:\Program Files\MyWebSearch\bar\2.bin
FF Extension: My Web Search - C:\Program Files\MyWebSearch\bar\2.bin [2011-04-26]
FF HKLM\...\Firefox\Extensions: [{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}] - C:\Program Files\V-bates\Firefox
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010-08-14]
========================== Services (Whitelisted) =================
S3 AddFiltr; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe [126976 2006-06-26] (Hewlett-Packard Development Company, L.P.)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [430160 2014-06-04] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [430160 2014-06-04] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [1039440 2014-06-04] (Avira Operations GmbH & Co. KG)
R2 CLCapSvc; C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe [270431 2006-11-25] ()
R2 CLSched; C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe [118877 2006-11-25] ()
R2 HP Health Check Service; C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [58984 2006-12-04] (Hewlett-Packard)
R3 hpqcxs08; C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqcxs08.dll [217088 2008-10-16] (Hewlett-Packard Co.)
S2 hpqddsvc; C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqddsvc.dll [135168 2008-03-25] (Hewlett-Packard Co.)
R2 HPSupportSolutionsFrameworkService; C:\Program Files\Hp\Common\HPSupportSolutionsFrameworkService.exe [46904 2013-12-17] (Hewlett-Packard Company)
S3 IDriverT; C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation)
R2 IePluginService; C:\ProgramData\IePluginService\PluginService.exe [705136 2014-04-11] (Cherished Technololgy LIMITED)
R2 SrvUpdater; C:\Program Files\SoftwareUpdater\UpdaterService.exe [31744 2012-12-21] ()
R2 vxlsnyaiet32; C:\Program Files\003\vxlsnyaiet32.exe [541696 2014-05-01] ()
S2 CLTNetCnService; "c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [X]
S2 MyWebSearchService; No ImagePath
==================== Drivers (Whitelisted) ====================
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [93528 2014-06-04] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2014-06-04] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-11-25] (Avira Operations GmbH & Co. KG)
S3 HdAudAddService; C:\Windows\System32\drivers\CHDART.sys [145920 2006-11-18] (Conexant Systems Inc.)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2012-08-27] (Avira GmbH)
S3 WinPhlash; C:\SwSetup\sp48125\SWinFlash\PHLASHNT.SYS [31616 2006-09-06] ()
R1 {9edd0ea8-2819-47c2-8320-b007d5996f8a}t; C:\Windows\System32\drivers\{9edd0ea8-2819-47c2-8320-b007d5996f8a}t.sys [55224 2014-04-28] (StdLib)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
U4 eabfiltr;
S3 HSXHWAZL; system32\DRIVERS\HSXHWAZL.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S1 kl1; system32\DRIVERS\kl1.sys [X]
S3 massfilter; system32\drivers\massfilter.sys [X]
S2 mdmxsdk; system32\DRIVERS\mdmxsdk.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 TSP; system32\DRIVERS\klif.sys [X]
S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X]
S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X]
S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-06-05 20:12 - 2014-06-05 20:13 - 00018385 _____ () C:\Users\Sonja\Downloads\FRST.txt
2014-06-05 20:12 - 2014-06-05 20:12 - 00000000 ___DC () C:\FRST
2014-06-05 20:11 - 2014-06-05 20:11 - 01059840 _____ (Farbar) C:\Users\Sonja\Downloads\FRST.exe
2014-06-05 20:10 - 2014-06-05 20:11 - 00000472 _____ () C:\Users\Sonja\Downloads\defogger_disable.log
2014-06-05 20:10 - 2014-06-05 20:10 - 00000000 _____ () C:\Users\Sonja\defogger_reenable
2014-06-05 20:08 - 2014-06-05 20:08 - 00050477 _____ () C:\Users\Sonja\Downloads\Defogger.exe
2014-05-16 07:32 - 2014-05-16 07:32 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-05-16 07:29 - 2014-05-06 01:32 - 12347392 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-16 07:29 - 2014-05-06 01:14 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-16 07:29 - 2014-05-06 01:14 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-14 06:43 - 2014-03-25 15:26 - 11587584 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-12 13:31 - 2014-05-12 13:31 - 00279160 _____ (Microsoft Corporation) C:\ProgramData\utyakwd.dat
==================== One Month Modified Files and Folders =======
2014-06-05 20:13 - 2014-06-05 20:12 - 00018385 _____ () C:\Users\Sonja\Downloads\FRST.txt
2014-06-05 20:13 - 2007-06-05 10:24 - 00000000 ____D () C:\Users\Sonja\AppData\Local\Temp
2014-06-05 20:12 - 2014-06-05 20:12 - 00000000 ___DC () C:\FRST
2014-06-05 20:11 - 2014-06-05 20:11 - 01059840 _____ (Farbar) C:\Users\Sonja\Downloads\FRST.exe
2014-06-05 20:11 - 2014-06-05 20:10 - 00000472 _____ () C:\Users\Sonja\Downloads\defogger_disable.log
2014-06-05 20:10 - 2014-06-05 20:10 - 00000000 _____ () C:\Users\Sonja\defogger_reenable
2014-06-05 20:10 - 2007-06-05 10:24 - 00000000 ____D () C:\Users\Sonja
2014-06-05 20:09 - 2007-06-05 20:01 - 01738059 _____ () C:\Windows\WindowsUpdate.log
2014-06-05 20:08 - 2014-06-05 20:08 - 00050477 _____ () C:\Users\Sonja\Downloads\Defogger.exe
2014-06-05 20:03 - 2014-01-11 13:05 - 00074624 _____ () C:\ProgramData\nvModes.001
2014-06-05 20:02 - 2014-05-01 10:32 - 00000282 _____ () C:\Windows\Tasks\FF Watcher {94748EF8-EB34-417D-BE4E-6D92D9D1E18E}.job
2014-06-05 20:00 - 2011-05-10 22:51 - 00241136 _____ () C:\Windows\PFRO.log
2014-06-05 20:00 - 2011-05-10 19:34 - 00000000 ____D () C:\Program Files\Trojan Remover
2014-06-05 20:00 - 2006-11-02 15:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-05 20:00 - 2006-11-02 14:47 - 00003168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-05 20:00 - 2006-11-02 14:47 - 00003168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-05 19:59 - 2006-11-02 15:01 - 00032538 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-06-05 19:38 - 2014-01-11 13:05 - 00074624 _____ () C:\ProgramData\nvModes.dat
2014-06-05 09:30 - 2010-03-30 20:02 - 00000000 ____D () C:\ProgramData\TEMP
2014-06-04 07:41 - 2012-12-18 20:02 - 00136216 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-06-04 07:41 - 2012-12-18 20:02 - 00093528 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-05-27 13:36 - 2011-02-23 21:11 - 00000000 ____D () C:\Users\Sonja\Documents\Sonja
2014-05-17 20:45 - 2011-08-04 20:32 - 00000000 ____D () C:\Users\Sonja\AppData\Local\.elfohilfe
2014-05-17 08:12 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-05-16 07:38 - 2009-01-13 19:01 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-05-16 07:37 - 2013-08-19 11:04 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-16 07:33 - 2006-11-02 12:24 - 90547776 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-05-16 07:32 - 2014-05-16 07:32 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-05-15 12:01 - 2010-04-05 13:28 - 00003300 ____C () C:\fpRedmon.log
2014-05-15 12:01 - 2010-04-05 13:28 - 00000000 ____D () C:\Users\Sonja\AppData\Local\FreePDF_XP
2014-05-13 17:56 - 2011-05-01 13:28 - 00000000 ____D () C:\Users\Sonja\EST
2014-05-12 18:21 - 2007-07-09 21:13 - 00000000 ____D () C:\Program Files\ElsterFormular
2014-05-12 13:31 - 2014-05-12 13:31 - 00279160 _____ (Microsoft Corporation) C:\ProgramData\utyakwd.dat
2014-05-06 01:32 - 2014-05-16 07:29 - 12347392 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-06 01:14 - 2014-05-16 07:29 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-06 01:14 - 2014-05-16 07:29 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
Files to move or delete:
====================
C:\ProgramData\utyakwd.dat
Some content of TEMP:
====================
C:\Users\Sonja\AppData\Local\Temp\avgnt.exe
C:\Users\Sonja\AppData\Local\Temp\BackupSetup.exe
C:\Users\Sonja\AppData\Local\Temp\nsl84A9.tmp.exe
C:\Users\Sonja\AppData\Local\Temp\sqlite3.exe
C:\Users\Sonja\AppData\Local\Temp\System.Data.SQLite.dll
C:\Users\Sonja\AppData\Local\Temp\System.Data.SQLite25314.dll
C:\Users\Sonja\AppData\Local\Temp\System.Data.SQLite99741.dll
C:\Users\Sonja\AppData\Local\Temp\uninst1.exe
C:\Users\Sonja\AppData\Local\Temp\v-bates.exe
C:\Users\Sonja\AppData\Local\Temp\_is3370.exe
C:\Users\Sonja\AppData\Local\Temp\_is3BA8.exe
C:\Users\Sonja\AppData\Local\Temp\_is4865.exe
C:\Users\Sonja\AppData\Local\Temp\_is5D3C.exe
C:\Users\Sonja\AppData\Local\Temp\_isAC74.exe
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-06-05 20:11
==================== End Of Log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version:02-06-2014
Ran by Sonja at 2014-06-05 20:14:17
Running from C:\Users\Sonja\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
Update for Microsoft Office 2007 (KB2508958) (HKLM\...\{91120000-0013-0000-0000-0000000FF1CE}_BASICR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version: - Microsoft)
32 Bit HP CIO Components Installer (Version: 2.1.5 - Hewlett-Packard) Hidden
Adobe Flash Player 10 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 10.0.22.87 - Adobe Systems Incorporated)
Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.7.700.202 - Adobe Systems Incorporated)
Adobe Reader 8.1.3 - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-A81300000003}) (Version: 8.1.3 - Adobe Systems Incorporated)
Adobe Shockwave Player (HKLM\...\Adobe Shockwave Player) (Version: 10.3.0.24 - Adobe Systems, Inc.)
Ask Toolbar (HKLM\...\{86D4B82A-ABED-442A-BE86-96357B70F4FE}) (Version: 1.15.11.0 - Ask.com) <==== ATTENTION
ASL_HS_Installer32 (Version: 1.0.9 - Hewlett-Packard) Hidden
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.4.642 - Avira)
Avira SearchFree Toolbar plus Web Protection Updater (HKCU\...\{79A765E1-C399-405B-85AF-466F52E918B0}) (Version: 1.2.3.30498 - Ask.com) <==== ATTENTION
BPM-Studio 4 Profi (HKLM\...\BPM-Studio 4 Profi) (Version: - )
Broadcom 802.11 Wireless LAN Adapter (HKLM\...\Broadcom 802.11b Network Adapter) (Version: 5.10.38.26 - Broadcom Corporation)
BufferChm (Version: 100.0.170.000 - Hewlett-Packard) Hidden
Conexant HD Audio (HKLM\...\CNXT_HDAUDIO) (Version: - )
CustomerResearchQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Destination Component (Version: 100.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (Version: 110.0.180.000 - Hewlett-Packard) Hidden
DeviceManagementQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
DHTML Editing Component (HKLM\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
DocMgr (Version: 100.0.201.000 - Hewlett-Packard) Hidden
DocProc (Version: 10.0.0.0 - Hewlett-Packard) Hidden
DocProcQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
ElsterFormular (HKLM\...\ElsterFormular) (Version: 15.1.13904 - Landesfinanzdirektion Thüringen)
ElsterFormular 2006/2007 (HKLM\...\{CBBCBE04-EA5E-4201-A924-E7ED3E8686AE}) (Version: 8.1.0.0 - Steuerverwaltung des Bundes und der Länder)
ElsterFormular 2007/2008 (HKLM\...\{B480BD2A-F1BA-4FE6-8C8E-34C6111B72C9}) (Version: 9.1.0.0 - Steuerverwaltung des Bundes und der Länder)
ElsterFormular 2008/2009 (HKLM\...\{04830D0F-F980-4EC0-89F1-594F2FD2A1B5}) (Version: 10.3.1.0 - Steuerverwaltung des Bundes und der Länder)
eSupportQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
FreePDF (Remove only) (HKLM\...\FreePDF_XP) (Version: - )
GPBaseService (Version: 100.0.187.000 - Hewlett-Packard) Hidden
GPL Ghostscript 8.71 (HKLM\...\GPL Ghostscript 8.71) (Version: - )
Hewlett-Packard Active Check (Version: 1.1.4.0 - Hewlett-Packard) Hidden
Hewlett-Packard Asset Agent (Version: 2.0.55.0 - HP) Hidden
HP Active Support Library (Version: 1.0.21 - Hewlett-Packard) Hidden
HP Customer Participation Program 10.0 (HKLM\...\HPExtendedCapabilities) (Version: 10.0 - HP)
HP Document Manager 1.0 (HKLM\...\HP Document Manager) (Version: 1.0 - HP)
HP Easy Setup - Core (HKLM\...\{F94234DB-FD06-42C3-B88D-6FC4DC9F988C}) (Version: 1.00.0000 - Hewlett-Packard)
HP Easy Setup - Frontend (HKLM\...\{40F7AED3-0C7D-4582-99F6-484A515C73F2}) (Version: 5.00.0000 - Hewlett-Packard)
HP Imaging Device Functions 10.0 (HKLM\...\HP Imaging Device Functions) (Version: 10.0 - HP)
HP Photosmart Essential 2.01 (HKLM\...\HP Photosmart Essential) (Version: 2.01 - HP)
HP Photosmart Essential2.01 (Version: 1.01.0000 - Hewlett-Packard) Hidden
HP Quick Launch Buttons (HKLM\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.50.14.1 - Hewlett-Packard Company)
HP QuickPlay 3.0 (HKLM\...\{45D707E9-F3C4-11D9-A373-0050BAE317E1}) (Version: - )
HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)
HP Solution Center 10.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 10.0 - HP)
HP Support Solutions Framework (HKLM\...\{23CCE784-A812-4647-AEFF-1DCCD4E57478}) (Version: 11.50.0000 - Hewlett-Packard Company)
HP Update (HKLM\...\{DDD5104F-1C44-49EB-9E6B-29EC5D27658B}) (Version: 5.002.007.004 - Hewlett-Packard)
HP User Guide 0041 (HKLM\...\{D5CEFEDA-38DF-4F94-A392-C86163CB9965}) (Version: 1.00.0008 - Ihr Firmenname)
HP Wireless Assistant (HKLM\...\{D32067CD-7409-4792-BFA0-1469BCD8F0C8}) (Version: 3.00 F1 - Hewlett-Packard)
HPDiagnosticAlert (Version: 1.00.0000 - Microsoft) Hidden
HPProductAssistant (Version: 100.0.170.000 - Hewlett-Packard) Hidden
Java(TM) 6 Update 16 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216016FF}) (Version: 6.0.160 - Sun Microsystems, Inc.)
Java(TM) 6 Update 2 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160020}) (Version: 1.6.0.20 - Sun Microsystems, Inc.)
Java(TM) SE Runtime Environment 6 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160000}) (Version: 1.6.0.0 - Sun Microsystems, Inc.)
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Lexware business office pro 2007 (Version: 7.00 - Lexware) Hidden
Lexware business office pro 2008 (Version: 8.00.00.0084 - Lexware) Hidden
Lexware business office pro Aktualisierung Februar 2008, Version 8.20 (Version: 8.20.00.0016 - Lexware) Hidden
Lexware Business office pro Aktualisierung Februar 2009, Version 9.20 (Version: 9.20.00.0024 - Lexware) Hidden
Lexware business office pro Aktualisierung Januar 2008, Version 8.10 (Version: 8.10.00.0021 - Lexware) Hidden
LightScribe 1.4.124.1 (Version: 1.4.124.1 - hxxp://www.lightscribe.com) Hidden
MarketResearch (Version: 100.0.170.000 - Hewlett-Packard) Hidden
Mesh Runtime (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft) Hidden
Microsoft .NET Framework 1.1 German Language Pack (HKLM\...\{E78BFA60-5393-4C38-82AB-E8019E464EB4}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version: - )
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-0013-0000-0000-0000000FF1CE}_BASICR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden
Microsoft Office Basic 2007 (HKLM\...\BASICR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Basic 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM\...\{95140000-007A-0407-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Outlook MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden
Microsoft Office Shared MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual J# .NET Redistributable Package 1.1 (HKLM\...\{1A655D51-1423-48A3-B748-8F5A0BE294C8}) (Version: 1.1.4322 - Microsoft)
Microsoft Works (HKLM\...\{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}) (Version: 08.05.0822 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Mozilla Thunderbird (3.1.7) (HKLM\...\Mozilla Thunderbird (3.1.7)) (Version: 3.1.7 (de) - Mozilla)
MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.4 - NVIDIA Corporation)
OCR Software by I.R.I.S. 10.0 (HKLM\...\HPOCR) (Version: 10.0 - HP)
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PSSWCORE (Version: 2.01.0000 - Hewlett-Packard) Hidden
QLBCASL (Version: 6.40.17.2 - Hewlett-Packard) Hidden
RedMon - Redirection Port Monitor (HKLM\...\Redirection Port Monitor) (Version: - )
RENESIS® Player Browser Plugins (HKLM\...\{62B7C52C-CAB6-48B1-8245-52356C141C92}) (Version: 1.1.1 - examotion® GmbH)
Roxio Creator Audio (HKLM\...\{83FFCFC7-88C6-41c6-8752-958A45325C82}) (Version: 3.3.0 - Roxio)
Roxio Creator Basic v9 (HKLM\...\{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}) (Version: 3.3.0 - Roxio)
Roxio Creator Copy (HKLM\...\{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}) (Version: 3.3.0 - Roxio)
Roxio Creator Data (HKLM\...\{0D397393-9B50-4c52-84D5-77E344289F87}) (Version: 3.3.0 - Roxio)
Roxio Creator EasyArchive (HKLM\...\{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}) (Version: 3.3.0 - Roxio)
Roxio Creator Tools (HKLM\...\{0394CDC8-FABD-4ed8-B104-03393876DFDF}) (Version: 3.3.0 - Roxio)
Roxio Express Labeler 3 (HKLM\...\{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}) (Version: 2.1.0 - Roxio)
Roxio MyDVD Basic v9 (HKLM\...\{33C65B6A-5D73-4E3E-A1F9-127C27BD3F72}) (Version: 9.0.114 - Roxio)
Samsung Printer Live Update (HKLM\...\Samsung Printer Live Update) (Version: 1.01.00:04(2013-04-22) - Samsung Electronics Co., Ltd.)
Samsung Scan Assistant (HKLM\...\Samsung Scan Assistant) (Version: 1.05.07 (20.07.2012) - Samsung Electronics Co., Ltd.)
Segoe UI (Version: 15.4.2271.0615 - Microsoft Corp) Hidden
Servicepack Datumsaktualisierung (Version: 1.00.00.0005 - Haufe-Lexware) Hidden
SmartWebPrinting (Version: 140.0.186.000 - Hewlett-Packard) Hidden
SoftwareUpdater (HKLM\...\SoftwareUpdater) (Version: - )
SolutionCenter (Version: 100.0.175.000 - Hewlett-Packard) Hidden
Sonic Activation Module (Version: 1.0 - Sonic Solutions) Hidden
Status (Version: 110.0.180.000 - Hewlett-Packard) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 11.0.7.0 - Synaptics)
TomTom HOME (HKLM\...\{9017CEAF-BE5A-4F73-8A0E-C87E26971E55}) (Version: 2.9.2 - Ihr Firmenname)
TomTom HOME Visual Studio Merge Modules (HKLM\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
TrayApp (Version: 110.0.180.000 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-0013-0000-0000-0000000FF1CE}_BASICR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{91120000-0013-0000-0000-0000000FF1CE}_BASICR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{91120000-0013-0000-0000-0000000FF1CE}_BASICR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{91120000-0013-0000-0000-0000000FF1CE}_BASICR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM\...\{90120000-001A-0407-0000-0000000FF1CE}_BASICR_{EA54F104-79D2-48CC-9ABC-91A63C43D353}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM\...\{91120000-0013-0000-0000-0000000FF1CE}_BASICR_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2880505) 32-Bit Edition (HKLM\...\{91120000-0013-0000-0000-0000000FF1CE}_BASICR_{2720451F-5D04-43EC-AB1F-26D948FD971B}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_BASICR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM\...\{90120000-001A-0407-0000-0000000FF1CE}_BASICR_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_BASICR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
VideoToolkit01 (Version: 90.0.146.000 - Hewlett-Packard) Hidden
Windows Live Communications Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Essentials (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mail (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX control for remote connections (HKLM\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Messenger Companion Core (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
WinRAR 4.00 (32-Bit) (HKLM\...\WinRAR archiver) (Version: 4.00.0 - win.rar GmbH)
==================== Restore Points =========================
==================== Hosts content: ==========================
2006-11-02 12:23 - 2006-09-18 23:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost
==================== Scheduled Tasks (whitelisted) =============
Task: {12A18A08-CD69-43C1-9C90-26445111CB65} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {16EE96FF-EEFB-4722-8D9D-C82957CA03D1} - System32\Tasks\FF Watcher {94748EF8-EB34-417D-BE4E-6D92D9D1E18E} => C:\Program Files\V-bates\PrefHelper.exe
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {29DB40C4-DF1C-4BB9-9BA3-A8B2E1C3EA0A} - System32\Tasks\Microsoft\Windows\RestartManager\{DAE54BFC-0BDF-4e52-A9E8-0AF1BE3BE28F} => C:\Windows\system32\rmclient.exe [2006-11-02] (Microsoft Corporation)
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-19] (Microsoft Corporation)
Task: {4C29AA75-F4A7-47FE-9DE5-2D5FD5AD4AA3} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files\Ask.com\UpdateTask.exe [2012-10-29] () <==== ATTENTION
Task: {6635AD3B-DA42-4324-87BB-D58F45C726A5} - System32\Tasks\Hewlett-Packard-Online-Aktualisierungsprogramm => C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2006-12-04] (Hewlett-Packard)
Task: {8F6EBC33-B779-4643-8448-1C4CDE96A393} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {A4918493-EF5D-42BE-81E9-DCC0D9D68A93} - System32\Tasks\APSnotifierPP3 => C:\Program Files\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {A7D784AB-EAEC-467D-BEE0-1D69AD76A2EA} - System32\Tasks\Lexware-Online-Aktualisierungsprogramm => C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe [2008-11-03] (Lexware GmbH & Co. KG)
Task: {D1CD1915-CD34-41DA-B98F-F20D2FB57E79} - System32\Tasks\HP-Online-Aktualisierungsprogramm => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [2011-01-12] (Hewlett-Packard)
Task: {D3ABB18C-61D6-41C8-92BF-AD9976C5618F} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Sonja => C:\Program Files\Windows Calendar\WinCal.exe [2009-04-11] (Microsoft Corporation)
Task: {DA8DC243-8B51-4CE0-9E6D-8D3E204CFAE6} - System32\Tasks\APSnotifierPP2 => C:\Program Files\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-05] ()
Task: {EC3FB6EA-5415-48D9-9B85-DEDAB010ED24} - System32\Tasks\HP Health Check => C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2006-12-04] (Hewlett-Packard)
Task: {F4065F46-CCC2-419E-BF3C-D106F608F04A} - System32\Tasks\APSnotifierPP1 => C:\Program Files\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {F5AB1F0D-9A42-4872-BF87-A1FD9FF6E40D} - System32\Tasks\Sun Microsystems-Online-Aktualisierungsprogramm => C:\Program Files\Java\jre6\bin\jusched.exe [2009-09-26] (Sun Microsystems, Inc.)
Task: {FFCF8DCF-6CF0-41BE-9BFB-7C3759BF6162} - System32\Tasks\InstallShield Software-Online-Aktualisierungsprogramm => C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
Task: C:\Windows\Tasks\APSnotifierPP1.job => C:\Program Files\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP2.job => C:\Program Files\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP3.job => C:\Program Files\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\FF Watcher {94748EF8-EB34-417D-BE4E-6D92D9D1E18E}.job => C:\Program Files\V-bates\PrefHelper.exe
==================== Loaded Modules (whitelisted) =============
2010-04-05 13:27 - 2005-01-06 18:33 - 00116224 _____ () C:\Windows\System32\redmonnt.dll
2011-06-16 05:11 - 2011-06-16 05:11 - 00024064 _____ () C:\Windows\System32\ssn2mlm.dll
2011-06-16 05:10 - 2013-10-22 06:12 - 00889344 _____ () C:\Windows\system32\spool\DRIVERS\W32X86\3\ssn2mdu.dll
2007-01-19 05:44 - 2006-11-25 01:34 - 00270431 _____ () C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
2007-01-19 05:44 - 2006-11-25 01:34 - 00233573 _____ () C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapEngine.dll
2007-01-19 05:44 - 2006-11-25 01:34 - 00032768 _____ () C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvcps.dll
2012-12-21 12:00 - 2012-12-21 12:00 - 00031744 ____C () C:\Program Files\SoftwareUpdater\UpdaterService.exe
2014-05-01 10:17 - 2014-05-01 10:17 - 00541696 ____C () C:\Program Files\003\vxlsnyaiet32.exe
2007-01-19 05:44 - 2006-11-25 01:34 - 00118877 _____ () C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
2007-01-19 05:44 - 2006-11-25 01:34 - 00114783 _____ () C:\Program Files\HP\QuickPlay\Kernel\TV\CLSchMgr.dll
2007-01-19 05:44 - 2006-11-25 01:34 - 00339968 _____ () C:\Program Files\HP\QuickPlay\Kernel\TV\CLTinyDB.dll
2013-01-02 11:06 - 2013-01-02 11:06 - 00099840 ____C () C:\Program Files\SoftwareUpdater\AppsUpdater.exe
2012-12-11 17:05 - 2012-12-11 17:05 - 00091648 ____C () C:\Program Files\SoftwareUpdater\KeyGen.dll
2008-10-15 01:03 - 2008-10-15 01:03 - 03076096 ____C () c:\program files\adobe\reader 8.0\reader\rdlang32.deu
2007-05-11 02:54 - 2007-05-11 02:54 - 00036864 _____ () C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\Spelling.DEU
2007-05-11 02:53 - 2007-05-11 02:53 - 00974848 _____ () C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\PPKLite.DEU
2007-05-11 02:50 - 2007-05-11 02:50 - 00077824 _____ () C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\Accessibility.DEU
2007-05-11 02:50 - 2007-05-11 02:50 - 00811008 _____ () C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\AcroForm.DEU
2007-05-11 02:51 - 2007-05-11 02:51 - 01224704 _____ () C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\Annots.DEU
2007-05-11 02:51 - 2007-05-11 02:51 - 00192512 _____ () C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\Checkers.DEU
2007-05-11 02:51 - 2007-05-11 02:51 - 00221184 _____ () C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\DigSig.DEU
2006-10-23 01:30 - 2006-10-23 01:30 - 00028672 _____ () C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\eBook.DEU
2008-01-11 21:49 - 2008-01-11 21:49 - 00098304 _____ () C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\EScript.DEU
2007-05-11 02:52 - 2007-05-11 02:52 - 00006656 _____ () C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\EWH32.DEU
2006-10-23 01:31 - 2006-10-23 01:31 - 00013312 _____ () C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\HLS.DEU
2007-05-11 02:52 - 2007-05-11 02:52 - 00086016 _____ () C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\MakeAccessible.DEU
2007-05-11 02:52 - 2007-05-11 02:52 - 00159744 _____ () C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\Multimedia.DEU
2006-10-23 01:32 - 2006-10-23 01:32 - 00011264 _____ () C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\PDDom.DEU
2007-05-11 02:53 - 2007-05-11 02:53 - 00013312 _____ () C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\ReadOutLoud.DEU
2006-10-23 01:33 - 2006-10-23 01:33 - 00008192 _____ () C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\reflow.DEU
2007-05-11 02:53 - 2007-05-11 02:53 - 00028672 _____ () C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\SaveAsRTF.DEU
2007-05-11 02:54 - 2007-05-11 02:54 - 00053248 _____ () C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\Search.DEU
2006-10-23 01:33 - 2006-10-23 01:33 - 00012288 _____ () C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\Search5.DEU
2007-05-11 02:54 - 2007-05-11 02:54 - 00026112 _____ () C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\SendMail.DEU
2006-10-23 01:34 - 2006-10-23 01:34 - 00005120 _____ () C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\Updater.DEU
2007-05-11 02:55 - 2007-05-11 02:55 - 00053248 _____ () C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\weblink.DEU
2007-01-13 03:01 - 2007-01-13 03:01 - 00397312 ___RC () C:\Program Files\Adobe\Reader 8.0\Reader\cryptocme2.dll
2007-01-13 03:01 - 2007-01-13 03:01 - 00475136 ___RC () C:\Program Files\Adobe\Reader 8.0\Reader\ccme_base.dll
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\Users\Sonja:zylomtest
AlternateDataStreams: C:\Users\Sonja:zylomtr{00013KEU-UKQE-K6V0-9MH3-29NVUQ9IEVVB}
AlternateDataStreams: C:\Users\Sonja:zylomtr{000HQ7FF-AD7A-3FG4-OK39-27NOI1CL8VVO}
AlternateDataStreams: C:\ProgramData\TEMP:0BBF232A
AlternateDataStreams: C:\ProgramData\TEMP:1392F09D
AlternateDataStreams: C:\ProgramData\TEMP:1ECED34B
AlternateDataStreams: C:\ProgramData\TEMP:23834E1E
AlternateDataStreams: C:\ProgramData\TEMP:24C072FF
AlternateDataStreams: C:\ProgramData\TEMP:29629382
AlternateDataStreams: C:\ProgramData\TEMP:29F0CA7D
AlternateDataStreams: C:\ProgramData\TEMP:2AE74FF9
AlternateDataStreams: C:\ProgramData\TEMP:2E3F04BC
AlternateDataStreams: C:\ProgramData\TEMP:3086B95F
AlternateDataStreams: C:\ProgramData\TEMP:32A82570
AlternateDataStreams: C:\ProgramData\TEMP:370E4EFB
AlternateDataStreams: C:\ProgramData\TEMP:397D67BA
AlternateDataStreams: C:\ProgramData\TEMP:3A7527E8
AlternateDataStreams: C:\ProgramData\TEMP:4A448DB2
AlternateDataStreams: C:\ProgramData\TEMP:4A906D4A
AlternateDataStreams: C:\ProgramData\TEMP:4DCAC4BC
AlternateDataStreams: C:\ProgramData\TEMP:4DDE401B
AlternateDataStreams: C:\ProgramData\TEMP:50092C64
AlternateDataStreams: C:\ProgramData\TEMP:5080697C
AlternateDataStreams: C:\ProgramData\TEMP:512E1728
AlternateDataStreams: C:\ProgramData\TEMP:535F54F3
AlternateDataStreams: C:\ProgramData\TEMP:572631AC
AlternateDataStreams: C:\ProgramData\TEMP:5FFC2819
AlternateDataStreams: C:\ProgramData\TEMP:627153F1
AlternateDataStreams: C:\ProgramData\TEMP:697DDE2B
AlternateDataStreams: C:\ProgramData\TEMP:6A4353C3
AlternateDataStreams: C:\ProgramData\TEMP:6F0B6A5A
AlternateDataStreams: C:\ProgramData\TEMP:71612023
AlternateDataStreams: C:\ProgramData\TEMP:74165027
AlternateDataStreams: C:\ProgramData\TEMP:7ADB695A
AlternateDataStreams: C:\ProgramData\TEMP:80F63EC3
AlternateDataStreams: C:\ProgramData\TEMP:848CC150
AlternateDataStreams: C:\ProgramData\TEMP:870649A4
AlternateDataStreams: C:\ProgramData\TEMP:8B4B9596
AlternateDataStreams: C:\ProgramData\TEMP:8E5EA40F
AlternateDataStreams: C:\ProgramData\TEMP:95198126
AlternateDataStreams: C:\ProgramData\TEMP:A02025CE
AlternateDataStreams: C:\ProgramData\TEMP:AECF4772
AlternateDataStreams: C:\ProgramData\TEMP:AED33A42
AlternateDataStreams: C:\ProgramData\TEMP:B0456F0C
AlternateDataStreams: C:\ProgramData\TEMP:B1786630
AlternateDataStreams: C:\ProgramData\TEMP:B5CC7C28
AlternateDataStreams: C:\ProgramData\TEMP:C0893153
AlternateDataStreams: C:\ProgramData\TEMP:C48A983C
AlternateDataStreams: C:\ProgramData\TEMP:CB0AACC9
AlternateDataStreams: C:\ProgramData\TEMP:CC4C59B4
AlternateDataStreams: C:\ProgramData\TEMP:CF61CE5A
AlternateDataStreams: C:\ProgramData\TEMP:D3A89E47
AlternateDataStreams: C:\ProgramData\TEMP:DAE3E5CC
AlternateDataStreams: C:\ProgramData\TEMP:DC0B1070
AlternateDataStreams: C:\ProgramData\TEMP:DE875C30
AlternateDataStreams: C:\ProgramData\TEMP:DE9AC04F
AlternateDataStreams: C:\ProgramData\TEMP:E2CFA9CD
AlternateDataStreams: C:\ProgramData\TEMP:E411AA0D
AlternateDataStreams: C:\ProgramData\TEMP:E7B4296D
AlternateDataStreams: C:\ProgramData\TEMP:EA10407C
AlternateDataStreams: C:\ProgramData\TEMP:ED2998F5
AlternateDataStreams: C:\ProgramData\TEMP:EE39C93C
AlternateDataStreams: C:\ProgramData\TEMP:F792B89F
AlternateDataStreams: C:\ProgramData\TEMP:F8F070C2
AlternateDataStreams: C:\ProgramData\TEMP:FAB64002
==================== Safe Mode (whitelisted) ===================
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
==================== EXE Association (whitelisted) =============
==================== Disabled items from MSCONFIG ==============
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: avupdate => C:\Users\Sonja\AppData\Roaming\jashla.exe
MSCONFIG\startupreg: FreePDF Assistant => C:\Program Files\FreePDF_XP\fpassist.exe
MSCONFIG\startupreg: ISUSPM Startup => C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
MSCONFIG\startupreg: SynTPEnh => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
MSCONFIG\startupreg: SynTPStart => C:\Program Files\Synaptics\SynTP\SynTPStart.exe
MSCONFIG\startupreg: TomTomHOME.exe => "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
==================== Faulty Device Manager Devices =============
Name: 6TO4 Adapter
Description: Microsoft-6zu4-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Name: Microsoft-ISATAP-Adapter #2
Description: Microsoft-ISATAP-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Name: isatap.{54590120-21CF-4893-975C-812906F9A42D}
Description: Microsoft-ISATAP-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Name: isatap.{8767ED90-5E37-4200-B983-85F309D00935}
Description: Microsoft-ISATAP-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (06/05/2014 08:14:22 PM) (Source: VSS) (EventID: 12292) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Erstellen der Schattenkopieanbieter-COM-Klasse mit CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x80070422] ist ein Fehler aufgetreten.
Vorgang:
Für diesen Anbieter eine aufrufbare Schnittstelle abrufen
Schnittstellen für alle Anbieter auflisten, die diesen Kontext unterstützen
Schattenkopien abfragen
Kontext:
Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
Klassen-ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}
Snapshotkontext: 13
Snapshotkontext: 13
Ausführungskontext: Coordinator
Error: (06/05/2014 08:14:22 PM) (Source: VSS) (EventID: 40) (User: )
Description: Volumeschattenkopie-Dienst-Fehler: Der Dienst "Microsoft-Softwareschattenkopie-Anbieter"
(SWPRV) ist deaktiviert. Aktivieren Sie den Dienst, und wiederholen Sie den Vorgang.
Vorgang:
Für diesen Anbieter eine aufrufbare Schnittstelle abrufen
Schnittstellen für alle Anbieter auflisten, die diesen Kontext unterstützen
Schattenkopien abfragen
Kontext:
Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
Klassen-ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}
Snapshotkontext: 13
Snapshotkontext: 13
Ausführungskontext: Coordinator
Error: (06/05/2014 07:54:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung IEXPLORE.EXE, Version 9.0.8112.16545, Zeitstempel 0x531a4f73, fehlerhaftes Modul urlmon.dll, Version 9.0.8112.16545, Zeitstempel 0x531a5031, Ausnahmecode 0xc0000005, Fehleroffset 0x00029dba,
Prozess-ID 0xe54, Anwendungsstartzeit IEXPLORE.EXE0.
Error: (06/05/2014 02:45:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung iexplore.exe, Version 9.0.8112.16545, Zeitstempel 0x531a4f73, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000, Ausnahmecode 0xc0000005, Fehleroffset 0x00775467,
Prozess-ID 0x28ac, Anwendungsstartzeit iexplore.exe0.
Error: (06/02/2014 03:35:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung LxUpdateManager.exe, Version 2.61.0.12, Zeitstempel 0x490efad6, fehlerhaftes Modul KERNEL32.dll, Version 6.0.6002.19034, Zeitstempel 0x52f2ec86, Ausnahmecode 0xe0434f4d, Fehleroffset 0x0003fd1e,
Prozess-ID 0x%9, Anwendungsstartzeit LxUpdateManager.exe0.
Error: (05/30/2014 08:54:03 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung iexplore.exe, Version 9.0.8112.16545, Zeitstempel 0x531a4f73, fehlerhaftes Modul ntdll.dll, Version 6.0.6002.18881, Zeitstempel 0x51da3e27, Ausnahmecode 0xc0000005, Fehleroffset 0x0003dd6d,
Prozess-ID 0x1324, Anwendungsstartzeit iexplore.exe0.
Error: (05/26/2014 03:47:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung LxUpdateManager.exe, Version 2.61.0.12, Zeitstempel 0x490efad6, fehlerhaftes Modul KERNEL32.dll, Version 6.0.6002.19034, Zeitstempel 0x52f2ec86, Ausnahmecode 0xe0434f4d, Fehleroffset 0x0003fd1e,
Prozess-ID 0x%9, Anwendungsstartzeit LxUpdateManager.exe0.
Error: (05/23/2014 00:46:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung iexplore.exe, Version 9.0.8112.16545, Zeitstempel 0x531a4f73, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000, Ausnahmecode 0xc0000005, Fehleroffset 0x008a95f6,
Prozess-ID 0x238, Anwendungsstartzeit iexplore.exe0.
Error: (05/16/2014 07:38:52 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts auf dem Volume (Prozess = C:\Windows\servicing\TrustedInstaller.exe; Beschreibung = Windows-Modulinstallation; Hr = 0x8004230f).
Error: (05/16/2014 07:38:52 AM) (Source: VSS) (EventID: 12292) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Erstellen der Schattenkopieanbieter-COM-Klasse mit CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x80070422] ist ein Fehler aufgetreten.
Vorgang:
Für diesen Anbieter eine aufrufbare Schnittstelle abrufen
Schnittstellen für alle Anbieter auflisten, die diesen Kontext unterstützen
Schattenkopien löschen
Kontext:
Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
Klassen-ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}
Snapshotkontext: 0
Snapshotkontext: 0
Ausführungskontext: Coordinator
System errors:
=============
Error: (06/05/2014 08:03:11 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Windows Media Player-NetzwerkfreigabedienstUPnP-Gerätehost%%1058
Error: (06/05/2014 08:02:50 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: HP CUE DeviceDiscovery Service%%2147500037
Error: (06/05/2014 08:02:49 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: kl1
Error: (06/05/2014 08:02:49 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Diagnosediensthost
Error: (06/05/2014 08:02:47 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: HP CUE DeviceDiscovery Service
Error: (06/05/2014 08:02:09 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Windows-BilderfassungShellhardwareerkennung%%1058
Error: (06/05/2014 08:02:09 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: My Web Search Service%%3
Error: (06/01/2014 07:09:53 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Windows Media Player-NetzwerkfreigabedienstUPnP-Gerätehost%%1058
Error: (06/01/2014 07:09:44 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: HP CUE DeviceDiscovery Service%%2147500037
Error: (06/01/2014 07:09:43 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: kl1
Microsoft Office Sessions:
=========================
==================== Memory info ===========================
Percentage of memory in use: 53%
Total physical RAM: 1981.87 MB
Available physical RAM: 912.92 MB
Total Pagefile: 4209.02 MB
Available Pagefile: 2912.62 MB
Total Virtual: 2047.88 MB
Available Virtual: 1905.48 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:106.56 GB) (Free:32.29 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (HP_RECOVERY) (Fixed) (Total:5.23 GB) (Free:1.18 GB) NTFS ==>[System with boot components (obtained from reading drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 112 GB) (Disk ID: EBD671CE)
Partition 1: (Active) - (Size=107 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=5 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 20:10 on 05/06/2014 (Sonja)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-06-05 20:40:47
Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\00000066 ST912082 rev.7.24 111,79GB
Running: Gmer-19357.exe; Driver: C:\Users\Sonja\AppData\Local\Temp\ugloypow.sys
---- System - GMER 2.1 ----
SSDT 89E5E6E6 ZwCreateSection
SSDT 89E5E6F0 ZwRequestWaitReplyPort
SSDT 89E5E6EB ZwSetContextThread
SSDT 89E5E6F5 ZwSetSecurityObject
SSDT 89E5E6FA ZwSystemDebugControl
SSDT 89E5E687 ZwTerminateProcess
---- Kernel code sections - GMER 2.1 ----
.text ntkrnlpa.exe!KeSetEvent + 215 824ED860 4 Bytes [E6, E6, E5, 89] {OUT 0xe6, AL; IN EAX, 0x89}
.text ntkrnlpa.exe!KeSetEvent + 539 824EDB84 4 Bytes [F0, E6, E5, 89]
.text ntkrnlpa.exe!KeSetEvent + 56D 824EDBB8 4 Bytes [EB, E6, E5, 89] {JMP 0xffffffe8; IN EAX, 0x89}
.text ntkrnlpa.exe!KeSetEvent + 5D1 824EDC1C 4 Bytes [F5, E6, E5, 89]
.text ntkrnlpa.exe!KeSetEvent + 619 824EDC64 4 Bytes [FA, E6, E5, 89]
.text ...
.text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x8BE0E340, 0x3ED9C7, 0xE8000020]
---- User code sections - GMER 2.1 ----
.text C:\Program Files\Internet Explorer\iexplore.exe[1336] kernel32.dll!CreateThread 777ECBEE 5 Bytes JMP 688475DB C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[1336] USER32.dll!EnableWindow 765CCD8B 5 Bytes JMP 68889ED4 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[1336] USER32.dll!DefWindowProcA 765CDB88 7 Bytes JMP 68849805 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[1336] USER32.dll!CreateWindowExA 765CDC2A 5 Bytes JMP 68853627 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[1336] USER32.dll!CreateWindowExW 765D1305 5 Bytes JMP 688B040F C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[1336] USER32.dll!DefWindowProcW 765E03B4 7 Bytes JMP 688A8082 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[1336] USER32.dll!DialogBoxParamW 765F10B0 5 Bytes JMP 687E18B3 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[1336] USER32.dll!DialogBoxIndirectParamW 765F2EF5 5 Bytes JMP 689D91B6 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[1336] USER32.dll!DialogBoxParamA 76608152 5 Bytes JMP 689D9151 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[1336] USER32.dll!DialogBoxIndirectParamA 7660847D 5 Bytes JMP 689D921B C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[1336] USER32.dll!MessageBoxIndirectA 7661D4D9 5 Bytes JMP 689D90D8 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[1336] USER32.dll!MessageBoxIndirectW 7661D5D3 5 Bytes JMP 689D905F C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[1336] USER32.dll!MessageBoxExA 7661D639 5 Bytes JMP 689D8FFB C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[1336] USER32.dll!MessageBoxExW 7661D65D 5 Bytes JMP 689D8F97 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[1336] ole32.dll!OleLoadFromStream 77921E80 5 Bytes JMP 689D99A8 C:\Windows\system32\IEFRAME.dll
---- Devices - GMER 2.1 ----
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys
AttachedDevice \Driver\tdx \Device\Tcp {9edd0ea8-2819-47c2-8320-b007d5996f8a}t.sys
AttachedDevice \Driver\tdx \Device\Udp {9edd0ea8-2819-47c2-8320-b007d5996f8a}t.sys
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ----
|
Baum-Darstellung